
Dutch secret service 'also has access to information from PRISM' - jeroen94704
http://translate.google.nl/translate?hl=nl&sl=nl&tl=en&u=http%3A%2F%2Fwww.nrc.nl%2Fnieuws%2F2013%2F06%2F11%2Faivd-heeft-ook-toegang-tot-informatie-uit-prism%2F
======
inoop
Here's an attempt at a quick translation for those interested. Note that 'De
Telegraaf' is a tabloid-y newspaper, and the Algemene Inlichten- en
Veiligheidsdient (AIVD) is the Dutch secret service.

\---

Dutch secret services also receive information from the United States'
internet wiretapping program, PRISM. When the Algemene Inlichten- en
Veiligheidsdient marks an American e-mail address as being suspect, within
five minutes everything is known, said an AIVD agent this morning in De
Telegraaf. According to the paper the agent was working for the department
tasked with monitoring Muslim extremists.

According to the agent many companies are actively collaborating in giving
access to their data. 'All large commercial internet services are being forced
to provide an application with which [secret] services can browse [their
data]'. Together these applications make up the American secret service NSA's
program for collecting private internet data.

'EVERYTHING IS BEING SHARED BY SKYPE, GOOGLE, AND FACEBOOK'

According to the agent Skype refused for years to provide access [to their
data], but since it has become property of Microsoft everything is said to be
shared, as is the case with Google and Facebook. Last Saturday the leading men
of both companies said not to be aware of the internet wiretapping program.

Dutch companies are said to cooperate willingly as well. 'When a request comes
in one is just given direct access to the data, everything on a silver
platter.' When a company does not cooperate, an agent is 'activated' that has
access to the information at the company. 'Within companies and organizations,
everywhere there are agents that can be activated, who are waiting for an
information request.'

~~~
mtgx
> According to the agent Skype refused for years to provide access [to their
> data], but since it has become property of Microsoft everything is said to
> be shared.

I bet people won't think I'm so crazy now for posting before that the only
reason Microsoft paid the incredible amount of $8.5 billion for Skype (and 2x
as much as Google was willing to pay) for no good reason, is because they
already knew they were going to make at least half of that money back from
NSA:

[http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_...](http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/)

Also this: "Microsoft's patent application for Legal Intercept was filed in
2009, well before the company's $8.5 billion purchase of Skype in May":

[https://www.computerworld.com/s/article/9218002/Microsoft_se...](https://www.computerworld.com/s/article/9218002/Microsoft_seeks_patent_for_spy_tech_for_Skype)

So they were already preparing to make it a _spy technology_ before they even
bought it. Microsoft bought Skype in May 2011. Look at the PRISM slide. They
adopted PRISM for Skype in June 2011, a whole _month_ after they bought it (in
a hurry much?):

[http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/images/prism-slide-5.jpg)

~~~
UnoriginalGuy
Why would anything think you were crazy? That was widely discussed around the
acquisition.

Then Microsoft completely altered Skype's design (from supernode/P2P to
client-server) making it cost a LOT more to maintain while offering no obvious
advantages, which more or less confirmed it.

~~~
frabcus
Where's a reference for it now being client-server? I can't find anything with
a quick search.

~~~
Jasber
I was able to pull up this: [http://arstechnica.com/business/2012/05/skype-
replaces-p2p-s...](http://arstechnica.com/business/2012/05/skype-
replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft/)

Quote from Microsoft PR on the change:

 _As part of our ongoing commitment to continually improve the Skype user
experience, we developed supernodes which can be located on dedicated servers
within secure datacentres. This has not changed the underlying nature of
Skype’s peer-to-peer (P2P) architecture, in which supernodes simply allow
users to find one another (calls do not pass through supernodes). We believe
this approach has immediate performance, scalability and availability benefits
for the hundreds of millions of users that make up the Skype community._

------
downandout
Here's an interesting thought (to me). Supposedly there is a law that forbids
NSA from using PRISM to directly spy on Americans. Let's imagine, for a brief,
laughable moment, that this law is followed. It would be technically compliant
with the law if the NSA could send a request to Dutch authorities, and ask
that they send any information they have or can obtain on a US person. The
Dutch have access to this system, and would know what the NSA is getting at,
so the Dutch would query the system and send the info back. This could all be
done via API in a matter of milliseconds.

The NSA could then tell their overseers that _they_ have never used PRISM to
spy on Americans, which would be technically true, while they would enjoy
unfettered access to intelligence on US persons with absolutely no oversight
or authorization from anyone. This seems to be one of only a few logical
explanations for giving other countries access to the system.

~~~
mtgx
That doesn't seem like a huge stretch of imagination at all. There have been
rumors years ago that they're doing this with the UK, too, and probably other
countries, too.

I wonder if that's why Germany is the most spied upon in EU. Does Germany have
the same deal with US? You spy on us, we spy on you?

It can either be that, or US spies on Germany because they want all sort of
information from their politicians, businesses, and so on. I doubt most
terrorists reside in Germany. So those can be the only 2 explanations.

~~~
Vivtek
I suspect the NSA and CIA remember the Cold War and still regard Germany to be
an occupied US possession.

~~~
jacquesm
Do the flip test:

Would the US allow the Dutch, the Germans, the Belgians and the French to have
military bases on US soil?

~~~
mpyne
They come over here and train all the time. If they had the numbers they
probably could carve out a base within one of ours, or even a separate area.

There is at least one U.K. facility home-based here in the U.S. in fact.

~~~
jacquesm
If you're talking about Nellis that's a US airbase with a few UK planes/pilots
stationed there mostly for training purposes, which is clearly not the same
thing.

~~~
mpyne
I'm not talking about Nellis.

Edit: I can't say what I am talking about, but I will say that we (the U.S.)
ended up having to lease usage of the U.K. facility even though it was
physically located here in the U.S. and protected by U.S. forces.

~~~
bilbo0s
Guy...

You're not inspiring the average American's confidence in the US Government.

~~~
mpyne
So? Inspiring confidence in the government is not my job, defense of the
nation is.

~~~
bilbo0s
They are the same thing.

~~~
mpyne
They are not at all the same thing.

In fact if Americans weren't in general wary of the government I'd be
wondering who kidnapped all of America and replaced them sleeper cell aliens.
There's no finer American pasttime than distrusting the government, it's right
up there with chopping cherry trees and baseball.

------
Fice
Any government will do large-scale surveillance if they can. It's been said a
thousand times before: do not use centralized social networks, cloud services,
proprietary software if you value your privacy and freedom. This may be
inconvenient, but we can't have freedom without paying its price. I had hard
time explaining my friends and relatives why I am not on Facebook (or vk.com,
which is more popular here in Russia) or why I would not use Skype, but at
least I know that am not cooperating with those who are taking our freedom
away.

~~~
mpyne
I know I sound like the NSA shill here but I agree with this 100%. Stuff I've
allowed to be on G+ or FB is done with the full knowledge that even the
"Restricted" settings will not 100% reliably stop it from leaking to the
Internet. Even without the NSA there are problems with corporate insiders,
hackers, implementation bugs, countless other things.

Data I have that needs to be private is not stored anywhere on any cloud,
except perhaps in an encrypted format sufficient for Data-at-rest.

In fact I was looking for a cloud service provider to use for some work-
related stuff (PII) when I came to the conclusion that I couldn't actually
trust any of the available cloud services, since it would always be possible
for a cloud provider to gain physical access to the machine even if I use
full-disk encryption.

What I'm hoping is that someday providers like Heroku will kind of meet-in-
the-middle and setup a provision for setting up an enterprise cloud service
(inside the protected WAN) that can be provisioned and managed similar to the
public cloud SaaS services. Something where the enterprise would have the
hardware and network interfaces but Heroku would provide the OS and management
software.

------
wwweston
>If a company does not cooperate, an agent 'activated' who has access to the
information of the company. "Within businesses and institutions everywhere
activate waiting for a request for information. Agents are"

In other words: the problem may be as much the fact that personal data exists
in the hands of third parties at all as it is that there's any formal
framework that enables law enforcement/national security agencies to legally
access it.

~~~
cromwellian
I find the claims that moles within Google are responsible for this, to be,
not impossible, but very improbable. The way Google's internal employee
network is setup, the way the code reviews work, the way automated security
audits work, the way the data is stored, there are lots of checks and balances
that would make it hard to pull off without being noticed.

It's not like an employee can just hack in a device onto the network and start
committing code with backdoors, putting trojans on servers, or slurping up
network packets.

~~~
babuskov
I find that you underestimate the training of top undercover agents.

~~~
bilbo0s
You underestimate the training of your average Stanford CS grad.

~~~
babuskov
Who says that some of top Stanford CS grads are not working as undercover
agents.

The way secret services are shown in movies is a little bit different than the
real world. All of them recruit top students from different universities.
There is no "university for spies", where they teach agents all the skills
they need to get the job somewhere. It's the other way around: they recruit
people who already have those skills and teach them how to be agents. That's
much easier because teaching someone how to become agent is their expertise.

~~~
bilbo0s
"...Who says that some of top Stanford CS grads are not working as undercover
agents..."

Some of them may be...

but the others will undoubtedly spot what's going on. These guys are not dull.
They REALLY ARE the smartest guys in the room.

------
adventured
It seems clear that the post 9/11 "you're either with us or you're against us"
policy was directed primarily toward establishing a global, connected police
state (at least as it pertains to surveillance / privacy). The US needed
everybody on board, 9/11 was abused to serve that purpose.

At the time I just viewed it as generalized anti-terrorism, anti-Al Qaeda type
coalition. In hindsight it seems comically obvious what they were really
targeting.

~~~
alan_cx
And Pakistan still quakes under the thread of being bombed back to the stone
age. I wonder how many other countries were threatened by the "leaders of the
free world".

"They hate our freedoms"? What, as much as the US hates and compromises every
one else's?

Now can any one help me with a definition of a Rogue State?

------
CurtMonash
I wouldn't take detailed technical claims from a Dutch tabloid very seriously.
Even Glenn Greenwald, who likes to be meticulous with his facts and who has
spent months working on this story, seems to have gotten some details wrong.

(Yes, I said Greenwald is meticulous with his facts, notwithstanding his
extremist and not always well-supported OPINIONS. That's one of the
juxtapositions that makes him so interesting.)

~~~
kilian
The NRC is actually one of the top-rated newspapers in the netherlands, quite
similar to the Guardian and far from a "tabloid". If this were published in
the "Telegraaf", you'd have a valid point.

Edit: Seems the story was first published in the Telegraaf, which makes the
parent a very, very valid criticism!

------
jrnkntl
Maybe not 'news', but interesting since some of the founders of Kazaa also
started Skype. I can understand their morale at first: "Skype wouldn't share
any information at first with the agencies, but since it's owned by Microsoft
they have full access"

~~~
mtrimpe
I think you meant "since it's owned by Microsoft".

Also, if anyone is wondering, this article is actually from one of the most
respectable Dutch newspapers.

~~~
vanderZwan
> Also, if anyone is wondering, this article is actually from one of the most
> respectable Dutch newspapers.

Not quite. The NRC is one of the most respectable newspapers, yes. It is
however _citing another newspaper_ , the Telegraaf, which is not quite as
respectable. That said, they probably wouldn't publish this unless they were
somewhat confident about the story.

~~~
mtrimpe
Seriously? I missed that part. That's cheeky...

------
ohwp
Note that The Telegraaf is one of the most unreliable newspapers in the
Netherlands.

According to Larry Page Google does not give access to all your data within 5
minutes:
[https://news.ycombinator.com/item?id=5860313](https://news.ycombinator.com/item?id=5860313)

~~~
flyinRyan
I don't really care what Larry Page says. The government says they have to
hand over the data and make a way for the government to store it in real time.
Of _course_ Google is cooperating with them. Just like everyone else.

~~~
DannyBee
If you don't care what anyone at google says, what would make you believe
otherwise?

~~~
flyinRyan
Why would I believe a company that is bound by law to (a) hand over my data
and (b) tell me they're not doing that.

I can't be convinced it isn't happening at this point because we have
_evidence_ that it is from the government.

~~~
DannyBee
They aren't bound to tell you they are not doing that. Again, i'm not sure
where people get this idea. They may be compelled to be _silent_ about it, but
not compelled to lie.

------
ohwp
Serious question: How do we know PRISM is real? The only source I could find
is The Guardian and the PPT of the so called PRISM project.

Some facts:

    
    
      * The Guardian is the only source.
      * We don't know how they verified the authenticity of the PPT.
      * We don't know anything about Edward Snowden.
      * All companies 'involved' never heard of PRISM and also don't know how the NSA does gather user information without a warrant.

~~~
yen223
Obama has confirmed its existence.

But you do raise an interesting point. Does anyone know exactly what PRISM is,
from a technical point of view? It seems that everything we know about it
comes from the leaked powerpoint slides.

------
timonv
An interesting development, the Dutch minister of security refuses to expand
on the details of the AIVD and NSA relationship, stating that it has to be
discussed on an European level first.

[http://www.nrc.nl/nieuws/2013/06/11/aivd-heeft-ook-
toegang-t...](http://www.nrc.nl/nieuws/2013/06/11/aivd-heeft-ook-toegang-tot-
informatie-uit-prism/)

------
sgarbi
When it says "within five minutes all known" does it mean that the ISP
translates the IP address with the name of the person who signed the contract
with the Provider?

~~~
zorbo
I don't know about the US, but there's a project here in the Netherlands where
ISPs can voluntary submit that information to a central databank where law
enforcement can access it. There's _some_ due process that has to be done
before law enforcement may access it, but it's been shown that the process is
faulty or not adhered too.

------
tech-no-logical
our minister (Ivo Opstelten) has just said that he hasn't had any complaints
concerning prism.

probably because it was a secret... duh... the way our (as in netherlands and
EU) politicians are responding to these issues are so laughable it makes me
depressed.

