The Prism: What we know and how it affects you!

This is a brief overview of the recent reports of the US government spying on its’ citizens. Hopefully you have seen the news reports. Please read the article and explore the links while thinking about the possible Constitutional implications. I would love to hear your thoughts on the subject, so be sure to leave a comment!

In common terms a prism is defined as “a transparent solid body, often having triangular bases, used for dispersing light into a spectrum”. It separates full spectrum light into beams of monochromatic light, or more simply it filters light. Well, that was the more prominent definition… until early June of this year when leaked information about cell phone records began appearing in the Washington Post and Guardian newspapers. The thought of our most private conversation details being warrantlessly shared with the government caught many by surprise, but we learned this was only the tip of the iceberg!

But wait, there’s more!

In the past week we’ve learned that the US government (and possibly others) including agencies like the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) have not only access to your mobile phone but also access to all of your internet data directly from some of the largest players in internet land! Think Microsoft, Google, and Yahoo. Skype? Yes. Email? Yes. Banking? Probably. Instant messaging? Most definitely. Wait, you’re not in the USA? Don’t worry, they probably have your data too either through your direct communications with US sources, or through “agreements” with other governments doing the same type of tracking.

Prism – it’s not just an optical phenomena anymore!

Granted, we don’t know much about what is actually happening – hey, they aren’t going to give us the blueprints of a super top secret system – so there is much speculation about how this is being carried out including accessing direct connections to top level data centers and storing the information. We can theorize though and my theory is that everything is recorded. I’m talking about more data they you could ever imagine as Cisco estimates that total internet traffic exceeds 1.1 Exabytes each day (1000 Terabytes = 1 Petabye and 1000 Petabytes = 1 Exabyte). Enough data to make Google look like a tiny water droplet standing next to the Pacific ocean! Why would they store so much data? Well, they would need to know the back story. If you think about it as if you were reading a forwarded email from a conversation without having access to the original content you can see how “old” information can provide context and a complete understanding of the conversation.

Ah, right about now you’re thinking there is NO way the government, or anyone else for that matter, could store that much information. Well, in a strange coincidence the NSA is currently building a massive 1.5 million (MILLION) square foot data center in Utah. Current estimations claim they could have storage in the high Zettabyte (1000 Exabytes = 1 Zettabyte) to  Yottabyte (1000 Zettabytes = 1 Yottabyte) range, which is enough to store at least 2 years worth of data, and I can assure you that this isn’t the only data center the NSA operates.

Ah ha! If your brain isn’t in a tailspin after the yotta zetta math lesson you’re thinking to yourself there is NO way that any one, anything, or any government could possibly sort through that much information. This is where “Prism” enters the picture. Just as an optical prism splits light into the base colors this electronic Prism program sorts through the mass of data collected looking for keywords, phrases, dates, and who knows what else leaving only what the NSA considers important – separating the wheat from the chaff so to speak. With recent database improvements, such as Accumulo, and some real computing power the data could be stored in a robust database for decades to come – all with little human intervention.

How the NSA stores, sorts, and saves your data – possibly

There is much “hypothetical” in the above paragraphs. Lots of explaining and conjecture also, so I’ll lay it out is a brief list with the information and technology we have available.

  • The NSA has direct access to all mobile phone and internet traffic with direct connections to the internet backbone and the servers of major players in the communications industry.
  • The NSA stores all this data in massive data centers located throughout the US in real time.
  • Stored internet sessions, emails, and phone calls are processed at these data centers by powerful computers using Prism in near real time.
  • Stored data containing the keywords or key data the NSA deems important is saved into a massive database for later retrieval and investigation by the FBI, CIA, and other organizations.

Is it true?

Well, it seems very plausible and with the current state of affairs definitely possible, though very much like a chapter out of 1984. Governments are known for misinformation and not always sharing the entire truth with their citizens, but as with any situation where there is an information void there will always be something to fill that void and this is where most conspiracy theories blossom. We also have little information about the true motives of the person who leaked the information, Edward Snowden. Individuals are much like governments in that they often do not tell the complete truth or bend the truth to further their own agenda. In this instance neither the government nor Mr. Snowden will probably ever be completely truthful leaving us with speculation to fill the voids.

My personal take is that there are seeds of truth in Mr. Snowden’s story and, while almost unfathomable in size and scope, the technical requirements of such an operation are almost certainly achievable with the right financial investment.

It’s all about the data!

Everyone will have a strong opinion and those generally fall on one side or the other of the privacy fence. One side will fall into the “If I’m not doing anything wrong I have nothing to worry about” camp and the others will side with the “This is completely unconstitutional and violates every right I have” group. The actuality is more likely right in the middle and we’ll have to accept that until we have more truth, but what we really need to worry about is the actual data!

Earlier I compared the amount of data Google has access to to the NSA and the amount of data in question is almost unfathomable. Really. The problem with data is organizations spend time and money devising ways to get it and use it, but never enough time or money is spent worrying about protecting and disposing of that same data. What happens to all that data the NSA most likely has?

Data mining – A single chunk of data is not very useful, but the more data you have the more information you can glean from it and just as Google mines their data to provide ads that appear to read your mind you can bet your paycheck that the NSA is mining any data they have. Connecting the dots in a digital manner to learn who you are, what you do, who you communicate with, where you shop, what you buy, and anything else that can be deducted from the data.

Privacy – How many people have access to the data? Guys in black suits? Contractors? Janitors?

Security – This is what scares me! How is the data protected. God knows the government and private companies aren’t always the best stewards with our data. Instances that immediately come to mind include a stolen laptop exposing 207,000 records, government security site hacked, defense industry hacked, and China hacks White House computer to name but a few of thousands. We know they have the data and you can bet that foreign governments do to. Can you imagine the damage a foreign government, or any hacker in general, could do to millions of individuals, and the country as a whole, with bank account information and other personal details that would likely be found in all that data? Obviously the government knows this and is taking step to protect the data, but there is always something or someone standing is the shadows. A new vulnerability or attack vector. A new group looking to get at the data. Will they? Would the government tell us? Would we have any recourse? Probably. Probably not. Nope.

So, what do you think about the US government’s Prism program?

This is obviously a very intricate subject crossing many different fields including legal, privacy, and security. I would love to hear your thoughts. Please take a few moments and really think about this, not only from your personal viewpoint but as a whole. Do you agree with the program? Do you believe any data stored is truly secure? Does this violate Constitutional rights? Is the whole story hype? Should we worry? What do you think the future implications are?

5 thoughts on “The Prism: What we know and how it affects you!”

  1. Hi Dave,
    I paid for my computer/s, I pay a monthly fee to a server to access email and the Internet. I spend many hours on the Internet checking ‘good’ sites, and I will continue use the Internet as it is there for everyone’s access.
    I do not want my computer usage to spied upon in any way, shape or form as I am an honest citizen.
    Internet spying by the self-opinionated and self-righteous authorities is not much different to someone forcing their way into my home and reading my snail mail and searching my possesions.
    It is about time that domineering ‘Big Brother’ was shoved back to where it belongs as the ‘Little Servant’ of honest and honourable people.

    Kind Regards.

  2. Leaves me unsurprised that they are doing it. Surprised at the amount of date involved. Hope that their Database and their servers overload and do some kind of a meltdown. Totally inappropriate. If not actually illegal. Pray that Congress shuts them down but am not going to hold my breath. Realize that there are truly bad people out there and that those people need to be watched and followed, however, most of us are Honest, God-fearing, Non-Terrriorist folks who love our country and would do nothing to hurt it. NOT the governments business who we talk to, e-mail, etc. or what we say or write so long as it does not involve any damage to our country.

  3. Oh dear. Even that comment of yours was probably spied on. Hope they don’t mind you calling them “self-opinionated and self-righteous”.

  4. By definition, a spy will spy! Their profession is not to weave baskets or crochet!
    I am not alarmed and do not fall into either of the categories specified (i.e. ‘not doing anything wrong’ or ‘unconstitutional’ camps). However, I think as a part of the general populace; using the facade that all of this is being done to thwart off terrorism, has not yet addressed nor discussed how we may be able to prevent the terrorists from wanting to do harm to the citizenry! My concern is WHY are they wanting to do innocent people (that are NOT like them) harm. Since 9/11, we have not yet addressed that real question and how to minimize the bloodshed! Using a bigger hammer is continuing to hamper any possible prevention mechanisms solutions to reduce harm and bloodshed. Moreover, NO! Using a white flag (or throwing flowers at the terrorists) can NOT be the answer, either! These are not political views; they are simply humanitarian discussions that need to be of more significant concerns. Prisms, magnifying glasses, or even telescopes are not going to resolve the basic problem; just as a Band-Aid on skin cancer will not cure the problem.

  5. The UK Government is just as keen as that of the US to monitor its citizens’ internet activities, on the well-worn and totally unfounded excuse that it is necessary for countering terrorist and criminal activity, so this would be a good time to start taking internet security seriously. I offer the following suggestions as a start:

    1) Make sure that your email provider offers secure port settings (SSL/TLS) and use them. (E.g in Advanced Settings, incoming – 995/SSL, outgoing – 465/SSL). You will be less vulnerable over the Net, but your provider will still be able to hold – and pass on – the decrypted messages at their end. It’s interesting that one of the UK’s major ISPs, BT (British Telecom), has a secure connection available, but chooses not to advertise the fact. I found out by accident, and have posted the details on their forums – I wonder how long the post will stay up?

    2) For those messages which you wish to remain totally private, find out about and use the message encryption facilities available in Microsoft Outlook and Windows Live Mail, and as a GnuPG plugin to Thunderbird. I strongly recommend reading the GPG4Win Compendium documentation, as a relatively easy introduction to message authentication and encryption. It is well worth making the effort to learn a little about electronic security – there may well come a time when you really need it (that time has already come for many dissidents in totalitarian countries). It’s nice to know that your messages would take around 1,000 years to decrypt!

    3) If you want to surf the net securely, consider using the Tor software bundle from the Tor project, which uses a secure network of volunteer servers to establish a kind of VPN – support them with a donation if you feel strongly enough about it!

    Finally, note that at least some terrorists and criminals are not stupid, and will already be using secure communication techniques, which cannot be broken in any reasonable time. So what is the point of monitoring which includes the rest of us as well?

    Let Benjamin Franklin have the last word: “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

    J M Ward

Comments are closed.

Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!