I wanted to write this post because it seems that the media is doing a great job at confusing people on what PRISM really is. I will be using some of the information from the Mark Klein testimony to Congress, who was a former Master Technician for ATT.
Let me start by saying that PRISM, while it may be the name of the program the NSA decided on, actually stems from a very important technical accomplishment in using a prism to split a light source into multiple components. This is very important, because it is the foundation behind the technology that enables the NSA and others to do what they do. The science behind beam splitting is not new, but the incorporation into telecommunications is fairly recent and is the backbone of the entire Internet as it exists today, providing the fast access we all typically enjoy.
Here is a simple diagram of how a beam splitter works, with a single input and multiple out:
What we keep hearing about on the news with regard to the PRISM program is that it relates to the “big” Internet companies. This is only partially true.Those companies have very specific writing in their contracts and terms that states that their property is private and unauthorized access will prosecuted. This includes Federal agencies. This is why they MUST get a warrant before they are allowed to ACCESS the data that physically belongs to these companies and is stored on their servers. But the reason these big companies deny that the NSA has direct access to their servers is because it is TRUE, they (the NSA or Feds) do NOT have access directly to their servers. And they don’t need it, here is why:
One 60-page document, identified as coming from “AT&T Labs Connectivity & Net Services” and authored by the labs’ consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. (See sample PDF 1-4.) This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not “leak” their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.
This problem is solved with “splitters” which literally split off a percentage of the light signal so it can be examined. This is the purpose of the special cabinet referred to above: Circuits are connected into it, the light signal is split into two signals, one of which is diverted to the “secret room.” The cabinet is totally unnecessary for the circuit to perform — in fact it introduces problems since the signal level is reduced by the splitter — its only purpose is to enable a third party to examine the data flowing between sender and recipient on the internet.
All of that data has to flow through what is called a data exchange point, which usually belongs to the massive telecommunications companies like ATT, MCI, etc. It is in these locations that the NSA has strategically placed equipment, with huge racks of optical splitters to copy all internet traffic that passes through them. This is an unfathomable amount of data, and there is no way that they can sift through it all easily, not even with supercomputers, so they look for very specific things to focus on. This is the other half of the PRISM name, which focuses in on only those “interesting” bits of information that match certain patterns, similar to how a prism focuses light.
And to illustrate:
In reality, there is no real “agreement” with the big internet companies like Google or Facebook. Basically, if the NSA or the Feds approach them with a warrant, they turn over whatever they are being asked for. It would take too long for the NSA to sift through all of the data that they have collected because there is just too much “noise” mixed in with the other traffic, and more importantly, because most web mail and other types of transmissions are SSL encrypted, which makes it many times harder to identify. Instead, they try to look for the key identifiers in the traffic, narrow it down to a specific place, such as an email that was sent through Google, and then get a warrant with “probable cause” to request that Google provide them with every piece of data that they want on that individual since Google owns the private encryption key used, which is what they actually need the warrant for. Only Google can decrypt their secure traffic.
According to a year 2007 company press release, the latest version of NarusInsight Intercept Suite (NIS) is “the industry’s only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic… including Google Gmail, MSN Hotmail and Yahoo! Mail”. However, currently most webmail traffic can be HTTPS encrypted, so the content of messages can only be monitored with the consent of service providers.
Take your typical net connection, which is usually 1.5-10 Megabits per/sec. The exchange points are handling on average 500 Gigabits per/sec to 1.5 Terabits per/sec, and this just one exchange point. There are dozens in the US, hundreds around the world. We are not the only ones with Government tapping the data exchange points, other countries do the same. There is also no way the NSA (or anyone else) can keep up with all of that traffic, so they have to depend on things that get “flagged” for a person, usually an NSA analyst, to look at. If they determine that there is something contextually significant, they will escalate it and that’s where the warrant process comes in. At that point, the warrant is procedural, because they already have captured all of your data and can examine however much of it they have the time and computer processing power to do, which is a lot. It still takes a significant amount of time, and this is usually why they will go directly to the company that has all of the data.
So how exactly do they identify the “flagged” data? Using a product from a company called Narus that does deep packet inspection. (DPI) This is a well-known technique in computer forensics and fraud detection / analysis:
“The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message…. These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device”(Telecommunications magazine, April 2000). A Narus press release (1 Dec., 1999) also boasts that its Semantic Traffic Analysis (STA) technology “captures comprehensive customer usage data … and transforms it into actionable information…. (It) is the only technology that provides complete visibility for all internet applications.”
daily alternative | alternative news – PRISM – Is Not What You Think