Encryption News

Article: PRISM and our Privacy

By 17th June 2013 April 15th, 2019 No Comments

Introduction

The Foreign Intelligence Surveillance Act (FISA) has empowered the US government to gain access to the servers of nine major internet companies. The project has been named appropriately as the ‘PRISIM’. Since 2007 the US government has had complete access to our personal information and private communications, made possible through a concealed partnership with these major tech companies who have allowed the NSA and FBI complete access to their servers.  In this article we investigate ‘PRISM’ and its effect on society.

What is PRISM and how has it come to light?

On 6 June 2013 The Guardian and The Washington Post were first to publish the news that would get us all talking – governments, tech companies and societies globally.  Edward Snowden a former technical worker for the CIA leaked documents revealing the electronic surveillance program, PRISM.  Mr. Snowden was ‘horrified’ at the extent of the US surveillance and acted on concerns over individual’s privacy. The leaked documents came in the form of a classified PowerPoint presentation instigating the involvement of major tech companies including Microsoft, Yahoo, Google, Facebook, Paltalk, YouTube, AOL, Skype and Apple.

The creation of Prism was made possible through two initial US Acts. In 2007 the ‘Protect America Act’ made it possible for targets to be electronically surveyed without warrant. Following this, in 2008 the FISA Amendments Act was created to remove all legal responsibility from private companies if they were to cooperate voluntarily with US intelligence through enabling access to data.  The Acts have been renewed until December 2017.  This ensures that PRISM is not technically illegal.

Different countries follow varying laws regarding data protection.  The regulations predominantly regulate the information companies are allowed to hold, duration that the data can be held for and how the data can be used.   Most companies have a clause in their privacy policy stating their entitlement to pass on information to governments if legally obliged to do so.

With data most of the time not being stored in the same country of user residence and the increased likelihood of it being stored in the US gives the American government easy access to data of non-Americans as well.  Thus even if you do not reside in the US your privacy is being compromised as the leading tech companies are based in America.

The process is believed to work as follows. The tech companies would receive a command/request from the attorney general and the director of intelligence regarding the information they hold or process.  The tech companies then allow access to their servers to the FBI’s Data Intercept Technology Unit, which then conveys to the NSA.

Through the surveillance program, ‘PRISM’, the US has access to vast amounts of individual’s private communications. They are accessing chat logs (audio and video), stored data, photographs, emails and their content, voice traffic, file transfers as well as social networking data.

Responses from governments and tech companies implemented in PRISM

Company Implemented

Response

Microsoft

 “If the   government has a broader voluntary national security program to gather   customer data, we don’t participate in it.”

“We provide customer information only when we receive a legally   binding order or subpoena to do so, and never on a voluntary basis”

Yahoo

Yahoo   takes users privacy very seriously. We do not provide the government with   direct access to our servers, systems, or network”

“The notion that Yahoo! gives any federal agency vast or unfettered   access to our users’ records is categorically false”

“Of the hundreds of millions of users we   serve, an infinitesimal percentage will ever be the subject of a government   data collection directive”

Google

“Google cares deeply about the security of our users data”

“Any suggestion that Google is disclosing information about our users’   Internet activity on such a scale is completely false.”

 “The only way in which Google   reveals information about users is when we receive lawful, specific orders   about individuals.”

Facebook

We do   not provide any government organisation with direct access to Facebook   servers”

“Facebook is not and has never been part of   any program to give the U.S. or any other government direct access to our   servers.”

“When Facebook is asked for data or information   about specific individuals, we carefully scrutinize any such request for   compliance with all applicable laws, and provide information only to the   extent required by law”

Apple

“We have never heard of PRISM”

“We do not provide any government agency with   direct access to our servers, and any government agency requesting customer   data must get a court order”

Dropbox

We’ve   seen reports that Dropbox might be asked to participate in a government   program called PRISM. We are not part of any such program and remain committed   to protecting our users privacy”

The US government released a statement confirming that for nearly six years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the United States as a defense against national security threats.

The US government has also stated “the surveillance activities published in The Guardian and The Washington Post are lawful and conducted under authorities widely known and discussed, and fully debated and authorised by congress”.

The President of the United States has said “federal judges are overseeing the entire program throughout” He also said” You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience. You know were going to have to make some choices as a society”.

The overall consensus of the tech companies is denied participation in PRISM

It has not yet been confirmed whether other governments around the world have been aware of or involved in PRISM.

How is our Data vulnerable to PRISM and how does this effect the ordinary person

When we choose to sign up to the vast array of accounts required in today’s society or to search the World Wide Web, we leave a trail of information wherever we go. The vast amounts of our information left behind we entrust with the companies to ensure our information is secure and remains private.

It can be guaranteed that majority of individuals globally have connection with one, more or even all of the implemented companies on a daily basis.

Majority of sign up prerequisites include handing over your name, surname, date of birth address (work or home), telephone numbers, email addresses, passwords, bank details etc.

When searching online we are easily tracked through IP addresses, information regarding sites visited and at what time are stored. Cookies are always providing information surrounding the pages we view.  In theory the internet service provider can see everything an individual chooses to do online

Through Google email, our chat conversations are collected and stored as well as our email contacts and email threads for each account.

Social networking sites like Facebook collects all the information we choose to post online. It stores our status updates, photos, comments, tagging information, location information, email messages and chat conversations.  Every ‘Like’ is logged. Every ‘Tweet’ via twitter is stored.

Instant chat/messaging sites like Skype and Paltalk store our voice and video communications.  They store our contact lists as well.

Apps have the ability to store vast amounts of user information.   Including address books, contacts, and and individuals exact location. All the data moving through the App is stored on a server ‘somewhere out there’.

We carry all our information around on our phones and tablets.  And store immense amounts of personal information away from home, in the cloud.  We process vast amounts of information on these devices and continue to transfer the information via the devices too.

Our information is stored in so many places, on so many servers in so many countries all around the world.  It only takes one program like PRISM to make people realise how vulnerable they are with regards to their privacy.

Conclusion

Privacy while using the internet has always been a concern. Since most of the leading tech companies are based in America in essence anyone is at risk of having their privacy violated through PRISM.

Majority of individuals have a connection with the associated companies thus globally we are all at risk.

The fact that the program is government run with US Acts supporting it and removing any legal responsibility is a chilling fact.

There are still questions about the breadth of the information the government is collecting, and whether that information is subject to proper judicial oversight.  Are the companies lying or using legalistic language to hide their participation.  In the weeks and months to come the truth will unfurl.

One thing is for certain, it has become essential for people to take to securing their own information if they are to maintain their privacy. Encrypting your emails, documents, files before they are sent and in storage should not be out of preference or nicety but rather seen as necessity.  Galaxkey is the way forward.