Hacker News new | past | comments | ask | show | jobs | submit login
Breakdown of the NSA spying on French leaders (electrospaces.blogspot.com)
89 points by zmanian on June 28, 2015 | hide | past | web | favorite | 14 comments

Most of what we saw in the Snowden leaks was about methodology. We saw very little about what the NSA actually produces. Here we're actually seeing examples of what the NSA provides to policymakers. It's a useful perspective.

These are also from the Snowden leaks and they detail far more than just methodology, but rather examples of the actual information they're collecting - courtesy of Microsoft.

July 31, 2012

Microsoft (MS) began encrypting web-based chat with the introduction of the new outlook.com service. This new Secure Socket Layer (SSL) encryption effectively cut off collection of the new service for FAA 702 and likely 12333 (to some degree) for the Intelligence Community (IC). MS, working with the FBI, developed a surveillance capability to deal with the new SSL. These solutions were successfully tested and went live 12 Dec 2012. The SSL solution was applied to all current FISA and 702/PRISM requirements - no changes to UTT tasking procedures were required. The SSL solution does not collect server-based voice/video or file transfers. The MS legacy collection system will remain in place to collect voice/video and file transfers. As a result there will be some duplicate collection of text-based chat from the new and legacy systems which will be addressed at a later date. An increase in collection volume as a result of this solution has already been noted by CES.

March 15, 2013

SSO's PRISM program began tasking all Microsoft PRISM selectors to Skype because Skype allows users to log in using account identifiers in addition to Skype usernames. Until now, PRISM would not collect any Skype data when a user logged in using anything other than the Skype username which resulted in missing collection; this action will mitigate that. In fact, a user can create a Skype account using any e-mail address with any domain in the world. UTT does not currently allow analysts to task these non-Microsoft e-mail addresses to PRISM, however, SSO intends to fix that this summer. In the meantime, NSA, FBI and Dept of Justice coordinated over the last six months to gain approval for PRINTAURA to send all current and future Microsoft PRISM selectors to Skype. This resulted in about 9800 selectors being sent to Skype and successful collection has been received which otherwise would have been missed.

March 7, 2014

PRISM now collects Microsoft Skydrive data as part of PRISM'S standard Stored Communications collection package for a tasked FISA Amendments Act Section 702 (FAA702) selector. This means that analysts will no longer have to make a special request to SSO for this - a process step that many analysts may not have known about. This new capability will result in a much more complete and timely collection response from SSO for our Enterprise customers. This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.

All of what you just provided are examples of methodology. What GabrielF00 was referencing is something like "Prime Minister Alice contacted Secretary Bob and discussed their recent dealings with President Carol." This is different from saying "This information was obtained by tapping Secretary Bob's Skype account", which in turn is different from saying "The NSA can tap Skype accounts." Most of what we've been seeing in the news is stuff like "The NSA can tap <technology>", and occasionally "the NSA spied on <person/group/country>" rather than "the NSA obtained <specific information> from <specific person> on <specific date>", which is what we're seeing with the recent Wikileaks disclosures.

Yeah, this is the result of not only the raw tapping work but interpretation/translation and reporting of the results

> Because keeping an eye on foreign governments is a legitimate task, this source is not a whistleblower. He or she could be a cryptoanarchist, or maybe even an agent of a foreign intelligence agency.

Interesting distinction: whistleblower vs cryptoanarchist ;)

Even more interesting is that someone besides us "government shills" has finally acknowledged the idea that something NSA does could possibly be legitimate...

The Cold War is probably the closest historical lab experiment about espionage. I've seen it argued that even the spies and traitors served a valuable purpose during the Cold War. Because leaks like these provided a way for valuable information to cross the barriers of antagonism and give insight into the real problems and the real fears of the other side. And this knowledge could in fact lower tensions and increase security.

To know and to tell secrets is a very human thing that laws and social norms (spying on the President! For shame!) will not erase.

Even if it was ultimately valuable in that way, cold war espionage was still an extremely expensive theatrical game of back and forth - often piggy-backing on morally-questionable methodology in order to get those results.

Opportunity costs...

That's nothing new - the Electrospaces site has called into question the claims of Snowden and Greenwald on numerous occasions. For example:

- Snowden would not have been able to legally "wiretap anybody": http://electrospaces.blogspot.com/2015/02/snowden-would-not-...

- Snowden-documents show no evidence for global mass surveillance: http://electrospaces.blogspot.com/2014/06/snowden-documents-...

- Document shows that it was not NSA, but FBI that monitored 5 Americans: http://electrospaces.blogspot.com/2014/07/document-shows-tha...

- Screenshots from BOUNDLESSINFORMANT can be misleading: http://electrospaces.blogspot.com/2013/11/screenshots-from-b...

If you think that spying on a foreign nations president is legitimate, I have a question for you: Is it also ok and legitimate for you if other foreign nations spy on _your_ president?

Genuinely interested.

Being legitimate "for the NSA to do" and legitimate "in the grand scheme of things" are not the same thing.

It [could be argued that it']s legitimate for the NSA to spy on France, just like it[...]'s legitimate for the french NSA to spy on the US.

That's not the same question as whether or not it's legitimate for allies to spy on each other. Oh, sorry, for the US to spy on France and for France to spy on the US.

Legitimate? Yes. "OK" is a function of how pervasive the spying is, but far from expecting other countries not to try at all, I'd honestly expect other countries to try mightily to get information on what the President of the United States is thinking on topics of importance to that country.

Of course it's legitimate, that this is gray right now is silly. That why we use encryption for communications, because we're expecting them to try.

That's an outstanding analysis, the author is really amazing. It's impressive to see this kind of "movie staff" in real life.

off-topic: Every time I see a bond movie I wonder who writes the (extremely silly and unrealistic) scripts. IMHO it's a huge incompetence since there are so many real spy-stories flying around these days. If you add romance to them, you have an awesome action movie based on real events.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact