lördag, juni 08, 2013

Comments on the NSA Prism program and Verizon court ruling

The Guardian and the Washington Post have on Thursday disclosed two very interesting documents that reveal two separate, probably interrelated, surveillance programs run by the NSA. The first document is a court order that forces Verizon to hand over phone records of millions of US customers. The second document contains selected slides from a slide PowerPoint presentation on a previously undisclosed program called PRISM. I have commented upon the story in Sveriges Radio P1 Studio Ett.

Update Sunday, June 9th, 2013. If one listens to the interview with me from Friday at 04.38-6.10, you can hear that I find the information about Verizon reliable because it confirms what has been revealed before from other sources (see for example USA Today May 10th, 2006). The documents disclosed by the Guardian strengthens this story. I am more cautious in the interview in relation to the claim that the NSA through the PRISM program has direct access to the servers of internet service providers such as Google, Facebook, Microsoft and Skype because the documents (i.e. the PowerPoint presentation) is scant on the scope and mode of these operations.

It appears as I am not the only one who is cautious in relation to the original PRISM story. Ed Bott writes that the same day (Friday June 7th 2013) Washington Post changed key details in the PRISM story. After comparing the original and the edited versions of the Post's article, Bott's conclusion is that the Washington Post "leaked PowerPoint presentation from a single anonymous source and leaped to conclusions without supporting evidence". Barton Gellman, who co-wrote the Washington Post’s story, later told the Huffington Post that he “started to hear some footsteps [from the Guardian], so I had to move” and said he "would have been happier to have had a day or two” more to work on the PRISM story. In other words, the story was published prematurely. Gellman co-authored on Saturday a new article based with a different narrative on how it works:

According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows "collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations," rather than directly to company servers. ... According to slides describing the mechanics of the system, PRISM works as follows: NSA employees engage the system by typing queries from their desks. For queries involving stored communications, the queries pass first through the FBI’s electronic communications surveillance unit, which reviews the search terms to ensure there are no U.S. citizens named as targets.
If this description is correct, the PRISM program is more targeted and narrow in scope compared to how it was described initially.

This story is very similar to the debate we had 2008 in Sweden on surveillance run by the FRA (the Swedish national authority for Signals Intelligence). My conclusion is that intelligence agencies and the politicians that have insight and power over these programs need to be more transparent if they want to continue with programs they perceive as legitimate. Otherwise we are sure to see more future "scandals" in this area, even in cases when the operations are run in accordance with the law. A good start for Government (in the U.S., Sweden and elsewhere) would be to publicly publish on an annual basis the number of messages (content data) they intercept and how many records (metadata) they have in their databases.

Here is what I have written on the topic in English.

Update Monday, June 10th, 2013. Today I am interviewed by Sveriges Radio on Snowden and potential extradition to the U.S. from Hong Kong or Iceland.

2 kommentarer:

Unknown sa...

There is a very high risk that data from these surveillance systems also have been handed over to other countries. As we already know, the Swedish FRA and Säpo have an extensive cooperation with their counterparts abroad.

With the new Swedish legislation the FRA has strengthen its position and problably is exchanging more traffic data and intelligence material than ever. As long as they can deliver useful information to their counterparts, we can assume that they are getting large amounts of data in return.

How deep does the Swedish SIUN look into this cooperation?
What stops the FRA from getting information from i.e. the Prism program?

Mark Klamberg sa...

SIUN is tasked with the oversight over international cooperation. There is no public information to what extent they actually do conduct oversight in this regard.

There are no limits in Swedish legislation on the transfer from the PRISM program to Swedish agencies such as FRA or SÄPO.