In common terms a prism is defined as “a transparent solid body, often having triangular bases, used for dispersing light into a spectrum”. It separates full spectrum light into beams of monochromatic light, or more simply it filters light. Well, that was the more prominent definition… until early June of this year when leaked information about cell phone records began appearing in the Washington Post and Guardian newspapers. The thought of our most private conversation details being warrantlessly shared with the government caught many by surprise, but we learned this was only the tip of the iceberg!
But wait, there’s more!
In the past week we’ve learned that the US government (and possibly others) including agencies like the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) have not only access to your mobile phone but also access to all of your internet data directly from some of the largest players in internet land! Think Microsoft, Google, and Yahoo. Skype? Yes. Email? Yes. Banking? Probably. Instant messaging? Most definitely. Wait, you’re not in the USA? Don’t worry, they probably have your data too either through your direct communications with US sources, or through “agreements” with other governments doing the same type of tracking.
Prism – it’s not just an optical phenomena anymore!
Granted, we don’t know much about what is actually happening – hey, they aren’t going to give us the blueprints of a super top secret system – so there is much speculation about how this is being carried out including accessing direct connections to top level data centers and storing the information. We can theorize though and my theory is that everything is recorded. I’m talking about more data they you could ever imagine as Cisco estimates that total internet traffic exceeds 1.1 Exabytes each day (1000 Terabytes = 1 Petabye and 1000 Petabytes = 1 Exabyte). Enough data to make Google look like a tiny water droplet standing next to the Pacific ocean! Why would they store so much data? Well, they would need to know the back story. If you think about it as if you were reading a forwarded email from a conversation without having access to the original content you can see how “old” information can provide context and a complete understanding of the conversation.
Ah, right about now you’re thinking there is NO way the government, or anyone else for that matter, could store that much information. Well, in a strange coincidence the NSA is currently building a massive 1.5 million (MILLION) square foot data center in Utah. Current estimations claim they could have storage in the high Zettabyte (1000 Exabytes = 1 Zettabyte) to Yottabyte (1000 Zettabytes = 1 Yottabyte) range, which is enough to store at least 2 years worth of data, and I can assure you that this isn’t the only data center the NSA operates.
Ah ha! If your brain isn’t in a tailspin after the yotta zetta math lesson you’re thinking to yourself there is NO way that any one, anything, or any government could possibly sort through that much information. This is where “Prism” enters the picture. Just as an optical prism splits light into the base colors this electronic Prism program sorts through the mass of data collected looking for keywords, phrases, dates, and who knows what else leaving only what the NSA considers important – separating the wheat from the chaff so to speak. With recent database improvements, such as Accumulo, and some real computing power the data could be stored in a robust database for decades to come – all with little human intervention.
How the NSA stores, sorts, and saves your data – possibly
There is much “hypothetical” in the above paragraphs. Lots of explaining and conjecture also, so I’ll lay it out is a brief list with the information and technology we have available.
- The NSA has direct access to all mobile phone and internet traffic with direct connections to the internet backbone and the servers of major players in the communications industry.
- The NSA stores all this data in massive data centers located throughout the US in real time.
- Stored internet sessions, emails, and phone calls are processed at these data centers by powerful computers using Prism in near real time.
- Stored data containing the keywords or key data the NSA deems important is saved into a massive database for later retrieval and investigation by the FBI, CIA, and other organizations.
Is it true?
Well, it seems very plausible and with the current state of affairs definitely possible, though very much like a chapter out of 1984. Governments are known for misinformation and not always sharing the entire truth with their citizens, but as with any situation where there is an information void there will always be something to fill that void and this is where most conspiracy theories blossom. We also have little information about the true motives of the person who leaked the information, Edward Snowden. Individuals are much like governments in that they often do not tell the complete truth or bend the truth to further their own agenda. In this instance neither the government nor Mr. Snowden will probably ever be completely truthful leaving us with speculation to fill the voids.
My personal take is that there are seeds of truth in Mr. Snowden’s story and, while almost unfathomable in size and scope, the technical requirements of such an operation are almost certainly achievable with the right financial investment.
It’s all about the data!
Everyone will have a strong opinion and those generally fall on one side or the other of the privacy fence. One side will fall into the “If I’m not doing anything wrong I have nothing to worry about” camp and the others will side with the “This is completely unconstitutional and violates every right I have” group. The actuality is more likely right in the middle and we’ll have to accept that until we have more truth, but what we really need to worry about is the actual data!
Earlier I compared the amount of data Google has access to to the NSA and the amount of data in question is almost unfathomable. Really. The problem with data is organizations spend time and money devising ways to get it and use it, but never enough time or money is spent worrying about protecting and disposing of that same data. What happens to all that data the NSA most likely has?
Data mining – A single chunk of data is not very useful, but the more data you have the more information you can glean from it and just as Google mines their data to provide ads that appear to read your mind you can bet your paycheck that the NSA is mining any data they have. Connecting the dots in a digital manner to learn who you are, what you do, who you communicate with, where you shop, what you buy, and anything else that can be deducted from the data.
Privacy – How many people have access to the data? Guys in black suits? Contractors? Janitors?
Security – This is what scares me! How is the data protected. God knows the government and private companies aren’t always the best stewards with our data. Instances that immediately come to mind include a stolen laptop exposing 207,000 records, government security site hacked, defense industry hacked, and China hacks White House computer to name but a few of thousands. We know they have the data and you can bet that foreign governments do to. Can you imagine the damage a foreign government, or any hacker in general, could do to millions of individuals, and the country as a whole, with bank account information and other personal details that would likely be found in all that data? Obviously the government knows this and is taking step to protect the data, but there is always something or someone standing is the shadows. A new vulnerability or attack vector. A new group looking to get at the data. Will they? Would the government tell us? Would we have any recourse? Probably. Probably not. Nope.
So, what do you think about the US government’s Prism program?
This is obviously a very intricate subject crossing many different fields including legal, privacy, and security. I would love to hear your thoughts. Please take a few moments and really think about this, not only from your personal viewpoint but as a whole. Do you agree with the program? Do you believe any data stored is truly secure? Does this violate Constitutional rights? Is the whole story hype? Should we worry? What do you think the future implications are?