
FOIA the PRISM tech stack - merinid
http://www.nsa.gov/public_info/foia/submit_foia_request/foia_request_form.shtml
======
JoachimSchipper
For all you PGP fanatics, consider (from [http://33bits.org/2011/03/09/link-
prediction-by-de-anonymiza...](http://33bits.org/2011/03/09/link-prediction-
by-de-anonymization-how-we-won-the-kaggle-social-network-challenge/), a blog
which I highly recommend) the sentence "During (...) 2007-2009, Shmatikov and
I (...) showed how to take two graphs representing social networks and map the
nodes to each other based on the graph structure alone—no usernames, no
nothing."

 _Tinfoil won 't save you this time._

------
merinid
Ooooh -
[http://www.pdl.cmu.edu/SDI/2013/slides/big_graph_nsa_rd_2013...](http://www.pdl.cmu.edu/SDI/2013/slides/big_graph_nsa_rd_2013_56002v1.pdf)

~~~
timClicks
I find this especially interesting coupled with Cray's YarcData graph
analytics hardware called Urika, which has 512 terabytes in memory.
<http://www.yarcdata.com/Products/>

------
8ig8
I'm not sure what this is all about, but even though it is _my_ government, I
feel like submitting this form would add me to some monitoring list.

~~~
ianstormtaylor
So, sadly true. I was sending a friend an email today about this entire thing
and for the first time ever I questioned whether my email would be
eavesdropped on by my own government. It was a horrible feeling.

~~~
8ig8
Exactly. This loss of trust and credibility is a big deal. Once it's lost, I'm
not sure what the government does to get it back.

------
merinid
Good chances they are using <http://en.wikipedia.org/wiki/Apache_Accumulo>

~~~
JoachimSchipper
Do you have any specific reason to believe that?

------
DigitalSea
Nice try, NSA. You're not getting any more of my information.

------
Sami_Lehtinen
No SSL/TLS, great job. Well, I assume AES crypto wouldn't bother them anyway.
;) Because it wouldn't be smart to make standard crypto which would blind
them.

~~~
damianball
If I remember correctly, Verisign has indicated they would be willing to
create a trusted root level certificate for the government to spoof the ssl of
any domain... so I don't know if SSL is enough, unless you only allow CAs
you've created or you trust.

------
adkatrit
Why would they have a form to ask for records on yourself when they don't
publish which records they have. This is like a game of Go Fish but with
personal data.

------
csears
I just submitted the form and got the following error. Might be time to
upgrade that ColdFusion formmail script, guys.

[http://www.nsa.gov/applications/forms/foiaemail.cfm](http://www.nsa.gov/applications/forms/foiaemail.cfm)

Internal Server Error - Read

The server encountered an internal error or misconfiguration and was unable to
complete your request. Reference #3.a447da3f.1370606557.3a7abfb

~~~
csears
Also, they appear to be redirecting all HTTPS requests to HTTP. Try it:
[https://www.nsa.gov/public_info/foia/submit_foia_request/foi...](https://www.nsa.gov/public_info/foia/submit_foia_request/foia_request_form.shtml)

Configuration mistake or force of habit?

------
downandout
Unfortunately, despite the disturbing fact that we are reading about PRISM
(disturbing both that it exists and that our government can't keep highly
sensitive secrets), it is classified Top Secret until September 1, 2036. I
could be wrong but I believe that FOIA requests regarding it will fail until
then.

~~~
dlitz
> disturbing both that it exists and that our government can't keep highly
> sensitive secrets

Why could it be disturbing that a government's officials can't keep secrets
about cases where they abuse their power or act against the public interest?
Isn't that how democratic institutions are _supposed_ to be designed?

~~~
downandout
It's disturbing because if things as sensitive as this are leaking, it means
other things will leak that could cost lives.

~~~
dlitz
You're assuming that all sensitive information has the same probability of
leaking. Anecdotally, that's not really true. Most of these systems depend on
honest citizens to keep the information secret, and honest citizens are more
likely to leak "secret" evidence of abuse than information that will cost
innocent people their lives.

------
monkmartinez
<http://www.youtube.com/watch?v=TuET0kpHoyM>

