

Technical Implications of the NSA's Prism Program - mayank
http://lahiri.me/writing/technicalities-of-prism/index.html

======
AJ007
Watch this video from the Washington Post reporter who broke the story:
[http://www.washingtonpost.com/investigations/us-
intelligence...](http://www.washingtonpost.com/investigations/us-intelligence-
mining-data-from-nine-us-internet-companies-in-broad-secret-
program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html)

a) "We did hold back quite a bit from this story." "There are some things that
we looked at on our own, and said we're not going to publish that, and there
are other things we talked to the government about." What does that mean? We
saw three slides of a very limited nature.

b) "This source believes that exposure was inevitable and is prepared to face
that consequence." "He thinks what the NSA is doing exceeds all reasonable
boundaries of privacy or necessity." This wasn't over mundane FISA court
ordered data releases.

c) In response to the question, "Why do these companies authorize this?"
Response: "There is a pretty complicated set of incentives and compulsions.
The law does provide that they can give access and a secret surveillance court
can make them give access, but in a situation that you have a clandestine
program and a very rich and powerful component ... They don't want to litigate
this with Facebook, they don't want a chance of it leaking ... Facebook also
being a highly regulated industry, having all kinds of issues with privacy and
whatever else doesn't want to antagonize the government, so they negotiate it.
Now Apple took .. 5 years .. I don't know what happened, but Microsoft joined
in 2007 and Apple didn't do it until the end of 2012."

So, the author, who saw all of the slides and talked to the source says that
they they left great amounts out of the story, but absolutely confirms & goes
in to detail that the companies were complicit with the NSA and that it went
beyond what the legally mandated options.

If the denials issued by Facebook, Google, and their respective executives are
not an outright lies, and this story is not a hoax (I am assuming it is real
since Obama had an opportunity to deny its existence) then there is a
compromise in the traffic streams entering and exiting these services
provider's platforms, very possibly like the infamous AT&T Room 641A.

This may be more disturbing than we initially believed.

~~~
jcrites
I'm imagining something like this:

Imagine if the NSA has a copy of these companies' (Google and Facebook's)
traffic, and has perhaps subpoena'd the TLS keys. Having the TLS keys is still
not having "direct access" to their network, since the NSA at no point
accesses internals of their network. But the NSA gets all the data and
decrypts it.

Next, NSA engineers spend time reverse-engineering the company's protocols. Or
maybe the companies hand over the specs. Anyway, the NSA can now recognize a
request to Facebook representing posting a message; or it can recognize in
Google's traffic someone reading or sending an email. It can tell when a file
is stored into iDrive.

It saves copies of all of this - the date and time of the request to Facebook,
the message, etc.; for Google, the entire copy of the email, or search query.

NSA stores all of this data into a searchable, queryable database, that is
capable of looking up a person's activity in those systems. And retrieve the
same Facebook message, Google meail, or iDrive file that the user had sent.

This is a version of events that seems to fit the data I've seen.

In another thread, someone suggested that PRISM records information without
"tapping" the companies lines. Perhaps that is true, and the tapping happens
at the Internet backbone level, without awareness by these companies (beyond
giving up their TLS keys).

I think the question we need to ask Google, et al., is: did you divulge your
SSL/TLS keys to any government, agent of the government, or any other entity?

~~~
AJ007
This sounds about right in the context of William Binney interviews given last
year. I would really like to hear opinions on this from people who know a
whole lot more about SSL and certificate issuance than I do. I think given a
little more time the blanket denials will sink in and people will start to
figure out what the very ugly alternatives are.

------
kalmi10
"All they would need for unfettered access to user data is the SSL/TLS private
key file used to encrypt traffic."

False, one can't passively mitm SSL when perfect-forward-secrecy is used. I
just checked, and google seems to be using it.

[http://www.quora.com/SSL-Secure-Sockets-Layer/Is-it-ever-
pos...](http://www.quora.com/SSL-Secure-Sockets-Layer/Is-it-ever-possible-to-
decrypt-passively-sniffed-SSL-TLS-traffic/answer/Ian-Gallagher-2)

~~~
reedlaw
What if it's the trusted Root CAs who are giving state agencies copies of
their signing keys thus allowing them to sign valid certificates to
impersonate anyone?

~~~
marshray
That would likely work for targeted attacks against browsers other than Chrome
(and maybe recent FF, I'm not sure) but not for large scale dragnet attacks.

~~~
reedlaw
Why wouldn't it affect Chrome if the Root CA is trusted by Chrome? According
to [http://www.chromium.org/Home/chromium-security/root-ca-
polic...](http://www.chromium.org/Home/chromium-security/root-ca-policy) they
use the underlying OS list except in the case of Linux in which they use
Mozilla's list.

~~~
jmesserly
Chrome has certificate pinning, see [http://blog.chromium.org/2011/06/new-
chromium-security-featu...](http://blog.chromium.org/2011/06/new-chromium-
security-features-june.html):

"In addition in Chromium 13, only a very small subset of CAs have the
authority to vouch for Gmail (and the Google Accounts login page). This can
protect against recent incidents where a CA has its authority abused, and
generally protects against the proliferation of signing authority."

(disclaimer: I work for Chrome but not on these features.)

------
fiatmoney
The leaked slide with inter-continental bandwidths has to be off by many
orders of magnitude, if it's intended to be total bandwidth (this is the first
infographic I found[1]; interestingly it's graphically the same as the one on
the leaked slide).

Instead could it be describing intercepted bandwidth, leeching off of those
pipes?

[http://2.bp.blogspot.com/_F8MQ-8DbBQc/R7gSdBOntyI/AAAAAAAAAS...](http://2.bp.blogspot.com/_F8MQ-8DbBQc/R7gSdBOntyI/AAAAAAAAASU/sAjQi4HuqkU/s1600/bandwidth1.jpg)

~~~
marshray
I think it's just a lame barely-relevant graphic.

------
akiselev
It's interesting to think about where the NSA will be going with this
technologically too. If they're moving towards processing of not only internet
data passing through US shores but data from drones, video cameras,
microphones, and other sensors world wide, they would need a hell of a lot of
processing power to deal with that data. The data center in Utah would be the
tip of the iceberg.

As a nod to fiction like Eureka and the revelations like Los Alamos testing
quantum communication for years [1], it's interesting to think what else the
NSA is working on for (inter)national surveillance.

[1] [http://arxiv.org/abs/1305.0305](http://arxiv.org/abs/1305.0305)

------
nullc
Various well informed parties
([https://twitter.com/ioerror/status/66237140035579904](https://twitter.com/ioerror/status/66237140035579904))
have been advocating DHE ciphersuites for some time... but they aren't widely
used. (Though Google is— now— a major counterexample)

------
gee_totes
If one were looking to build a PRISM at home (I'm specifically looking at the
community detection part of it), would iGraph be a good place to start?

[http://igraph.wikidot.com/community-detection-in-
python](http://igraph.wikidot.com/community-detection-in-python)

------
temphn
Rather than parsing the meaning of the term "direct access", this is what
makes the most sense to me: that the NSA did this to Silicon Valley companies
without their knowledge or consent by wiretapping the backbone in bulk via
abuse of private keys for SSL certificates.

I think the backlash is going to be greater than the USG anticipates. One
thing that engineers can do is to simply refuse to work for the US government,
or leave if they already work there. Deprive them of talent. Stop them from
recruiting on college campuses.

There's a precedent: the campus campaigns against Don't Ask, Don't Tell. The
NSA of course has its own very unique interpretation of "Don't Ask (for
permission), Don't Tell (what you're recording)". But it's probably just as
worthy of censure.

~~~
cpleppert
The presentation made it seem as if each company was not participating
passively. Specifically the stored intelligence "varies by provider" and there
are "special requests available." Interestingly, there is no mechanism
described which captures all content of a certain type i.e. email; it seems to
be apparent that only content from the providers is available. Surely, if you
can intercept email from google without their help you can grab ALL email
traffic as well.

The slides also show that providers join over time. If they were just
intercepting you would expect all email providers to join at once; that
doesn't appear to be the case.

There are also stuff like "online social networking detail" and "login
notifications" which make it seem like facebook has given access to their
systems.

~~~
mpyne
Honestly it could be as simple as a "Law Enforcement API", that's configured
with a company-run interface to NSA.

The NSA analyst gets intel on such-and-such an account ID/phone
number/email/etc., uses PRISM to send a request (probably something stupid
like SOAP, it's the govt after all).

The company computer verifies a valid warrant ID, valid request type, "hoovers
up" the data requested and spits it back to NSA.

Technically not direct access. Certainly not a direct wiretap into the entire
company database. But NSA is able to get the "special source data" they need
for correlation on their end (possibly using tools as provided by Palantir).

They figure out whatever network of conspirators they're researching, develop
"actionable intel", good guys win (note: depends on your interpretation of
good guys, obviously :P).

Zuck and Page are still right in this scenario. I just wish someone would
speak up about what the hell is actually going on!

~~~
cpleppert
I think that you are broadly right. The government can already get access to
Google, facebook etc so PRISM could be just a friendlier user interface around
the whole process. So instead of: 1)investigate 2) get warrant 3) send warrant
to companies with data request 4)companies send data back 5) repeat 3-4 until
investigation complete

PRISM allows an analyst to load up a warrant and start exploring data
immediately without having to wait for the company to verify it and then do a
ETL operation back to the NSA.

------
kevinburke
Google sends data between its data centers over HTTP, not HTTPS. This means if
the NSA can intercept their traffic anywhere, they could read all of it

~~~
gcr
Source? I imagine they're probably using a VPN or something.

