Re: Reactions to reported NSA PRISM program

[Tim Doty <tdoty () MST EDU>]

On 06/07/2013 08:02 AM, Kevin Halgren wrote:
> For those of you already using Google or Microsoft cloud e-mail
> solutions, I'll be curious to hear the reactions on your campuses to
> this news.
>
> I believe the tech companies are telling the truth when they say they
> don't provide direct backdoor access into their systems and that the
> PRISM presentation may overstate the cooperation and capabilities of the
> system, however that doesn't preclude the government from abusing
> existing systems and capabilities e.g. those under CALEA lawful
> intercept capabilities.

My reading of the statements is they carefully skirt ever stating that 
they aren't participating in PRISM -- in effect what they say is that 
they only provide information pursuant to legal requests. The 
arrangement outlined by PRISM would, AFAICT, be currently interpreted as 
legal no matter how abhorrent one might find it.

James Clapper (Director of National Intelligence) confirms the program's 
existence, only differing on the accuracy of unspecified details.

If you provide a narrow interpretation, such as "direct backdoor", then 
sure it is likely to not be technically accurate. But there appears to 
be sufficient evidence to support assertions that they have query access 
to the data sets in question only constrained by unspecified keywords 
that may, or may not, limit a query to foreigners. And a policy to move 
out from the target by two degrees which is likely to result in 
collection on US citizens.

In "the good old days" an investigation had to get approval to collect 
data on contacts made by the target (excepting only a very limited scope 
of data collection and actions such as would permit such a request). 
That policy applied to physical investigations -- apparently digital is 
somehow different.

Tim Doty

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature