If I were a Chinese official reading this, my #1 priority would be to try to get access to PRISM.<p>No matter what checks and balances the US may employ to make sure legitimate access stays within bounds, any time you have an automated system, you're open to the possibility that someone can get access and automate it in ways you don't like.
They simply don't get it: I DO NOT BELIEVE THE US GOVERNMENT HAS ANY RIGHT TO VIEW MY DATA THAT I ENTRIST TO PRIVATE COMPANIES. In the event they somehow have stumbled upon the right, I should be notified that my data has been examined.
The best thing the government could do to legitimately appease citizens is pass a statute that nothing gathered through these means will be used to prosecute anything but terrorism or threats to national security. If that's the real purpose, then they should have no problem putting it in writing.
Two ways I could see this being set up:<p>1. NSA goes to Facebook and tells them to install a server/rack in their data center. The server needs to be on a port that can "see" all traffic unencrypted. The servers then transparently record data and analysts on the backend parse it into something useful.<p>2. NSA puts servers on premises but instead they are pushed formatted feeds of data. This would require them to work more closely with the company to make sure they provide a feed that is workable. They would store the data and as requests for data came in the server would feed it back.
Gotta love a headline that's worded in such a way that it looks like a fact. Thirty straight days of these on every major outlet and most people who were not already concerned won't be doing anything differently, if they ever did. As a bonus, no need to worry about breaking the story anymore.
Seems to indicate the NSA is performing some sort of MITM, or running intercepts from inside the datacenter after the traffic has been decrypted:<p>"PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises"<p>"From their workstations anywhere in the world, government employees cleared for PRISM access may “task” the system and receive results from an Internet company without further interaction with the company’s staff."
Two things about the submission title, which is currently: "WaPo: Execs From Internet Companies Acknowledge PRISM"<p>1. The original title for the article is "U.S., company officials: Internet surveillance does not indiscriminately mine data"<p>2. The excerpt that the submitted title refers to is this: "Executives at some of the participating companies, who spoke on the condition of anonymity, acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community."<p>Some, not <i>all</i> of the companies involved. So too soon to conclude that the public statements were lies...but Zuckerberg and Page, at the least, could be said to have lied if the companies referred to in the OP are them (both Page and Zuckerberg said that they (they as in "we") had no prior knowledge of PRISM at all)
One question: Where is Anonymous in all this? I was expecting all kinds of DDOSing going down in the last 48 hours, but they have been unusually quiet.
> “The server is controlled by the FBI,” an official with one of the companies said. “We do not offer a download feature from our server.”<p>Now we know why they phrased their statements so specifically.
Some guy on Tumblr picked apart Yahoo's carefully worded denial, actually [1] turns out it's totally bunk<p>[1] <a href="http://peterhassett.tumblr.com/post/52499296411/exclamation-setting-the-record-straight" rel="nofollow">http://peterhassett.tumblr.com/post/52499296411/exclamation-...</a>
Can anyone say exactly what this paragraph is supposed to mean (or really mean, if there's a difference):<p><i>Intelligence community sources said that this description</i>[direct access]<i>, although inaccurate from a technical perspective, matches the experience of analysts at the NSA. From their workstations anywhere in the world, government employees cleared for PRISM access may “task” the system and receive results from an Internet company without further interaction with the company’s staff.</i><p>So they get data from an ad-hoc query without interaction with the company's staff. And yet it is not direct access? I've read the other back-and-forths but I'm still not sure what this could even trying to imply.<p>Edit: and read - <i>According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.</i><p>But that the meaning is no more clear. Or the meaning is, we buy an "indirect access cable at Best Buy and so everything is OK", ie, the distinction is nothing but word games.