So there’s been 100s of articles posted about PRISM, which also now has a lengthy Wikipedia article – PRISM (surveillance program). Apparently PRISM (2007-present) is the program that replaces the previous (2001-2007) NSA warrantless surveillance program.
So the US government has been watching everyone, no shit (Nineteen Eighty-Four?).
PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN. It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA).
The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013. A document included in the leak indicated that the PRISM SIGAD was “the number one source of raw intelligence used for NSA analytic reports.”The President’s Daily Brief, an all-source intelligence product, cited PRISM data as a source in 1,477 items in 2012. The leaked information came to light one day after the revelation that the United States Foreign Intelligence Surveillance Court had been requiring the telecommunications company Verizon to turn over to the NSA logs tracking all of its customers’ telephone calls on an ongoing daily basis.
It’s a revelation for a lot of people however, who are unaware of how easy it is to capture data online (that isn’t encrypted) – like e-mail for example. I’ve always told people don’t write anything in an e-mail that you wouldn’t write on a post-card – because reading them both is at about the same difficulty level.
Most people think because they are logged onto Gmail/Hotmail etc using https, that their transmissions are secure. But unfortunately the majority of the e-mail infrastructure is using zero encryption – so all your messages are floating around in plain text, unless of course you are using PGP/GPG – they you are pretty safe. But how many people do that, and it requires both sender and receiver to using the same system.
It’s a big kick in the face for the US Government though with their hyperbole about freedom, now it turns out they are invading the whole World’s privacy and ignoring human rights.
There have been statements from Microsoft, Yahoo!, Google, Facebook, Apple & Dropbox stating they do not take part in PRISM and that they do not give any direct server access to any agencies.
The guy that kicked this whole thing off was Edward Snowden, who intentionally revealed his identity and is ready to deal with the consequences. More here – Edward Snowden: the whistleblower behind the NSA surveillance revelations.
He was basically a sys admin for a government contractor called Booz Allen Hamilton, parked under the NSA in Hawaii. As we all known, sys admins typically have full access to EVERYTHING, ever server, every system – as they need it to do their job.
Very few companies implement silos, or transparent encyrption to protect themselves from sys admins. More on that discussion here – Prism doesn’t have CIOs in a panic — yet .
Either way, it’s a pretty interesting story and it’s getting spectacular global press coverage – there’s plenty more to read if you’re interested.
Recent in Legal Issues:
- Stuxnet 2 Under Development By Spy Agencies?
- Anonymous Targets Singapore For Proposed Internet Licensing Rules
- PRISM, Edward Snowden, Big Brother & More Stuff We Already Knew
- (in)Secure 1.10 Magazine – Infosec E-zine Released
- Server Migration – Moved To Linode! And Changed To Nginx/PHP-FPM/APC/W3TC
- UK to Become Even More Draconian with Privacy Laws
Most Read in Legal Issues:
- Class President Hacks School Grades - 80,478 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,393 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,444 views