, , , , , , , , , ,

The revelations themselves aren’t coming as a surprise, since many of us had long suspected this kind of thing was routine, but the reports on the Verizon Foreign Intelligence Surveillance Court’s order and PRISM have left me with a few questions.

A few days ago (probably around Thursday afternoon), The Guardian came into the possession of a court order marked ‘Top Secret’ that demanded Verizon turn over all its call records its customers to the US government. Considering Verizon has around 121 million customers on paper, the scale of this would seem unprecedented.
However, the press is focusing most its attention on the second leaked document, which relates to something called PRISM, which allegedly allows the NSA unlimited and unrestricted access to all user data stored by Apple, Google, Microsoft, FaceBook, Yahoo, and several other major Internet firms.

This is already being reported widely enough, so why am I also posting about it? Well, what’s interesting is both documents were marked ‘Top Secret’, both were dated April 2013, and both were related to blanket surveillance by the NSA. It follows that both documents were leaked by the same person(s). The question we should be asking is why?

Is the PRISM Document a Hoax, or Something More?
The Powers That Be have themselves claimed/admitted the documents were genuine, although Google, Apple and FaceBook have unambiguously denied being complicit in any programme that allows the NSA unrestricted/unlimited access to its users’ data, and it’s unlikely they’re playing semantics here.

But this is unusual in two other respects. Only 4-5 pages of a 41 page document have been shown to exist, so for whatever reason the Washington Post and The Guardian have only revealed a small fraction of it, without any indication of who the source was, how the authenticity of the document was verified or what the rest of it contains. Around 24 hours after the major firms denied the NSA had direct access to their servers, another page of the document was made public explicitly contradicting them.
Someone had also decided to leak the Verizon court order to a British journalist and implicate GCHQ in the PRISM scandal on the same day. Obviously a political game is being played here, and it’s still unfolding as I post this.

The PRISM document itself might well be a hoax or a distraction from the Verizon thing – that only four pages were released is a strong indication of this. I personally suspect they’re part of the same programme, with data being pulled from social network users via something installed on Verizon’s network and fed into some ‘predictive analytics’ system. This is just speculation at the moment.

Virtually everyone uses Web 2.0, but most are unaware it’s just the ‘application layer’ of the Internet, the tip of a huge metaphorical iceberg. There’s all the infrastructure behind it, like the telephone lines, routers, servers, switches, databases, operating systems, etc. This is where the order presented to Verizon would be useful.

Superficially the FISC order is like the Snoopers’ Charter, although done in secret without the knowledge or consent of the American citizens. And it would indirectly affect almost every American citizen, not just the 121 million customers, as Verizon provides much of the Internet’s backbone. Rather like an order against BT would affect all the other service providers that use BT as a carrier.

It’s also been known for several years that Verizon already has the infrastructure and a team in place for supplying the information, also retained for 1 year, on demand to the government. Think of secret little rooms at several exchanges, full of routing equipment that pipes all the traffic to some NSA facility, and a liaison team for servicing whatever requests. Assuming there’s any truth to PRISM (a big if), the only secret now is whether the SSL certificates for FaceBook, Google, Apple, etc. etc. were compromised (technically tricky but possible), or whether the NSA uses old-fashioned codebreaking for the connections it’s interested in.

Something feels different about this leak. Whatever truth emerges from this, I have a feeling that someone will be held accountable this time, that the United States government will lose the credibilty to discuss foreign ‘cyber threats’, and this affair will have tangible effects for Google, FaceBook, Microsoft, Apple and others named.

The aim of terrorism is to effect political change, to weaken democracy through violence or terror. What sometimes pisses me off is a handful of terrorists succeeded in doing precisely that over a decade ago, and it’s led to this. The idea of Chinese people hacking corporations pales in comparison.