Why Does The NSA Focus So Much On 'TERROR!' When PRISM's Success Story Is About Cybersecurity?

from the odd dept

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've mocked the NSA for the way it always reverts to FUD about "terrorists" to show how "successful" programs like PRISM have been, but then also reverts to talking about cybersecurity as a focus to make the surveillance seem more like it's about protecting people, rather than spying on them. However, as some of the latest revealed documents show, perhaps the NSA has its talking points all mixed up. There's plenty to discuss concerning the revelations about the NSA spying on French phone calls , but some people have noticed that, while some of the presentation documents revealed with that story were revealed before, there are a few new ones as well , including this one:The key thing here is the report that the NSA was able to use its FAA authority (apparently via both PRISM and "upstream collection" -- which is tapping directly into the backbone via telcos) to figure out that someone, perhaps the Chinese, had gotten access to a defense contractor's network and was either preparing to, or at least had the ability to get 150 gigs of important data out. The NSA alerted the FBI which alerted the contractor and they plugged the hole the same day. While that certainly seems like a good thing, it's not entirely clear stopping such hacking is really worth giving up a ton of privacy, though it does show, again, why Keith Alexander keeps demanding access to pretty much everything. Of course, you'd think that the NSA would be a bit more forward in promotingsuccess story, rather than its bogus claims about stopping terrorist attacks, which have fallen apart under scrutiny.The other interesting slide is this one:It shows some of the differences between PRISM and the upstream collections, both of which the NSA believes are authorized under Section 702 of the FISA Amendments Act. PRISM involves being able to collect specific data from the 9 specific companies which have been named (Google, Facebook, Microsoft, Yahoo, Apple, Skype, AOL, Paltalk, YouTube), while "upstream" is what the NSA gets from tapping the backbone via telcos. "DNR Selectors" are the phone call metadata collected under a different program (Section 215 of the Patriot Act) which they apparently can filter the upstream data collection against. "DNI" is internet data (email addresses and such). Once again, it looks like tapping the backbone provides a hell of a lot more data, but it lacks the ability to "access stored communications," which they get via PRISM.The other interesting tidbit to me, is the "direct relationship" claim. Note that with PRISM, it says "only through FBI," which suggests a reason why the PRISM companies have insisted that they've never been involved in any NSA program. It looks like they may have only had to deal with FBI requests (and associated FISA court orders). It's just that the data the FBI gets is then shared with the NSA.

Filed Under: cybersecurity, nsa, nsa surveillance, prism, terror, upstream collection