Prism D Notice

Tuesday 18 June 2013

Following disclosures by the Guardian earlier this month about a US National Security Agency internet surveillance program called Prism, it has emerged that UK government officials issued a so-called "D notice" in a bid to censor coverage of spy tactics.

The D notice following the NSA leaks was reportedly issued to news organisations including the BBC on 7 June, the day after the Prism story broke. Prism is a system used by the NSA to monitor emails, file transfers, photos, videos, chats, and other data. Intelligence gleaned from the system has been passed to GCHQ, the UK's version of the NSA.

The notice to the media organisations was marked "Private and Confidential: Not for publication, broadcast or use on social media," according to Jeff Stein at And Magazine. It added:

There have been a number of articles recently in connection with some of the ways in which the UK Intelligence Services obtain information from foreign sources.

Although none of these recent articles has contravened any of the guidelines contained within the Defence Advisory Notice System, the intelligence services are concerned that further developments of this same theme may begin to jeopardize both national security and possibly UK personnel.

It particularly warned against reporting on:

specific covert operations, sources and methods of the security services, SIS and GCHQ, Defence Intelligence Units, Special Forces and those involved with them, the application of those methods, including the interception of communications and their targets; the same applies to those engaged on counter-terrorist operations.

The D-notice system was first set up in 1912 and operates in accordance with a voluntary code — providing "advice and guidance to the media about defence and counter-terrorist information the publication of which would be damaging to national security." In 2010, for instance, a D notice was reportedly issued prior to WikiLeaks' release of thousands of US government diplomatic cables. A D notice has no formal legal authority, but defying it can make journalists vulnerable to prosecution under the UK's Official Secrets Act.

Snowden's Fate

Monday 17 June 2013

On Democracy Now today there was an insightful interview with Hong Kong legislator Charles Mok on the potential next steps for US National Security Agency whistleblower Edward Snowden.

Snowden is currently believed to be in Hong Kong after passing a batch of NSA documents revealing top-secret surveillance programs to the Guardian, the Washington Post, and the South China Morning Post. US authorities have initiated a criminal investigation over the leaks and will probably pursue Snowden's extradition in the weeks and months ahead.

Mok talks about what that process could entail, and says that though Hong Kong enjoys independence from mainland China on many issues, the international magnitude of the Snowden case means the final decision that will determine his fate is ultimately likely to be made by central government in Beijing:

Please understand that at least we have a one-country, two-system system in Hong Kong and between Hong Kong and the mainland. So our laws are different from the laws in China. And we do have a border and so on. We do have different governments, even though as a regional government, we do report to the central government.

So I think what we want locally is to make sure that we can protect [Snowden] and make sure that we can live up to our core values and make sure that we treat this person according to all the rights that he should be getting under Hong Kong law. And... exactly what I don’t want to see, is that this sort of political influence to be interfering into the justice process, the judicial process that Mr. Snowden may end up having to get in Hong Kong. If, for example, the US starts by contacting the Hong Kong government to try to initiate an extradition, and if Mr. Snowden decides to try to get asylum or apply for refugee status here in Hong Kong, he — if he chose to do that, if the process comes to that point, he should be getting all the rights. [...]

If the US started to initiate a process [to] say that we want to arrest this person and start an extradition process, then Mr. Snowden could apply in Hong Kong for refugee status. And then there would be at least two tests: first by the United Nations High Commission on Refugees to determine whether or not, for example, that he will face torture at home and whether or not this is political persecution and so on, and second, also by the Hong Kong court. [...]

He will be accorded rights to appeal all the way up to our highest court in Hong Kong. So, assuming that money and financial issues — because you do need to get lawyers and so on — assuming those are not an issue, these processes in the past could have taken quite a bit of time. But... if [Snowden] isn’t successful and there has to be a final decision to be made about the extradition, our chief executive in Hong Kong, which is pretty much [like] our president... he will have to make the final decision. But because this case very likely will involve foreign relations, then he has to consult the central government. So, in the end, it means that the process can be a pretty prolonged process, and, second, Beijing will probably come into the equation to make a final decision in the end.

You can watch the full interview here.

NSA Chief Quizzed Over Legality of Phone Records Grab: Transcript

Thursday 13 June 2013

General Keith Alexander, the chief of the US National Security Agency, today appeared before a Senate committee and was quizzed publicly for the first time on issues related to the agency's recently revealed surveillance programs.

Most of the questions Alexander faced concerned the secret mass retention of Americans' phone records, exposed by the Guardian last week, which the spy chief said is necessary to conduct retrospective surveillance of patterns of communication during counter-terrorism investigations — enabling the agency to go "back and time" to monitor who has called whom, when, and for how long.

Perhaps the most notable point in Alexander's appearance came during an exchange with Oregon Senator Jeff Merkley (Democrat), who asked a few specific, probing questions about the section of the Patriot Act (215) being used to justify storing the records. Merkley seemed to believe the NSA had exceeded its authority in mass retaining the records, and I think his comments pinpoint a crucial part of the legal debate about the scope of the surveillance that we will see more of in the weeks ahead. Merkley also pressed for secret interpretations of the law being used by the government to justify the surveillance to be declassified and published, a point that Alexander seemed to agree was necessary though said he couldn't guarantee it because he was "not the only decision maker in the administration."

See the relevant part of the exchange below:

Sen. Merkley: You referred to section 215 [of the Patriot Act] and 215 requires for an application for production of any tangible thing. It says in it that this application must have a statement of facts showing reasonable grounds that the tangible things sought are relevant to an authorised investigation. So we have several standards of law embedded in this application: A statement of facts, reasonable grounds, and tangible things that are relevant to an authorised investigation.

Now as it's been described in this conversation and in the press, the standard for collecting phone records on Americans is now all phone records, all the time, all across America. How do we get from the reasonable grounds, relevant authorised investigation, statement of facts, to all phone records, all the time, all locations? How do you make that transition and how has the standard of the law been met?

General Alexander: So this is what we have to deal with the court and I think that... we go through this court process... it's a very deliberate process where we meet all of those portions of the 215. We lay out for the court what we're going to do and to meet that portion we just said. The answer is we don't get to look at the data, we don't get to swim through the data....

Sen. Merkley: Let me stop you there, because these are requirements to acquire the data, not to analyze the data, to acquire the data ... this is the application to acquire the data. So here I have my Verizon phone, my cell phone, what authorized investigation gave you the grounds for acquiring my cellphone data?

General Alexander: On this part here, on the legal standards and stuff, on this part here I think we need to get Department of Justice and others because it is a complex area and you're asking a specific question. I don't want to shirk that but I want to make sure I get it exactly right. And so I do think part of what we should do is perhaps at the closed hearing tomorrow walk through that with the intent of taking what you've asked and seeing if we can get it declassified and out to the American people so they can see how exactly how we do it because I do think that should be answered.

Sen. Merkley: In between these two pieces, the FISA court gives an interpretation of the plain language of the law, their interpretation is what translates the standards of the law into what is governable in terms of what you can do. I had an amendment last December that said these findings of law that translate the requirements that are in the law into what is permissible needs to be declassified so we can have the debate. I believe that what you just said is that you want to have that information to be declassified that explains how you get from these standards of law to the conduct that has now been presented publicly. Did I catch that right and do you support the standards of law, the interpretations of the FISA court of the plain language to be set before the American people so we can have this debate?

General Alexander: I think that makes sense. I'm not the only decision maker in the administration on this process so there are two issues I'm not equivocating. I just want to make sure that I put this expectation exactly right and that is I don't want to jeopardize the security of Americans by making a mistake and saying yes we're going to do all that, but the intent is to get the transparency there.

So Senator I will work hard to do that, and if I can't do that I will come back to you and tell you why and we will have that discussion and run it out and I defer to the chair of the intelligence committee. But I think that's reasonable to get this out. Having said that I don't have the legal background that perhaps you have in this area.

I want this debate out there for a couple of reasons. I think that what we're doing to protect American citizens here is the right thing. Our agency takes great pride in protecting this nation and our civil liberties and privacy and doing it in partnership with this committee, with congress and the courts. We aren't trying to hide it we are trying to protect America so we need your help in doing that. [...]

Sen. Merkley: General I thank you for your statement of support. I also want to thank chair Feinstein who helped develop and send a letter expressing this concern about the secrecy of the interpretations of the FISA court ... I think it's time that [the FISA interpretations] become understandable and public because otherwise how in a democracy do you have a debate if you don't know what the plain language [of the law] means. I do have concerns about that translation and I will continue this conversation.

The NSA's Prism & its Capabilities

Saturday 8 June 2013

It has been two days now since the Guardian and the Washington Post reported that the US National Security Agency has "obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document." As part of a surveillance program called Prism, the NSA and the FBI, the Post reported, are "extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets."

But since the initial reports, the Internet companies have all denied this "direct access" claim [1], which prompted the Guardian on Saturday to publish the secret source document showing the NSA's description of Prism as program enabling "collection directly from the servers of these service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple."

So what exactly is Prism and how does it work?

In my view, it is possible too much has been read into the NSA's description of Prism as enabling "collection directly from the servers." Taken in isolation, this statement does not necessarily mean that the NSA has direct and unrestricted access to these companies' central computers to sift through troves of private data whenever they feel like it, which is what the initial reporting seemed to imply. "Collection directly from the servers" could feasibly mean Prism is the codename the NSA uses for a "separate, secure portal" that is linked to or located within the servers of these companies. As the New York Times reported on Friday:

[I]nstead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said. [...] In at least two cases, at Google and Facebook, one of the plans discussed [with the government] was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

This could still be understood as "collection directly from the servers," but the distinction is that it is not "open-ended access." Under this system, the NSA — or the FBI on behalf of the NSA — would obtain a court order under the Foreign Intelligence Surveillance Act and use it to demand the respective company turn over various data into its "separate, secure portal." The scale of the data grab, though somewhat limited in scope by the court order, could still be huge. As was separately disclosed earlier this week, for instance, a single FISA order can be used to obtain millions of phone records.

The confusing thing about this picture of Prism, however, is that it still conflicts a little bit with how the system was portrayed by the newspapers that reported on the secret documents. The description of a "separate, secure portal" like an "online room" where companies "deposit" data for the government suggests that the transaction happens in static, incremental stages: data is requested by the government, data is passed over by the company, then the government sifts through it. But the Washington Post's reporting suggests the transaction does not occur in static stages because it can involve real-time monitoring:

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Additionally, the source who disclosed the document, described as a career intelligence officer, told the Post: “They quite literally can watch your ideas form as you type.”

So this means that if the companies are not providing "direct access" to their servers to mine data indiscriminately, then the "separate, secure portal" can also be used not just to "deposit" data, but also to obtain access to real-time communication flows, presumably authorized by a FISA order and implemented by the respective company that receives it (Google, Apple, Facebook, etc). Indeed, in a statement Sunday, the US director of national intelligence James Clapper said in a statement that Prism was authorized under Section 702 of FISA and he described the program as an "internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers."

The question, then, is how sweeping the FISA orders are. The Post reported that "from inside a company’s data stream the NSA is capable of pulling out anything it likes" and also said that the NSA's spies use Prism through a "Web portal" that entails entering “'selectors,' or search terms, that are designed to produce at least 51 percent confidence in a target’s 'foreignness'." This suggests to me that we are talking about dragnet FISA orders that oblige the companies to turn over huge amounts of data, some in real time, handled by the NSA on a system codenamed Prism, which may involve the NSA having its own "secure portal" within or at least linked to company servers.

The companies would not know that they were participating in anything named "Prism" — that is just the NSA's internal codename for the program. From the companies' perspective, all they are doing is responding to court-authorized FISA orders. What I would like to hear each of the companies publicly explain is whether they have any kind of interface for facilitating government FISA orders built within or linked to their server infrastructure. (See this update below.)

I should note that all of the above is my own speculation based on an analysis of the available facts. Other theories I have heard proposed include that the NSA has essentially secretly "hacked" the respective companies' servers by spoofing encryption certificates. But I think that is far-fetched and that what I have suggested here is likely more in line with what is happening, though, again, I am only speculating. Without access to the full leaked source documents, it is difficult to comprehensively analyse the details. Only a fraction of the secret documents has been published so far, presumably for legal and/or editorial reasons. There are reportedly 41 top-secret leaked PowerPoint slides in total related to Prism but only about four or five have been made available by the Guardian and the Post. It is my hope that they will all surface eventually so we can get a better and more accurate understanding of what this controversial surveillance program entails.


[1] Facebook said it does not "provide any government organization with direct access to Facebook servers." Apple said "we do not provide any government agency with direct access to our servers." Microsoft said "If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” Yahoo said "We do not provide the government with direct access to our servers, systems, or network.” Paltalk said it "does not provide any government agency with direct access to its servers.” AOL said that it does not "provide any government agency with access to our servers.” And Google, too, said that it had "not joined any program that would give the U.S. government — or any other government — direct access to our servers."


UPDATE, 9 June 2013: A new report from the Washington Post has some additional interesting details about Prism. The Post has spoken with anonymous executives at some of the companies linked to the program, who "acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community." The report adds:

According to slides describing the mechanics of the system, PRISM works as follows: NSA employees engage the system by typing queries from their desks. For queries involving stored communications, the queries pass first through the FBI’s electronic communications surveillance unit, which reviews the search terms to ensure there are no U.S. citizens named as targets.

That unit then sends the query to the FBI’s data intercept technology unit, which connects to equipment at the Internet company and passes the results to the NSA.

PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.

This seems in line with my theory above about the functionality of the system — that it is a "secure portal" within or at least linked to the companies' servers. What is particularly notable is the role of the FBI in reviewing the search terms, and the fact that the companies apparently do not see what the NSA is searching for. I think this hammers home the point regarding the sweeping scope of the FISA orders, which we need to know much more about. Even without any further information, however, it is clear to me that Prism has huge ramifications — in particular for all non-US citizens using services like Gmail, Skype, and Hotmail.

Google's Role in the Government Surveillance of Fox News Reporter James Rosen

Monday 3 June 2013

In recent weeks, there have been a series of controversies in the United States over the Justice Department snooping on journalists as part of aggressive investigations into leaks of classified information.

The most egregious case involves Fox News reporter James Rosen, whose private emails were secretly obtained, his phone records grabbed, and his movements to and from a government building electronically tracked. Rosen sparked a leak investigation after he authored a story in 2009, based on US intelligence passed to him by an anonymous source, concerning possible nuclear tests in North Korea in response to United Nations sanctions.

The case has attracted widespread coverage, and the extent of the monitoring of Rosen — and the FBI's accusation that he was "an aider, abettor and/or co-conspirator” who committed a crime for merely reporting news — has outraged media organisations. Some high-profile figures, including the lawyer James Goodale, have called for attorney general Eric Holder to resign for authorizing the surveillance.

But one element of the Rosen case has been largely overlooked: that is, the role of Google in handing over Rosen's emails. That is a point made by WikiLeaks founder Julian Assange in an opinion piece for the New York Times published Sunday. "There has been little analysis of Google’s role in complying with the Rosen subpoena," Assange noted.

I have been looking into this very issue in the past week, and so it seems like a good time to lay out what I've learned.

In 2010, it emerged last month, Google was ordered to hand over Rosen's emails and other data as part of a search warrant signed off by magistrate judge Alan Kay. Here is a list of what Google was told to give the FBI from Rosen's Gmail account, according to court documents:

  • An "exact duplicate" of all communications between Rosen's Gmail account and three named email accounts deemed of investigative interest, two of which were and one Specifically: all emails sent or received by Rosen to and from any of the three accounts, whether marked "cc," "bcc," "fwd," or "sent"; any deleted messages; messages maintained in the trash folder or other folders (i.e. drafts); and copies of attachments sent between Rosen and the three named accounts including videos, documents, and photographs.

  • ALL communications sent to and from Rosen's Gmail account on 10-11 June 2009, from or to ANY address (i.e. not just the three named accounts). Specifically, as above, the FBI sought: messages marked "cc," "bcc," "fwd," or "sent"; any deleted messages; messages maintained in the trash folder or other folders (i.e. drafts); and attachments including videos, documents, and photographs.

  • Screen names associated with Rosen's accounts, account numbers, status of accounts, dates of service, methods of any payment, telephone numbers, addresses, detailed billing records, histories and profiles.

  • Log files from Rosen's account showing dates, times, methods of connecting, ports, dial-ups, IP addresses, and/or location from which he connected.

Google was told that it must keep the warrant secret and should not "notify any other person... of the existence of the warrant." The question is: could Google have challenged the lawfulness of this contentious warrant and fought in the courts in an attempt to notify the journalist?

I asked Google, but the company said its policy was not to comment on specific cases. What I was able to establish, however, is that when Google receives an order to turn over user data as part of a search warrant, in most cases it does not see the full affidavit from the FBI investigator that details the specifics of the case — and the FBI has no legal obligation to inform Google of the specifics because a judge has already reviewed and signed off on it.

But crucially, what Google does sometimes see, a well-placed source told me on condition of anonymity, is an "attachment" that occasionally accompanies a warrant ordering it to disclose certain information. The attachment is an important document because it details the specific types of data investigators expect Google (or any other given company) to turn over. It also sometimes contains a note for the authorities detailing what they should look for in the data once it is disclosed.

In the Rosen case, there was a six-page attachment that detailed all of this. You can read it here. It breaks down the data Google was ordered to turn over, and it also has instructions for the investigators. If Google received this document before turning over Rosen's emails, in my view the company could fairly easily have established that this was a warrant to obtain private data on a journalist and his source.

How? The Rosen attachment, though it does not explicitly name Rosen or Fox News, outlines that the FBI is looking to find evidence concerning violations of the Espionage Act (18 USC § 793), a law that has been used at least seven times by the Obama administration to prosecute people for disclosing classified information. The attachment explains that the FBI is seeking to obtain communications between a man named Stephen Kim (the alleged source of the Fox News story) and the "author of [an] article that is the subject matter of the FBI investigation that is the basis for this warrant." The attachment also refers to "classified and/or intelligence information" and mentions that the FBI is seeking to find evidence in the emails that Stephen Kim and/or "the author" had knowledge of government rules or procedures regarding communicating with "members of the media." It adds that it is seeking to find evidence of the "author's communication with any other source or potential source of the information disclosed in the article," making it clear that it is a journalist's email being targeted.

Google would not tell me whether or not it had seen this attachment, again saying that its policy is not to "discuss the specifics of any particular case." But if the company did see it and did not seek to level any legal challenge, there is a legitimate and serious question to be asked concerning the extent of its complicity in the government's surveillance of a journalist in order to expose a confidential source. Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, told me that while it is unusual and difficult for a company to challenge a search warrant because a judge has already reviewed and signed off on it, it is still possible to challenge. "Theoretically a challenge to the search warrant would go back to the judge who signed it, who I imagine would be reluctant to change their mind (though you never know)," Fakhoury said in an email.

This also raises questions for me about how closely Google scrutinizes individual warrants and court orders before turning over users' private data. Google has a fairly solid track record of standing up to government snooping that it deems disproportionate, and it has commendably pioneered the publication of transparency reports showing government requests to censor Internet content and obtain users' data. But if it turns out Google's legal team were sent the attachment in the Rosen case and did not even attempt to challenge the lawfulness of the warrant, as seems possible, the company's reputation for standing up for users' rights will take a hit — and deservedly so — not least because the spying on Rosen stands out as such a flagrant example of government overreach and excessive surveillance.