Get Your Data Out Of The US Now: NSA’s “PRISM” System Reveals How Insecure Your Data Really Is


As if yesterday’s explosive revelations about NSA’s ongoing interception of all of Americans’ phone calls weren’t enough, yesterday evening another top secret document was released (see here for screenshots), documenting for the first time that NSA had persuaded every major tech company with the exception (so far) of Twitter to allow them real-time access to their central data servers, and therefore to the private content of communications of the vast majority of Americans. It started in 2007 with Microsoft (surprise, surprise), and most recently enlisted Apple in 2012.

(Oh, it includes AOL too? Well, that’s thoughtful. Maybe they wanted to address the criticism that they weren’t focusing enough on the threat from the remote backwoods?)

So let’s take you through the PRISM scandal, and why it means that you should really shift your communications and company documents to being hosted outside of the US.

Laura Poitras, a MacArthur Fellow and documentary filmmaker who knows more personally than most about the abuses of the surveillance state, and Pulitzer-winning journalist Barton Gellman, wrote an expose of the PRISM program that was published in yesterday’s Washington Post:

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets.

The article explains that NSA has also partnered with GCHQ, its British equivalent. This neatly allows GCHQ to circumvent British laws preventing mass interceptions, and simultaneously allows NSA to collect data on targets that are foreign to GCHQ (i.e. American ones). This resurrects the same kind of intelligence-sharing setup that existed for the ECHELON program in the Clinton administration – “spy on our guys for us, and we’ll spy on yours.”

Poitras and Gellman note,

Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.

So congressmen like Trey Gowdy could make ignorant assertions that the NSA didn’t spy on Americans, and other congressmen who knew better are claiming that they were not able to speak up to contradict them and reveal the truth, because of their “oath of office.” What they really mean here is that they undertake as part of their membership of the House or Senate Intelligence Committees to not divulge classified information, and that they would lose their plum committee assignments if they did. Boo hoo, guys. Must suck to be you and to be forced into betraying all the rest of us that way.

The article reveals that in the NSA’s perverted definitions, you can take out a single warrant covering a whole facility (like one containing Microsoft data servers), and it will class as being lawful provided that the company’s business (like Microsoft’s) is 51% or more with users in foreign countries. So, 100% of American Microsoft users’ data can be gathered without needing any kind of individualized probable cause, by virtue of their using a multinational corporation for their personal or business needs. Microsoft and Google have issued strongly worded denials; but the data on their involvement apparently comes from a senior intelligence officer who describes their “firsthand experience with these systems, and horror at their capabilities” as their reason for disclosing the PRISM program materials.

Bless you, whoever you are, for what you just did. You have taken on a heavy burden, as the cases of John Kiriakou, Bradley Manning and Thomas Drake amply demonstrate. They will be after you. But you’re in honorable company, and the people of the world are in your debt.

Robert Chesney over at the Lawfare blog is busily asserting that what is key to whether this is wrong is the “minimization procedures” after the NSA collects all of your data. In other words, if the NSA automatically collects everything, but requires an individualized showing of probable cause before a human looks at your data, then the program is all right by him.

Of course, there’s no evidence that NSA is applying anything like that strong of a standard in the first place; but even if they were, the Fourth Amendment still says that “no Warrant shall issue” without [prior] probable cause based on individualized suspicion, to prevent exactly these kinds of shenanigans. In other words, any warrant that a court issues without specifying an individual target and a reason for suspecting their direct involvement in a crime, is facially unconstitutional. So let’s remember that when the NSA describes all this as “entirely legal”, they mean that “a supine Congress has refused so far to outlaw by statute a program that is obviously unconstitutional, for fear of seeming Weak On Terror; and till now we have kept it secret enough that nobody has been able to litigate it.”

Listen. I’m not the world’s biggest fan of the daily carnage caused by the Second Amendment’s strong protection of individual gun rights, but I have agreed to live under those rules. The Bill of Rights, in other words, is not a buffet, and the tortured interpretation the NSA and Mr. Chesney are putting on the Fourth Amendment is killing it.

Till Google, Microsoft, Yahoo!, Skype and the rest of this sorry company provide documentary proof that they have ceased to comply with this program, Digital Fourth is recommending that all readers of this blog start figuring out how they can boycott their products, and replace them with ones hosted outside the US. Believe me, as a heavy user of their products, I know how hard that will be; but they have to face some consequences for this.

One thought on “Get Your Data Out Of The US Now: NSA’s “PRISM” System Reveals How Insecure Your Data Really Is

  1. Great article. Highlights the importance of defending the entire Bill of Rights, lest we will ultimately lose them all.

    Because the “seizure” is now virtual as opposed to physical, somehow we have become complacent about the level of protection we expect against governmental intrusion.

Leave a Reply