PRISM by the Numbers: A Guide to the Government’s Secret Internet Data-Mining Program
One day after The Guardian revealed that the U.S. government has been secretly collecting call log data from millions of Verizon customers, The Washington Post reported Thursday that the government’s monitoring of American’s data goes much, much deeper. The FBI and the National Security Agency are mining the servers of the country’s biggest technology companies for the purpose of hunting spies and terrorists. The program, code-named PRISM, is massive in scope and involves web services that many Americans use every day.
To make all this shadowy surveillance easier to digest, here are the relevant data points about the massive data collection:
One day after The Guardian revealed that the U.S. government has been secretly collecting call log data from millions of Verizon customers, The Washington Post reported Thursday that the government’s monitoring of American’s data goes much, much deeper. The FBI and the National Security Agency are mining the servers of the country’s biggest technology companies for the purpose of hunting spies and terrorists. The program, code-named PRISM, is massive in scope and involves web services that many Americans use every day.
To make all this shadowy surveillance easier to digest, here are the relevant data points about the massive data collection:
9 The number of tech companies involved in the PRISM program. Here’s a list, from an NSA slideshow, including the date when monitoring began:
- Microsoft (September 2007)
- Yahoo (March 2008)
- Google (January 2009)
- Facebook (June 2009)
- PalTalk (December 2009)
- YouTube (September 2010)
- Skype (February 2011)
- AOL (March 2011)
- Apple (October 2012)
So far Facebook, Google, Microsoft, Apple, and Yahoo have flatly denied that they provide the government backdoor access to their services, according to a variety of news sources. Twitter, which says it has been particularly vigilant in protecting user data from government agencies, is notably absent from the list. Dropbox is next in line to be added to PRISM, according to the Post.
- Microsoft (September 2007)
- Yahoo (March 2008)
- Google (January 2009)
- Facebook (June 2009)
- PalTalk (December 2009)
- YouTube (September 2010)
- Skype (February 2011)
- AOL (March 2011)
- Apple (October 2012)
So far Facebook, Google, Microsoft, Apple, and Yahoo have flatly denied that they provide the government backdoor access to their services, according to a variety of news sources. Twitter, which says it has been particularly vigilant in protecting user data from government agencies, is notably absent from the list. Dropbox is next in line to be added to PRISM, according to the Post.
10 The number of different types of data that are collected through PRISM. E-mails, instant messages, videos, photos, stored data (likely items stored on cloud services like Google Drive), voice chats, file transfers, video conferences, log-in times, and social network profile details have all been monitored by the government. Through PRISM NSA officials can even conduct live surveillance of someone doing a Google search, according to the Post.
$20 million The annual cost of PRISM, according to NSA documents obtained by the Post
2007 The year PRISM was established. The Post describes an “exponential growth” in the program since President Obama took office. The government has snooped on other forms of communication in recent years as well. On Thursday, Senator Dianne Feinstein confirmed that the NSA phone log database has been in place for at least seven years.
1,477 The number of times PRISM data was cited in 2012 as part of President Obama’s daily briefing, a high-level intelligence presentation given to the president, the vice president and select cabinet members. According to the Post, at least 1 in 7 intelligence reports from the NSA make use of PRISM data.
51% Confidence level intelligence officials are supposed to have of a target’s “foreignness” to make use of PRISM data. The massive database is aimed at surveilling spies and foreign terrorists, not Americans. However, large amounts of American user data is also picked up as officials hunt for threats. The NSA describes this as “incidental.”
Victor Luckerson @VLuck
Can the government see what Web sites I visit?
Mandel Ngan/AFP/Getty Images Texas Rep. Lamar Smith (far right) poses with other representatives and President Bush at the signing of an executive order intended to improve agency information disclosure.
Imagine you're shopping at a mall. You browse different stores, make a few purchases and move on. Then, you notice that a man you don't know seems to be following you. You even catch a glimpse of him taking notes on what you're looking at and buying. The entire time you've been shopping, you've been spied on!Many people fear that a similar thing is happening on the Web. They're worried that someone, usually the government, is recording and analyzing their Web browsing activity. They argue that these acts are an invasion of privacy. Are they right to be worried? Can the government keep track of all the Web sites everyone visits, and would it be able to act on that information?
It's easy to understand why some people are worried. The United States Patriot Act expands the government's ability to perform searches and install wiretaps. It doesn't seem like a big stretch to add tracking people's Internet activity to the list. These people fear that they'll be spied on whether they've done anything to justify it or not.
In some ways, fear about the government's ability to keep tabs on Web activities has reached the level of aconspiracy theory. In the most extreme version of the theory, the government is tracking not only Web site activity, but also is building a database of potential suspects for crimes ranging from corporate sabotage to terrorism. Other theories don't go that far, but still suggest the government is treating everyone like a suspect -- even if people aren't doing anything illegal or questionable.
How might the government track someone's activities on the Web?
Keeping Track of Web Activity
Internet cookies aren't going to tell the government about everyWeb site you've visited. Some consumer news articles might give you the impression that Internet cookies broadcast everything you do on your computer to every Web site administrator connected to theInternet. The truth isn't quite so frightening.
Internet cookies are small text files that Web sites store to your computer's hard drive -- they aren't computer programs. An Internet cookie gives a unique identifier relevant to a particular Web site to each computer that visits the site. The identifier lets Web sites tailor the browsing experience to your preferences. If you visit an international Web site that's available in many languages, you'd want to read it in a language you know. Using an Internet cookie, the Web site can remember this information. The next time you visit that site, you'll go straight to the appropriate version because the cookie on your hard drive told the site which language you prefer.
If you fill out an online form on a Web site, the site may store that information in the cookie on your hard drive. The personal information can't get into the cookie file unless you choose to provide that information. There's no way for the cookie to search your computer for identification information. In other words, if you're worried about personal information hitting the Web, just don't share it.
A small number of major Web companies provide most of the cookies on the Internet. These companies use the same format for all their cookies, so it's possible for these companies to see when a computer visits different Web sites that use their cookies. For example, Web advertising giant DoubleClick provides cookies for thousands of Web sites. DoubleClick can see if a computer visits different Web sites using their cookies, but it can't see if the computer visits a site that either uses a different Internet cookie or doesn't use cookies at all.
Currently, the U.S. Congress is considering an act that would require Internet Service Providers (ISPs) to retain personal data for all its subscribers that the government could then use in investigations. The act is called H.R. 837: Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) of 2007 [source: GovTrack]. If this becomes law, ISPs will have to save personal information like names, postal addresses and Internet Protocol (IP) addresses for all its subscribers. While the government wouldn't be able to track a user's browsing in real time, it could request records from an ISP showing all Internet activities on a particular user's account. People who use public computer accounts (like a computer lab in a public library) would be harder to track.
Republican Rep. Lamar Smith of Texas introduced the bill on Feb. 6, 2007. On March 1, 2007, the Subcommittee on Crime, Terrorism and Homeland Security received the bill for deliberation. As of February 2008, the bill is still in the legislative process.
Government Policy on Internet Tracking
While it's not efficient to try to track a person's Web activities with cookies, it's still a concern for privacy advocates. A governmentWeb page could hire a corporation like DoubleClick to provide Internetcookies. In theory, DoubleClick could search its database to see if the visitor had been to any other Web site that also used DoubleClick cookies. The government could try to gather information about a user by cross-referencing all the DoubleClick cookie sites he or she visits.
Some Internet privacy advocates don't like the idea of a governmental agency keeping information files about Web site visitors. Whether the government intends to use that information for tracking purposes is beside the point. The advocates argue that the government shouldn't keep tabs on people using cookies at all.
It may come as a surprise to conspiracy theorists, but the government more or less agrees with this perspective. In 2003, the White House's Office of Management and Budget issued a memo regarding the federal government's Internet privacy policies. The memo said that all federal government sites must post their privacy policies on an easily accessible Web page. The memo also forbids the use of persistent cookies in most cases. These are Internet cookies that remain on your hard drive even after you close your browser program [source: Office of Management and Budget].
There are some exceptions to the rule. The memo says that a federal government Web site can use persistent cookies if:
- There is a "compelling need," although the memo doesn't define what makes a need compelling
- The agency provides a clear posting in the privacy policy that alerts the user that the site has persistent cookies
- The agency explains in the privacy policy how the information in the cookie will be used
Cookies that expire once the user closes his or her browser program are exempt from these rules. Web bugs, which are images one pixel wide by one pixel tall that have many of the same properties as persistent Internet cookies, are not explicitly addressed, meaning some agencies may consider them exempt.
Despite this memo, several people have reported the use of persistent cookies on governmental Web sites. For example, the New York Times reported in 2005 that the National Security Agency (NSA) used persistent Internet cookies on its Web site that wouldn't expire until 2035. An NSA spokesperson said that the inclusion of the persistent cookies was an accident caused by a software upgrade [source: New York Times].
Many of the exposé reports about government Web sites and persistent cookies seem to be due to such accidents. Some Web page development software includes persistent cookies as a standard option. If the Web administrator doesn't know about the option, he or she might create a Web page that includes persistent cookies without being aware of it. Considering the amount of work necessary to track someone using cookies, it's likely that most of these incidents are, in fact, accidents.
To learn more about tracking activities on the Internet and related topics, follow the links:
Lots More Information
Related HowStuffWorks Articles
- How the Patriot Act Works
- Can the government take away my laptop?
- Can the government read your private e-mails?
More Great Links
Sources
- Bolten, Joshua B. "Memorandum for Heads of Executive Departments and Agencies." Office of Management and Budget. Executive Office of the President. September 26, 2003. http://www.whitehouse.gov/omb/memoranda/text/m03-22.html
- Gay, Lance. "White House drug office tracks computer visitors." Scripps Howard News Service. June 20, 2000. http://shns.scripps.com/shns/story.cfm?pk=COOKIES-06-20-00&cat=AN
- "Government Cookies Show Up Even When Prohibited." Tech Law Prof Blog. January 6, 2006. http://lawprofessors.typepad.com/tech_law_prof/2006/01/government_cook.html
- "H.R. 837: Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2007." GovTrack.us. Updated January 26, 2008. http://www.govtrack.us/congress/bill.xpd?bill=h110-837
- McCullagh, Declan and Broache, Anne. "Government Web sites are keeping an eye on you." CNET News. January 5, 2006. http://www.news.com/2100-1028_3-6018702.html
- Olsen, Stefanie. "Nearly undetectable tracking device raises concern." CNET News. July 12, 2000. http://www.news.com/Nearly-undetectable-tracking-device-raises-concern/2100-1017_3-243077.html?tag=st.nl
- Rankin, Bob. "A Closer Look at Cookies." The Internet Tourbus. http://www.internettourbus.com/cookies.htm
- Singel, Ryan. "Are TSA's Tracking Cookies Legal?" Wired. February 14, 2007. http://blog.wired.com/27bstroke6/2007/02/are_tsas_tracki.html
- "Spy Agency Removes Illegal Tracking Files." New York Times. December 29, 2005. http://www.nytimes.com/2005/12/29/national/29cookies.html?_r=1&adxnnl=1&oref=slogin&adxnnlx=1203374103-RXeNedoeBrDHiVw/w2avjQ
Revealed: Hundreds of words to avoid using online if you don't want the government spying on you (and they include 'pork', 'cloud' and 'Mexico')
- Department of Homeland Security forced to release list following freedom of information request
- Agency insists it only looks for evidence of genuine threats to the U.S. and not for signs of general dissent
|
The Department of Homeland Security has been forced to release a list of keywords and phrases it uses to monitor social networking sites and online media for signs of terrorist or other threats against the U.S.
The intriguing the list includes obvious choices such as 'attack', 'Al Qaeda', 'terrorism' and 'dirty bomb' alongside dozens of seemingly innocent words like 'pork', 'cloud', 'team' and 'Mexico'.
Released under a freedom of information request, the information sheds new light on how government analysts are instructed to patrol the internet searching for domestic and external threats.
The words are included in the department's 2011 'Analyst's Desktop Binder' used by workers at their National Operations Center which instructs workers to identify 'media reports that reflect adversely on DHS and response activities'.
Department chiefs were forced to release the manual following a House hearing over documents obtained through a Freedom of Information Act lawsuit which revealed how analysts monitor social networks and media organisations for comments that 'reflect adversely' on the government.
However they insisted the practice was aimed not at policing the internet for disparaging remarks about the government and signs of general dissent, but to provide awareness of any potential threats.
More...
Thanking his drug dealer in his yearbook and inventing the best ways to inhale: Book lifts lid on 'Barry' Obama's marijuana-smoking school days
Passengers restrain man on an American flight from Jamaica after 'he tried to rush the cockpit after landing'
Undercover US agents brought down our new Superjet: Russia’s extraordinary claim about crash which killed 45
As well as terrorism, analysts are instructed to search for evidence of unfolding natural disasters, public health threats and serious crimes such as mall/school shootings, major drug busts, illegal immigrant busts.
The list has been posted online by the Electronic Privacy Information Center - a privacy watchdog group who filed a request under the Freedom of Information Act before suing to obtain the release of the documents.
In a letter to the House Homeland Security Subcommittee on Counter-terrorism and Intelligence, the centre described the choice of words as 'broad, vague and ambiguous'.
Scroll down for full list
Read more: http://www.dailymail.co.uk/news/article-2150281/REVEALED-Hundreds-words-avoid-using-online-dont-want-government-spying-you.html#ixzz2VVdKehuh
Follow us: @MailOnline on Twitter | DailyMail on Facebook
However they insisted the practice was aimed not at policing the internet for disparaging remarks about the government and signs of general dissent, but to provide awareness of any potential threats.
More...
Thanking his drug dealer in his yearbook and inventing the best ways to inhale: Book lifts lid on 'Barry' Obama's marijuana-smoking school days
Passengers restrain man on an American flight from Jamaica after 'he tried to rush the cockpit after landing'
Undercover US agents brought down our new Superjet: Russia’s extraordinary claim about crash which killed 45
As well as terrorism, analysts are instructed to search for evidence of unfolding natural disasters, public health threats and serious crimes such as mall/school shootings, major drug busts, illegal immigrant busts.
The list has been posted online by the Electronic Privacy Information Center - a privacy watchdog group who filed a request under the Freedom of Information Act before suing to obtain the release of the documents.
In a letter to the House Homeland Security Subcommittee on Counter-terrorism and Intelligence, the centre described the choice of words as 'broad, vague and ambiguous'.
Scroll down for full list
Threat detection: Released under a freedom of information request, the information sheds new light on how government analysts are instructed to patrol the internet searching for domestic and external threats
They point out that it includes 'vast amounts of First Amendment protected speech that is entirely unrelated to the Department of Homeland Security mission to protect the public against terrorism and disasters.'
A senior Homeland Security official told the Huffington Post that the manual 'is a starting point, not the endgame' in maintaining situational awareness of natural and man-made threats and denied that the government was monitoring signs of dissent.
However the agency admitted that the language used was vague and in need of updating.
Spokesman Matthew Chandler told website: 'To ensure clarity, as part of ... routine compliance review, DHS will review the language contained in all materials to clearly and accurately convey the parameters and intention of the program.'
MIND YOUR LANGUAGE: THE LIST OF KEYWORDS IN FULL
Read more: http://www.dailymail.co.uk/news/article-2150281/REVEALED-Hundreds-words-avoid-using-online-dont-want-government-spying-you.html#ixzz2VVdKehuh
Follow us: @MailOnline on Twitter | DailyMail on Facebook
