Tuesday, May 26, 2015

Reports: NSA data mining extends to Internet communication

Unlike the order requiring Verizon to provide phone-call records, or "metadata," to the NSA, newly disclosed documents appear to describe the potential mining of content.

Reports: NSA data mining extends to Internet communication

If the disclosure of a top-secret court order requiring Verizon to turn over call records to the National Security Agency stirred renewed anger at the "surveillance state" that's arisen since 9/11 and passage of the Patriot Act, the latest allegations could prompt a real furor - not to mention lots of gallows humor about who's peeking at your emails and chats.

Britain's Guardian newspaper and the Washington Post both reported Thursday night that under a 2007 program called PRISM, the NSA and FBI have been able to tap into Internet content controlled by Microsoft, Google, Facebook and other leading companies to mine communications involving at least one person believed to be overseas - and that more than so-called "metadata," or records about the communications, is involved.

The Post says that with PRISM, the NSA and FBI are "tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post."

U.S. intelligence officials quickly criticized the reports and said they were inaccurate. The Post reported:

In a statement issue late Thursday, Director of National Intelligence James R. Clapper said “information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”

Clapper added that there were numerous inaccuracies in reports about PRISM by The Post and the Guardian newspaper, but he did not specify any.

The Guardian report, co-authored by Glenn Greenwald, author of Wednesday's report on the Verizon call records, said that unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata."

The Post, which posted a top-secret PowerPoint presentation describing the program and leaked to both papers, said:

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.

The Post and Guardian reported that none of the companies named has publicly acknowledged involvement with such a program, and some have denied knowledge it exists. You can find the Guardian's story here and the Post's story here.

One unidentified official told the New York Times Thursday night that the Internet data mining was carefully limited to comply with the law. "'The law does not allow the targeting of any U.S. citizen or of any person located within the United States,' said the official, who insisted on anonymity to discuss the classified program. 'Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.'"

The Post's report said establishing the "foreignness" of a target has proven to be a tough challenge:

Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from any other person.

The Times suggested that the timing of the leaks to the Guardian, in rapid succession, may be linked to the current blowback over U.S. investigations of previous security leaks. But as the Times points out, the disclosures of highly classified documents comes as President Obama prepares to meet with Chinese President Xi Jinping in part to address complaints about Chinese cyberattacks and espionage - a conversation that will now "take place amid discussion of America’s own vast surveillance operations on its own citizens."

(The Electronic Frontier Foundation has constructed a timeline of post-9/11 surveillance programs, which you can find here.)

Inquirer Business Columnist
About this blog

Jeff Gelles, who writes the Inquirer's weekly Consumer 14.0 and Tech Life columns, takes a broad look at the marketplace of goods, services, and ideas.

Reach Jeff at jgelles@phillynews.com.

Jeff Gelles Inquirer Business Columnist