US government has direct access to data servers of major tech companies, is potentially spying on… everyone

PRISM Slide

This is a little late, but in light of recent events it’s still certainly worth covering. Just days after the news broke that the NSA or National Security Agency had a secret court order which allowed them to view various wireless records, we found out it was a lot worse than first revealed. Both The Guardian and The Washington Post published information about a secret surveillance program called PRISM.

The program provided government agencies with the ability to collect data “directly from the servers” of companies like Microsoft, Google, Apple, Facebook and Yahoo. According to the leaked materials, Dropbox support is “coming soon”.

Basically, the system allows the NSA and the FBI to “extract[…] audio, video, photographs, e-mails, documents, and connection logs that enable analysts to track a person’s movements and contacts over time.”

Interestingly enough, even after the news broke, technology companies like Facebook, Apple and Google have all gone on the record denying acknowledgement of PRISM. In fact, in a recent statement Google even said, “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully.”

A spokesperson for Dropbox told Ars Technica the following:

“We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”

Other tech companies also responded to Ars Technica’s queries with the following statements:

Facebook- “Protecting the privacy of our users and their data is a top priority for Facebook. We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

Microsoft- “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Aol- “We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers.”

James Clapper, the Director of National Intelligence later released the following statement in response to recent press coverage of the entire situation:

“The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any U.S. citizen or of any person located within the United States,” the statement said. “The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

Of course, by now you’ve heard that the whistleblower behind the entire reveal was Edward Joseph Snowden. After bringing the secret operations to light, Snowden fled to Hong Kong to remain safe and secure from would-be attackers and persecution.

“Perhaps I am naive, but I believe that at this point in history, the greatest danger to our freedom and way of life comes from the reasonable fear of omniscient state powers kept in check by nothing more than policy documents.”

Many are conflicted about Snowden’s actions, and the fact that the government is now working to prosecute him for his actions. On one hand, as mentioned by House speaker John A. Boehner “he’s a traitor.”

“The disclosure of this information puts Americans at risk. It shows our adversaries what our capabilities are. And it’s a giant violation of the law.”

On the other hand, Snowden did bring to light several government programs that definitely appear to be operating outside the law.

What’s your stance on the entire situation? What would you like to see happen to Snowden? Let us know in the comments below!

[via Ars Technica, Information Week]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

19 comments

  1. Louis

    [@KMHamm] Well said ! No matter how hard, it’s vital to remember that terrorism isn’t about blowing up people and buildings, or flying aeroplanes into it, diabolical as these deeds may be

    — it’s all about destabilising the order and the very fabric of our society, luring our governments into the trap of using the opportunity to control their society by controlling all their information, forcing them to give up their privacy etc.

    Making us distrust our elected governments, who are in fact, as the terrorists planned and hoped for all along, to become more and more autocratic, and we know from history where that will eventually lead.

    We, the citizen’s are Julius Ceasar’s final guards to guard our own ‘ guards’ — keep our political representatives honest, defy any attempt by them to give in to the ultimate aim of terrorrism, which as you pointed out, is all about polarising, to stop our political ‘leaders’ from turning against us to further their own hunger for more power (i.e. our private information etc).

    So until we succeed, we do have to force our government to not be able to quash anyone, keep exposing them, until they’re forced (afap) to act in such a manner for us to no longer justifiably mistrust them.

    As you said so well, it is our task to resist our government’s evil efforts, to keep them clean, to prevent us mistrusting them, failing which the terrorists have won by succeeding in their ultimate goal of destabilising our society.

    If that entails a campaign of civil disobedience (not necessarily organised, but helping one another openly online) in advising how to defy every possible attempt by government to sink their greedy paws into our personal information and communication, in order to keep the government (of any country) honest, then so be it, WE are the only ones able to.

    I sincerely hope that by more and more people hammering this message home without cease, that it will lead to a mainstream active range of countermeasures to stop governments in their tracks.

    During election times, don’t be diverted by candidates trying to deflect attention to topics like domestic and international economics etc — these are to an extent beyond any single government’s control, and they’ll do what they want anyway once they’re in power, so making that an election issue is a waste of time ….. if you don’t get what I’m saying, just :” read my lips : No more taxes ….” :-)

    FORCE them in letters, emails, Twitter if you must, FaceBook if you still have one, Google Circles (more respectable, just use a fake last name as with FB), on TV debates, on radio and TV talk shows, in the townhalls — force them to show their hand, their true colours, when it comes to Echelon, Prism, other atrocities to information, anything you can think of to make them lift the diabolical veil of secrecy they’re hiding behind.

    The EFF is an admirable organisations, I would like them and other’s similar to become even more mainstream critical. But most of all, EVEN IF IT MEANS A DEGREE OF INCONVENIENCE, make it your own mission to thwart the government by simple measures already written here.

    Keep your real name and real particulars out of social media (LinkedIn excluded, as long as you stick to posts of a professional nature).

    Good idea expressed by RG — get a cheap or free domain name somewhere and use their pop3 or imap email from your own domain.

    If sending important files, encrypt it properly. If sending messages, you simply want no-one able to trace, use an ultra-secure email service like http://www.safe-mail.net (run by the Israeli’s) — you can even encrypt files sent with that or any other non-webmail service as well.

    Stop using online chat software —- I used to use it a lot, then abruptly ceased to …. to this day, never missed it.

    USE A GOOD COMMERCIAL VPN : It’s really not that expensive, and speaking from experience currently working in China, the Chinese Gov , despite trying with an organised effort at stamping out VPN use early this year, had never managed to neutralise mine. DO IT, IT”S WORTH IT. When using a browser, combine the VPN with your browser’s “Incognito / InPrivate Browsing etc feature — that way you r real IP cannot be deduced by browser settings and cookies etc which it sometimes can , by normal browsing even when using the VPN (Chrome a big culprit, but not the only one). Destroy all flash cookies on your system constantly.

    It’s amazing how often doing something repeatedly as a habit, suddenly become second nature.

    Really need that Twitter …. ? I had mine a while, got fed-up with the length restriction, the endless re-tweets, ad’s and the generally useless nature of this answer to a question no one asked, so I dumped it two years ago, Strange, I haven’t missed it for a moment, in fact I was relieved to get rid of it.

    Google Glass coming up — do I need to state the obvious ? Apart from its HUGE threat to privacy — if I were that journalist in the rest room at the urinal … well let’s just say I’m a peace-loving guy most of the time, but wink at me there, and …. well someone will have to scrape the Glass and residue off the floor.

    RFID & microchips — resist, resist, refuse, resist ….

    Turn of a-GPS (assisted) — if your GPS need to be connected to the Internet, turn it off. If you can’t go without GPS, and it must be on a cellphone, get a Nokia — their GPS receivers do NOT need a cellphone connection, or even a sim-card to use. And my Nokia E5 has all the smart features I need in a phone.

    Any threat to your privacy, fight it, fight , fight, fight……….

    I love technology, always had, but there’s a line, and it’s been crossed, now is the time for concrete digital action to halt, drive the enemy back behind the line, and keep him there where he belongs.

    The enemy is no longer just the terrorist …..

  2. KMHamm

    [@yachtie] It is in the government’s best interest to quash him quickly and decisively so that others keep their mouths shut. In this modern age, martyrs last only as long as our (shrinking) attention spans. The longer he’s in the news, the more people will question. Once we can justifiably mistrust our own government, the ‘terrorists’ have already won.

  3. KMHamm

    [@Mario] Your opinion is NOT worthless, Mario. But is it really an either/or situation? Is there truly no way of having protection from terrorists AND from our own governments? Polarization is the enemy of innovation and creativity. Those who can separate and polarize us can defeat us, no matter if it’s from within or without.

  4. yachtie

    He is a whistleblower. ALL WHISTLEBLOWERS must be protected. They put their lives and safety on the line to get the truth out to the public who big brother keeps us in the dark under the pretext of security. What does the U.S. agencies and government care about the rest of the world. ZIP!!!!!!!

  5. Louis

    The USA is a trendsetter, and thus a non-American’s view is certainly not pointless, given that they’re also scrutinising our data. Soon (already the case in other countries, just not as trumpeted) this will become the norm, unless we actively make our voices heard, and actively take every possible step to thwart this evil doctrine.

    Evil I say ? Yes indeed, would it not be evil for you to open other people’s regular and personal mail without their prior knowledge and express consent ? There’s no difference. A terrorist is hardly going to advertise his intended misdeed openly on Gmail or Facebook, yet the Gov decides nevertheless, let’s seize this opportunity to read everybody’s mail anyway, since our voters are reeling from shock, and won’t put up much resistance, so let’s go ahead and build a nice profile of their everything posted on FB and everywhere else that matters.

    Do I have nothing to hide ? Certainly I have no intended terrorist or even criminal activities to hide. But I damn well do have personal (e.g. email to loved one) or private (e.g. sensitive business dealing) information that is NOT FOR THE GOVERNMENT’S, ANY GOVERNMENT’S, EYES.

    And yet there are those that say : “if the US or UK government wants to access my Facebook or my Gmail accounts then by all means go ahead..” & ” I’d prefer to have my information scrutinized, ’cause I have nothing to hide…”. So it’s also alright for Government to come around at night on your property and look in through your windows ?

    Shocked and outraged ? But surely not, after all, you’ve nothing to hide, and they are the Government, right, and if they peep into enough windows they may eventually get lucky and catch some criminal or terrorist, so what’s giving up a little privacy to you …. not much if it will allow GOVERNMENT to “thwart future Islamic acts of terrorism then I am happy to forgo a bit of privacy” ? So no problem for you then. Well, bully for you !

    Wake up people, smell the coffee, that’s exactly the attitude that causes Governments everywhere to walk all over your basic human right to absolute privacy, that is, or should be, enshrined in any proper constitution.

    I’m law-abiding, have fought as a conscript in a war against terrorism at 18 that lasted until I was 26, so I’ve done my part in sweat and blood and …”. And I would fight terrorism myself, actively, if it comes around to my area (which it had before), and not rely on my Government to ‘protect’ me, but actively aid it.

    But count me out if it means giving up even a ‘nanometer’ of privacy ! Privacy is sacred and untouchable, and I will fight any Government, my own included, should it dare to attempt to invade mine.

    Of course, unfortunately this can’t be fought with violence, but joint and organised civil disobedience and concerted and well organised campaigns to render Governments’ invasion of any one person’s privacy ineffective is to be welcomed.

    If that’s too much for you, you certainly don’t need to join any crackpot organisation to achieve this, just see my previous post (1) — if everyone takes some simple countermeasures on their own, the combined effect would be to render their whole grand design of gaining access to, and stockpiling of, the information of every citizen on the planet (at least those using the services of corporations under US control) null and void.

    Essentially then, non-aggressive, but definitely assertive, cyberwar if you like, to protect your privacy online and make it impossible for Government to gain anything significant regarding your personal or professional life online

    Ultimately it’s everyone’s resolve and backbone to say : This is enough, here I draw the line, and I won’t be prescribed to, regarding the extent you are allowed to view ANY OF MY INFORMATION without MY express consent, or that of a qualified court reacting to a SPECIFIC request to see MY data online. This will adequately take care of “people who do have something to hide” and to thwart those planning “future Islamic acts of terrorism”.

    However, any general blanket (carte blanche) court order, or worse, a piece of legislation allowing spying on me without any court order (which makes any Government no different than a Mao, a Pol Pot, a Stalin, a Hitler etc, it’s a thin line), is just unacceptable ….here’s where an honest, law-abiding citizen will turn to civil disobedience to protect his constitutional right to absolute privacy.

    Complete privacy without intrusion, unless specific permission related to me individually is properly obtained by a court, is my inalienable global human right, and I will never accept any compromise to that — so the old meek & mild attitude of ‘go right ahead, I’ve nothing to hide’ is the biggest mistake you can ever make, and essentially is tantamount to give up your privacy completely without exception.

    You may as well roll over and accept the consequences.

  6. Seamus McSeamus

    [@andyjames]
    It isn’t about being honest and law abiding, it’s about having the government follow the law. To borrow an old colloquialism, I don’t want them to piss on my head and tell me it’s raining.

    If someone is suspected of being involved in something illegal, then investigate *that person* by obtaining search and wiretap warrants. When government is not accountable to the same laws as the citizens it governs, what you have is tyranny.

  7. andyjames

    I am an Englishman living in central Europe, if the US or UK government wants to access my Facebook or my Gmail accounts then by all means go ahead. If by doing so their anti terrorist agencies can thwart future Islamic acts of terrorism then I am happy to forgo a bit of privacy. We live in an ever changing world, honest law abiding people have nothing to fear.

  8. Mario

    I’m not American so my point of view is… pointless, but I’d prefer to have my information scrutinized, ’cause I have nothing to hide, than die on a terrorist attack that could have been prevented in such a government action. But, that’s my opinion, and my opinion is worthless.
    mario

  9. Darcy

    Any government that bypasses their own laws is by definition corrupt. This isn’t new though, things have been getting worse for the last 40-50 years at least. Trouble is, it will continue to get worse until the people of the US get fed up and take action. The old saying is; “Every country has the government it deserves.” by Joseph de Maistre.

    If we wait too long, and I acknowledge we may already have, we will learn the truth of another old saying. “All that is necessary for the triumph of evil is that good men do nothing.” – Edmund Burke

  10. Louis

    PS Here’s a good thought for Google, Microsoft , Amazon etc who’s currently under fire from different Government agencies for taking their operations to more tax friendly jurisdictions, and now experiencing persecution for their clients’ data (that be us) :

    Make this diabolical persecution by the US Gov for private citizens’ data your prime reason for moving your corporate ownership offshore, and you will neutralise 2 flies with one swipe :

    Your prime reason is now no longer tax avoidance, but rather one of taking the noble high ground of protecting your clients’ privacy (something the Europeans, currently attacking the aforementioned US multinationals for tax avoidance, dearly love) — thus taking the angle out of the tax-based attacks, while at the same time moving to a less overly aggressive jurisdiction in terms of protection of data access.

    Google, Microsoft, Apple, Amazon etc, you all have the means to relocate your primary domicile outside the USA — let’s face it, you might as well, since 75 % of your operations already are based outside for tax reasons, you just need to remove your corporate identities as well …the whole world would be a better place for it.

    Your companies are all leaders in your field, rest assured it will not make one iota’s difference to your income, on the contrary, you may well increase your after tax income, and be rid of this Stasi -like US Government behaviour.

    A case in point : the company De Beers Ltd, (the world’s biggest diamond mining group, controlling 80 % plus of the world’s diamond legally from South African mining), a few years ago delisted from the JSE, and reincorporated in London, now listed on the LSE, control has moved outside the SA Gov jurisdiction (for good reason escaping the same type of SA Gov interference), and it’s business as usual, but without the political aggravation.

    It can be done, and the US Gov shouldn’t take anything for granted any more (as they’ve clearly been doing).

  11. clockmendergb

    Its been at least 3 years since it came out that ATT was splitting its lines into two identical feeds and sending one feed to a secret room being run for the government so what is really new.

    As for Microsoft and google etc not cowering down to the government.
    Am I really going to believe them when they say they will not join a government program.

    Absolutely not.
    and nor should anyone else

  12. Louis

    Well, I’m not American, but if I was, I would condemn ANY Government access to my private records held by a third party such as those mentioned — it being private per se, since I’m not a public figure.

    In fact, as a non-American, I’m ‘slightly’ pissed off at them having access to my records anyway, aren’t we supposed to be living in a ‘global village’ ?

    My stance is simple : As an ex-soldier, I stand against terrorism, BUT NEVER at the expense of my privacy, which is, and will be, forever untouchable in my view (and if I need to encrypt anything I put online, and use ultra-secure email services like http://www.safe-mail.net for important mail, so be it) —-Governments all over the world, not just the USA, have seized on anti-terrorism as a convenient excuse to also pry into their own citizens’ private affairs.

    This is why it’s a BAD idea to EVER vote in a President for a second term — he has now got no checks and balances to reign him in. Learn from this, all countries with a similar dispensation.

    All Governments, in all countries, West, Middle or East, Third World , First World and anything in-between, are bastards at heart, and not to be trusted.

    The message should be clear by now to every individual in the world, no matter where you are :

    Protect yourself
    Protect your privacy

    Cancel your FaceBook account and force them to delete as much as you can get them to. Make a new one if you can’t live without it, that’s what I did — but only use your real first name and a fake last name, plus an avatar of ‘identikit’ type of pictogram — if you think about it, your friends will know who you are, if YOU decide to connect with them. Do you really need other people to find you ? You can find them, and contact them if you want, and they will all know who you are, without the rest of the world knowing. Post the absolute minimum, if any — I ran an experiment recently : Whenever I felt the urge to post something, I’d first type or paste it into a Word document, save it and let it lie for a day on my desktop : 99 % of the time, I didn’t really feel the need to post it a day later ….and guess what, nobody was any the wiser …And eliminate the despicable “tagging of people on photos”.

    Any sensitive file, or any file containing personal info, make it into a 7Zip SFX archive encrypted with AES256, then attach it — it takes only seconds if you don’t actually use its compression of not needed (and anyone with the password can decrypt it in seconds, no software needed —yes there are other software which I also have used, but recently, due to dotTech, I found 7Zip works the most practical also for creating self -extracting encrypted files.

    Same goes for any uploading onto cloud-based servers — pick a strong non dictionary word / non character repeating or obvious keyboard pattern, 9 + characters password containing at least 2 CAP letters, 2 small letters, 2 special characters and 2 numbers — this will be guaranteed to be unbreakable even by the NSA, no matter what popular myths are out there that sensationalise their true ability otherwise (The last opensource encryption algorythm known to be broken was 56 K DES). Use any of Twofish, Serpent, AES etc (even Blowfish still using cipherblock size of 64bit haven’t been cracked yet) plus a solid password as described,, and you’re safe for decades to come, no matter how many GPU’s are linked together, they will not crack your file.

    It’s time private individuals take matters in their own hands and say to Governments all over : Yes, we are with you in the fight against terrorism, HOWEVER, screw you if you think you can have a crack at my personal information — go find a better way to use my tax money to fight terrorism.

    As regards to Mr Snowden …well the Government won’t give him a medal, but surely Norway could consider him for a Nobel Prize ?