PRISM – More tales from the Dark Side….

Last week saw more ‘facts’ emerge about PRISM, only this time it was from a hearing of “Privacy and Civil Liberties Oversight Board” (PCLOB) – whose tagline is “Committed to the protection of civil liberties and privacy in the nation’s efforts against terrorism“.

They have release the transcript from the PCLOB Public Hearing of March 19th 2014, The purpose of the hearing was “the government’s collection of foreign intelligence information from electronic communication service providers under court supervision pursuant to Section 702 of the Foreign Intelligence Surveillance Act.

From the released transcript, several ‘interesting’ things are cropping up.

According to Robert Litt (General Counsel, Office of the Director of National IntelligencePresident Obama is directly responsible for international spying…  To quote from the hearing “ targeting foreigners outside of the United States has historically been viewed as part of the President’s inherent constitutional authority“.  So when Chancellor Angela Merkel had her cellphone under surveillance by the National Security Agency along with all the other foreign leaders, it was Obama himself who was responsible, and not some low-level analyst who got a bit over zealous on who to listen to.  In fact he clarified this point that foreign leaders were directly targeted by stating “First, there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of  bulk collection. It is not bulk collection. It is targeted collection”.

Now, this sort of contradicts the whole previously stated position of collecting all the information in case it is required later.  Remember previously the stated objective whereby  information was collected en mass so that when a ‘person of interest’ is found they can back check all previous contacts – it’s already been stated that the default for PRISM collection, is a five-year retention period for data.

Now there lays another thing…..  To quote Rajesh De, (General Counsel, National Security Agency) – ”what’s now been come to be known as PRISM collection“.  Now, given the legal stance of some of these issues saying something is now known as… but formally known as ….. it does leave a lot of wriggle room for things.  For example, if the paperwork for access to Facebook was presented and the system used and stated on the paperwork had a different name at the time, then that leaves Facebook plenty or legal room to deny they had any knowledge of the programme.

Thus, Mr De stating “collection under this program is done pursuant to compulsory legal process that any recipient company would have received.” and the likes of Apple, AOL, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo, and YouTube saying they hadn’t any knowledge of PRISM where in fact not mutually exclusive.

When asked the question “So they know that their data is being obtained”, it’s the lawyer in him shining through when Mr De replied “They would have received legal process in order to assist the government, yes.” – so, sure they knew just they may not have been told the name of destination of that data.  Legally correct but definitely some smoke a mirrors here, and not the sort of response that users of these systems should be happy with.