PRISM: NSA/FBI Internet data mining project

Mark Seiden mis at seiden.com
Fri Jun 7 19:05:43 UTC 2013


i have talked with a dozen people about this who ought to know if there were something
more creepy than usual going on.

and nobody in engineering knows of anything.  but hm, people in compliance said "no comment".

that, and the $20M  annual number, suggests that what they actually did was set up a portal 
for intel agency people to use to request "business records" of the members (service providers).
(maybe PRISM stands for something like Portal to Request Intelligence Service Materials,
or somesuch.)

of course, under patriot, the legal concept of "business records" was greatly expanded,
and the kinds of approvals needed to get them reduced.  i really wonder if the FISC has
a pki.  i.e. as a technical matter can a FISC judge electronically approve a NSL or FISA 
warrant?

if i'm right, now they're following the letter of the new law electronically, rather than using paper and
fax.  which would increase timeliness, accuracy and efficiency for all parties concerned.

this would only affect compliance activities at the providers, who would continue receiving
and handling individual requests just as previously and supplying the same data as before.
(and i suppose now the providers could actually supply the returned records electronically also…)

(i am actually in favor of this kind of thing for both law enforcement requests and for intel agency
requests.  the amount of time and money wasted and delays in handling perfectly legal and necessary
investigative requests was kind of shocking to me.  i repeatedly heard complaints about cases where 
compliance would not respond to LE in long enough that the data provided was stale for judicial 
purposes, and the same search warrant would have to be reissued.  (or where they would take a 
very long time to reject a request for a technical or legal reason.)

(there's an interesting gray area in this request handling:  there were several times as an internal
investigator at a provider when i wanted to be able to convey to LE that they *should go through 
the trouble* of doing all the paperwork of going to a judge, or even worse, through the MLAT
which means a foot of paper and a man-month of work.  there were even more times when
i wanted to say "don't bother to even ask, you'd just be wasting your time").  but my lawyers
would not allow that sort of communication.


On Jun 7, 2013, at 11:05 AM, Valdis.Kletnieks at vt.edu wrote:

> On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said:
>> and also, only $20m/year?  in my experience, the govt cannot do anything like this
>> addressing even a single provider for that little money.
> 
> Convince me the *real* number doesn't have another zero.
> 
> Remember - the $20M number came from a source that has *very* good reason
> to lie as much as it can right now about the true extent of this.
> 
> 





More information about the NANOG mailing list