This is finally starting to make sense to the "media". A large part of the story was the unfiltered taps, PRISM seems effective at pinpointing the important bits in what used to be an overwhelming stream.
e.g. Get FISA request on someone, gather the data, tap into the big pipes to see what else they are doing.
Does anyone remember this from 2005 ? They retrofitted a submarine (USS Jimmy Carter) to the tune of 1 billion to cable tap under the ocean, http://www.nytimes.com/2005/02/20/politics/20submarine.html . If they are trying to do that thousands of feet under water ( 7 years ago) imagine what they have on land now.
That 100' extra space has most probably been used to house cable laying equipment, where they can take a cable to the taps and have that real time feed. If they spent $3.2B on that sub, there is no way I'd doubt their willingness to spend tons on using it to lay NSA dedicated optics.
Are you sure the NSA indeed had unfiltered access to data? Several tech companies very specifically and loudly refuted that claim and the Washington Post backed away from some of the initial claims about the level of access and complicity the NSA had.
This is the best article I've read yet on the subject of what's actually going on. The NSA slide deck was always inconsistent with most of the public statements of industry execs, and this article reconciles them nicely.
The more I read on PRISM, it seems that PRISM itself is a minor revelation (that being, PRISM just automates what used to be done manually).
Most of the outrage just flows naturally from the Protect America Act, which was never a secret. The public is just now hearing about how the act is used in practice.
What I'm really waiting for is that other countries start realizing what this means to them. From what I've seen, most of European media has failed to point out how big of a deal this is to everyone, not just Americans. Not just the fact that a lot of European traffic comes and goes through the US, but in smaller countries this kind of all observing surveillance might be easier to set up (depending on geographical and some other factors of course).
It also appears the slide deck was part of a marketing/promotional presentation for the project. It would hardly be the first instance in history of a bit of exaggeration taking place in that sort of scenario.
> Like a triangular piece of glass, Prism takes large beams of data and helps the government find discrete, manageable strands of information.
I don't think that's the basis of the name at all.
Much more likely, the rainbow part represents all the sources they pull data from, each so different from the next, and the white part represents the single unified feed it provides the NSA agent using it.
Without thinking a whole lot about it I had assumed prisms were used in the optical splitters/couplers central to the program. That doesn't seem to be the case.
If you believe SSL is cryptographically secure against the party trying to access your data. It also only encrypts the payload. If I'm tapping your connection at a minimum I still see who you exchange data with, at what time, and how much. Metadata is very powerful.
Not just the NSA, many companies can buy CA privledges from a CA. For instance trustwave used to sell this as a service so companies could watch their employees.
It bears repeating because this argument comes up in every PRISM thread...
The basics:
HTTPS is TLS/SSL transport level encryption of HTTP traffic (including HTTP headers).
The way it works is that client and server go through a handshake process where the server (and optionally client) present a public key and proof of ownership of a private key. The server public key is also normally signed by a certificate authority (e.g. Verisign), this is what is normally meant by a certificate.
Threat Models:
There are a number of different threat models that crop up when talking about TLS. I'll talk briefly about each below.
1. Compromised Certificate Authority (CA)
If the CA is compromised then the rogue CA can be used to create new certificates that claim to be for the intended target server (e.g. Google or Facebook)[1]. The fake certificate can then be used to launch a Man-in-the-Middle (MITM) attack where the attacker convinces a victim to connect to them, and creates two separate TLS connections VICTIM<-TLS1->MITM<-TLS2->SERVER. The MITM can see the unencrypted messages since the victim is encrypting to the key in the fake certificate.
Chrome's certificate pinning can be used to prevent this type of attack since the browser will check to see if the server has presented the _correct_ certificate for the intended server (by comparing public key fingerprints AFAIK). This attack can also be prevented if the connection is mutually authenticated by either a client certificate or an ephemeral ChannelID as discusses here[2].
2. Attacker has _correct_ private key for server
This threat model assumes the attacker has obtained the server's private key either via coercion / collusion. Certificate pinning doesn't prevent this type of attack.
2a. If the attacker is a passive attacker, meaning that they can only observe and record encrypted messages, then they can decrypt any messages that are sent over a cipher spec that doesn't have perfect forward secrecy (PFS). If the connection is setup using the Ephemeral Diffie-Hellman key exchange then the communication channel should be safe from a passive attacker. If the connection is mutually authenticated and the client certificate has not been compromised by the attacker, then the connection should also be safe from this attacker.
2b. If the attacker acts as a MITM then even PFS cipher specs can be compromised.
3. Attacker can break TLS encrypted channels and extract data without needing the keys
All bets are off if this can be done in a general way. There have been several attacks (BEAST, CRIME, Lucky13) that can extract small repeated bits of data (user authentication cookies), but no known attacks that can get at all of the data sent over a TLS encrypted channel.
IIRC, they can store it ssl-ed and wait for the encryption to be broken. If Google can store everything in their servers, NSA, CIA et al with virtually unlimited budgets and some of the best mathematicians in the world surely can do the same.
This is likely. They store everything then decrypt as necessary in a continuous batch mode as targets are identified.
It looks like they have some sort of alerting system for real-time "incident surfacing" for things they feel they need to react to quickly, but I imagine most of their work is over the longer-term as far as building profiles of their targets.
How about this: all web browsing history for everyone (that is not a paranoid computer geek) all over the world - gathered through 'safe browsing' from chrome, ie and also firefox (possible to disable in firefox: https://support.mozilla.org/pl/questions/922449). All 'just metadata'.
Safe browsing works by download a bloom filter into your browser, checking sites you visit against the bloom filter, and on a positive hit, making a call to Google to get the full (not bloom) list of matching URLs.
Safe browsing does not transmit your browser history to anyone.
e.g. Get FISA request on someone, gather the data, tap into the big pipes to see what else they are doing.
Does anyone remember this from 2005 ? They retrofitted a submarine (USS Jimmy Carter) to the tune of 1 billion to cable tap under the ocean, http://www.nytimes.com/2005/02/20/politics/20submarine.html . If they are trying to do that thousands of feet under water ( 7 years ago) imagine what they have on land now.