

Breakdown of the NSA spying on French leaders - zmanian
http://electrospaces.blogspot.com/2015/06/wikileaks-publishes-some-of-most-secret.html#methods

======
GabrielF00
Most of what we saw in the Snowden leaks was about methodology. We saw very
little about what the NSA actually produces. Here we're actually seeing
examples of what the NSA provides to policymakers. It's a useful perspective.

~~~
bitmapbrother
These are also from the Snowden leaks and they detail far more than just
methodology, but rather examples of the actual information they're collecting
- courtesy of Microsoft.

July 31, 2012

Microsoft (MS) began encrypting web-based chat with the introduction of the
new outlook.com service. This new Secure Socket Layer (SSL) encryption
effectively cut off collection of the new service for FAA 702 and likely 12333
(to some degree) for the Intelligence Community (IC). MS, working with the
FBI, developed a surveillance capability to deal with the new SSL. These
solutions were successfully tested and went live 12 Dec 2012. The SSL solution
was applied to all current FISA and 702/PRISM requirements - no changes to UTT
tasking procedures were required. The SSL solution does not collect server-
based voice/video or file transfers. The MS legacy collection system will
remain in place to collect voice/video and file transfers. As a result there
will be some duplicate collection of text-based chat from the new and legacy
systems which will be addressed at a later date. An increase in collection
volume as a result of this solution has already been noted by CES.

March 15, 2013

SSO's PRISM program began tasking all Microsoft PRISM selectors to Skype
because Skype allows users to log in using account identifiers in addition to
Skype usernames. Until now, PRISM would not collect any Skype data when a user
logged in using anything other than the Skype username which resulted in
missing collection; this action will mitigate that. In fact, a user can create
a Skype account using any e-mail address with any domain in the world. UTT
does not currently allow analysts to task these non-Microsoft e-mail addresses
to PRISM, however, SSO intends to fix that this summer. In the meantime, NSA,
FBI and Dept of Justice coordinated over the last six months to gain approval
for PRINTAURA to send all current and future Microsoft PRISM selectors to
Skype. This resulted in about 9800 selectors being sent to Skype and
successful collection has been received which otherwise would have been
missed.

March 7, 2014

PRISM now collects Microsoft Skydrive data as part of PRISM'S standard Stored
Communications collection package for a tasked FISA Amendments Act Section 702
(FAA702) selector. This means that analysts will no longer have to make a
special request to SSO for this - a process step that many analysts may not
have known about. This new capability will result in a much more complete and
timely collection response from SSO for our Enterprise customers. This success
is the result of the FBI working for many months with Microsoft to get this
tasking and collection solution established.

~~~
csandreasen
All of what you just provided are examples of methodology. What GabrielF00 was
referencing is something like "Prime Minister Alice contacted Secretary Bob
and discussed their recent dealings with President Carol." This is different
from saying "This information was obtained by tapping Secretary Bob's Skype
account", which in turn is different from saying "The NSA can tap Skype
accounts." Most of what we've been seeing in the news is stuff like "The NSA
can tap <technology>", and occasionally "the NSA spied on
<person/group/country>" rather than "the NSA obtained <specific information>
from <specific person> on <specific date>", which is what we're seeing with
the recent Wikileaks disclosures.

------
mirimir
> Because keeping an eye on foreign governments is a legitimate task, this
> source is not a whistleblower. He or she could be a cryptoanarchist, or
> maybe even an agent of a foreign intelligence agency.

Interesting distinction: whistleblower vs cryptoanarchist ;)

~~~
mpyne
Even more interesting is that someone besides us "government shills" has
finally acknowledged the idea that _something_ NSA does could possibly be
legitimate...

~~~
chinathrow
If you think that spying on a foreign nations president is legitimate, I have
a question for you: Is it also ok and legitimate for you if other foreign
nations spy on _your_ president?

Genuinely interested.

~~~
mpyne
Legitimate? Yes. "OK" is a function of how pervasive the spying is, but far
from expecting other countries not to try at all, I'd honestly expect other
countries to try mightily to get information on what the President of the
United States is thinking on topics of importance to that country.

~~~
mentat
Of course it's legitimate, that this is gray right now is silly. That why we
use encryption for communications, because we're expecting them to try.

------
atmosx
That's an outstanding analysis, the author is really amazing. It's impressive
to see this kind of "movie staff" in real life.

off-topic: Every time I see a bond movie I wonder who writes the (extremely
silly and unrealistic) scripts. IMHO it's a huge incompetence since there are
so many real spy-stories flying around these days. If you add romance to them,
you have an awesome action movie based on real events.

