PRISM: NSA/FBI Internet data mining project

Warren Bailey wbailey at satelliteintelligencegroup.com
Fri Jun 7 20:14:49 UTC 2013


I'm cool with technology to catch bad guys, I just don't know that catching everything for some kind of dragnet is the right approach. There will be a time where Americans realize they are actually not in control of their governence, perhaps that time is now? On the upside, Holder now has another leak (reason) to subpoena a journalist.. ;)

As a side note.. I don't know how many of you have been on major government projects, but 20MM was spent in the first 20 minutes.. Much of the gear can be developed by another organization on another (massive) budget. Look at Groom Lake*.. What's their budget?Government contracting is murky territory, especially when things are critically needed and a General says "go".

*Groom Lake (area 51) was confirmed to be the facility that developed the stealth helicopter used in the Bin Laden raids.

Sent from my Mobile Device.


-------- Original message --------
From: Mark Seiden <mis at seiden.com>
Date: 06/07/2013 12:11 PM (GMT-08:00)
To: Valdis.Kletnieks at vt.edu
Cc: goemon at anime.net,NANOG <nanog at nanog.org>
Subject: Re: PRISM: NSA/FBI Internet data mining project


i have talked with a dozen people about this who ought to know if there were something
more creepy than usual going on.

and nobody in engineering knows of anything.  but hm, people in compliance said "no comment".

that, and the $20M  annual number, suggests that what they actually did was set up a portal
for intel agency people to use to request "business records" of the members (service providers).
(maybe PRISM stands for something like Portal to Request Intelligence Service Materials,
or somesuch.)

of course, under patriot, the legal concept of "business records" was greatly expanded,
and the kinds of approvals needed to get them reduced.  i really wonder if the FISC has
a pki.  i.e. as a technical matter can a FISC judge electronically approve a NSL or FISA
warrant?

if i'm right, now they're following the letter of the new law electronically, rather than using paper and
fax.  which would increase timeliness, accuracy and efficiency for all parties concerned.

this would only affect compliance activities at the providers, who would continue receiving
and handling individual requests just as previously and supplying the same data as before.
(and i suppose now the providers could actually supply the returned records electronically also…)

(i am actually in favor of this kind of thing for both law enforcement requests and for intel agency
requests.  the amount of time and money wasted and delays in handling perfectly legal and necessary
investigative requests was kind of shocking to me.  i repeatedly heard complaints about cases where
compliance would not respond to LE in long enough that the data provided was stale for judicial
purposes, and the same search warrant would have to be reissued.  (or where they would take a
very long time to reject a request for a technical or legal reason.)

(there's an interesting gray area in this request handling:  there were several times as an internal
investigator at a provider when i wanted to be able to convey to LE that they *should go through
the trouble* of doing all the paperwork of going to a judge, or even worse, through the MLAT
which means a foot of paper and a man-month of work.  there were even more times when
i wanted to say "don't bother to even ask, you'd just be wasting your time").  but my lawyers
would not allow that sort of communication.


On Jun 7, 2013, at 11:05 AM, Valdis.Kletnieks at vt.edu wrote:

> On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said:
>> and also, only $20m/year?  in my experience, the govt cannot do anything like this
>> addressing even a single provider for that little money.
>
> Convince me the *real* number doesn't have another zero.
>
> Remember - the $20M number came from a source that has *very* good reason
> to lie as much as it can right now about the true extent of this.
>
>





More information about the NANOG mailing list