dslreports logo
site
spacer

spacer
 
   
spc
story category
Facebook, Google Deny Giving NSA 'Direct Access'
So How About Indirect Access?
by Karl Bode 06:57PM Friday Jun 07 2013
Both Facebook and Google came out late today giving very hard denials that either of the companies have given the NSA "direct access" to the company's servers. As we noted yesterday, reports this week in the Guardian and Washington Post claimed that nine companies, including Apple, Google, Microsoft and Facebook, had been providing the NSA with some type of backdoor that allowed the intelligence agency to monitor real-time and stored data on the companies' networks.

Click for full size
In a Facebook post, Facebook CEO Mark Zuckerberg proclaimed that the company "hadn't even heard of PRISM before yesterday," and that Facebook "is not and has never been part of any program to give the US or any other government direct access to our servers."

Google CEO Larry Page posted a blog entry that has non-coincidentally similar wording. According to Page, Google "had not heard of a program called PRISM until yesterday," adding that Google has "not joined any program that would give the U.S. government—or any other government—direct access to our servers."

Both companies then took a few shots at the government, suggesting that if the NSA is up to something, perhaps a government claiming to be "dedicated to transparency" might want to be a little more transparent about spying on citizens everywhere.

So a few things are clear. Barring unlikely outright lying, the companies involved didn't know that "PRISM" was the code-name for what the NSA was doing. The similar language about "direct access" to servers is also telling, suggesting that if the Post's leaked slides are real (and there's nothing to suggest they aren't), access to the data is happening without these companies full knowledge: either covertly on site, or further upstream.

If you go back and read AT&T whistle blower Mark Klein's original testimony about the NSA secret rooms at some AT&T central offices (pdf), he notes that he believes there was equipment installed that can actively create cloned streams in real time -- streams the NSA can then do with what they'd like:
quote:
A fiber optic circuit can be split using splitting equipment to divide the light signal and to divert a portion of the signal into each of two fiber optic cables. While both signals will have a reduced signal strength, after the split both signals still contain the same information, effectively duplicating the communications that pass through the splitter....Through (these) "splitter cabinets," the content of all of the electronic voice and data communications going across the Peering Links mentioned in paragraphs 29 to 31 was transferred from the WorldNet Internet room's fiber optical circuits into the SG3 Secure Room (that only the NSA and key AT&T personnel were allowed to access.
Klein then provides testimony that NSA was using this technique to effectively clone traffic using additional network hardware, and may have installed such gear at numerous AT&T offices, including San Jose, San Diego, Los Angeles and Seattle (and surely many more since this time, around 2003). The NSA Is rumored to be building a massive supercomputer warehouse in Bluffdale, Utah to store and dissect this collected data. Given much of it's encrypted, that's why they're busily pushing to change CALEA to allow for more direct, and more legal, access to encrypted data.

That in mind, there's probably three possible scenarios at play here:

1) As with AT&T and other carriers, the NSA received permission from these nine companies to install hardware on site that creates a clone of data streams and gear that acts as a repository for some of that data. The companies don't ask what these devices do, providing them with the capability to deny their existence and claim nobody has "direct access" to "servers" or knowledge of any specific NSA programs -- since that would technically be true. I think this is the most likely explanation.

2) The monitoring of these websites doesn't require their compliance or even cooperation, and the duplication of streams and storing of specific website data is happening somewhere further upstream, such as at regional pops and/or on the networks of larger key carriers like AT&T and Verizon.

3) Everybody is just lying through their teeth because, they're legally prohibited from talking about this and really, what's the penalty for denying a legal and congressionally approved program the government will never, ever fully acknowledge or provide details on? "I was assuming that these tech companies were just lying," respected security expert Bruce Schneier tells the Guardian. "That's the most obvious explanation."

These three options are my speculation, but they're based on writing and reading about these programs for more than a decade. I'd love to see engineer commentary about what is and isn't possible or potential caveats in the comment section below.

It's worth noting that the Washington Post has since backpeddled a little bit, and is now stating those companies may not have been aware of the project. Granted if you've been paying attention to all of the whistleblower information exposed over the last decade, their awareness may not have been entirely necessary.

What now? Well, reporters that actually get Facebook, Google, Apple or other supposed participants to talk about this in detail should probably ask: does the government have hardware installed on your networks? If the answer is no, this is all happening further upstream, and we're back staring and companies like AT&T and Verizon for their willful participation in the creation of a covert surveillance state.

view:
topics flat nest 
en103

join:2011-05-02
Reviews:
·Time Warner Cable

Lies, Lies, Lies yeah... they're going to get you

Well... the devil is more in the details than anything.

Companies can deny based on specifics and be truthful.
I.E. NSA probably did not have direct access to any servers.
What is more likely - data sniffers. What good would phyiscal access to a server farm do - a lot of the data is load balanced and farmed. Its best to capture data sniffer style at a LAN router that goes in/out of the server farm.
BosstonesOwn

join:2002-12-15
Wakefield, MA
Reviews:
·Verizon FiOS

Re: Lies, Lies, Lies yeah... they're going to get you

Port mirroring is easy to accomplish, no need to "split" the fiber cables. I do this on our 40 gig circuits now so that I can analyze for security intrusions.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

Or maybe Facebook & Google execs denials are lies

FISA orders are not to be discussed in public. Maybe the execs at Google and Facebook don't want to run in to legal battles and decided to just deny the whole thing. Also, their reputations are better if they claim they don't know.
--
"If you want to anger a conservative lie to him.
If you want to anger a liberal tell him the truth."
Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

Re: Or maybe Facebook & Google execs denials are lies

I think that could have some ground in this discussion, When the government is doing their immoral data skimming they hold the execs and company as a whole under the NDA from the FISA orders.

*I state immoral because while under certain post 9/11 laws it might be legal but it does not make it right. As such I had to resist saying "Illegal data skimming"
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK

It's also possible to not lie while not telling the truth.

Maybe they aren't lying when they say they don't give the Government the data.

The real truth however is they know the Government just takes the data, and they are ordered in secret to not prevent it.

That way, you can say "We do NOT give them the data, we do not co-operate!" while all the while standing idly by while the data is harvested anyway.

The difference between the law and the truth are often huge.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini

Frink
Professor
Premium
join:2000-07-13
Scotch Plains, NJ

Is this even possible?

To-From call records, or IP access tables are one thing, but full captured data logs live on the wire? How could anything possible store that much volume for more than, say a minute or two if at all?

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

Re: Is this even possible?

Yes: »www.businessinsider.com/pictures···r-2013-6

Karl Bode
News Guy
join:2000-03-02
kudos:39

Re: Is this even possible?

Well and keep in mind that just because you've forged a duplicate traffic stream doesn't mean you have to record and store everything, all the time -- though I'm sure the warehouse in Bluffdale absolutely is being designed with that in mind.
BosstonesOwn

join:2002-12-15
Wakefield, MA
Reviews:
·Verizon FiOS
why not my emc symmetrix is at 192 Petabytes in size, and we are seeking ways to grow it even more at this point. With 40 gig fiber trunks you could easily save all the data.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"
Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
192PB?? that is big damn porn collection you got there.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:4

Zuckerberg?...

... every time, I see his face, I think 'HE's LYING!!!'
And this was before I knew who he was.
Familiarity hasn't helped.
Sometimes, you just know.

Karl Bode
News Guy
join:2000-03-02
kudos:39

Re: Zuckerberg?...

I'd trust intelligence analysts and operatives who lie for a living before I'd trust Zuckerberg.

cork1958
Cork
Premium
join:2000-02-26

Re: Zuckerberg?...

said by Karl Bode:

I'd trust intelligence analysts and operatives who lie for a living before I'd trust Zuckerberg.

Whoa!

That's going WAY out on a limb there!!

Personally,
It's gotten PAST the point of trusting ANYONE in government or any CEO/COO!
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/

Rogue Wolf
Mourns the Loss of lilhurricane

join:2003-08-12
Troy, NY
I'd trust a pack of rabid hyenas before I'd trust Mark "they trust me, dumb f**ks" Zuckerberg.

But then we're both saying the same thing, aren't we?
--
I may have been born yesterday, but I've spent all afternoon downtown.

N3OGH
Yo Soy Col. "Bat" Guano
Premium
join:2003-11-11
Philly burbs
kudos:2

2 recommendations

The bottom line...

We've come to the point in time in our Republic where people in power are not to be trusted. People in power in the government, people in power in corporate America, all of them need to be considered liars first, until they've proven themselves otherwise.

The notion of it being a Republican vs Democrat, Liberal vs Conservative? that argument is dead. We need to be Americans first. The regime as it has evolved has evolved to be our enemy, and both parties have proven they can't be trusted.

It's the powerful vs rest of us. By powerful I'm not talking about local politicians, or Joe blow the FBI agent, or the local cops. They're in the same boat as the rest of us.

Congress, the Executive branch, the judiciary, and the upper echelons of corporate industry. These are the people that live in their own walled garden version of America....

I guarantee if you're posting here or reading this, you don't qualify as "being in power".

I don't know where we go from here. We certainly live in troubled times and I hope we can, as a people, overcome the divisiveness of the political class and rally around the core issues we can agree about.

America is not the meritocracy it once was. The notion puts me in a low place. I love the ideals this country was founded on, but I seriously doubt we can pull out of the tail spin we've entered. Not due to a certain politician, or group of politicians, but the notion that the political class has become the nemesis of the rest of us.

This is exactly what we WERE NOT supposed to be...
--
Petty people are disproportionally corrupted by petty power
Finger2208

join:2001-04-07
Lindale, TX

And....

We would/should trust Google why?

meeeeeeeeee

join:2003-07-13
Newburgh, NY

Mark Zuckerberg...

The man who made millions overnight by convincing stupid sheeple that his worthless company and braindead website was worth something. Oh Yeah.... He has "trust me" written all over his face.

July 4th 2013, Day of National Outrage - Perform an act of civil disobedience. Are there any Americans left willing to raise their voices?
--
"when the people have suffered many abuses under the control of a totalitarian leader, they not only have the right but the duty to overthrow that government." - The U.S. Declaration of Independence

tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:4
Reviews:
·Comcast

1 recommendation

Re: Mark Zuckerberg...

said by meeeeeeeeee:

July 4th 2013, Day of National Outrage - Perform an act of civil disobedience.

All in favor of this...
IF people understand the true definition of civil disobedience.
"In seeking an active form of civil disobedience, one may choose to deliberately break certain laws, such as by forming a peaceful blockade or occupying a facility illegally"
This isn't blow shit up, or get all "Anarchist" and stuff.
It's publicly declaring to the gov't and all else who listen "I (your identity here) disagree with said Gov't policy XXX and bound by believe REFUSE to obey, AT MY OWN PERIL!
That is YOU are willing to stand in front or the tank or the bulldozer or gun the gov't sends but you refuse to obey the unlawful (in your opinion) order.

Once outed, they know who you are so this is a lifelong commitment and people throughout the world including this country have died, or been imprisoned for life for practicing it.

IF it is an act of conscience, you don't need to wait until independence day to start, if it is a violent act of retribution/anger/perversion, please choose another term and quietly 'off' your self at low tide on a hungry beach. (the ocean can probably absorb ONE more human error.)

meeeeeeeeee

join:2003-07-13
Newburgh, NY

Re: Mark Zuckerberg...

I foolishly expected people to understand that "civil disobedience" is NON VIOLENT AND NON DESTRUCTIVE. Thank you for adding emphasis to that.
Aranarth

join:2011-11-04
Stanwood, MI
Reviews:
·Frontier Communi..

I find it interesting...

The name of the project is prism. In the body of the text above one of the whistleblowers is talking about using a device to split the fiberoptic signal.

What device do you use to split a laser beam? A prism.

It is quite possible that what they are doing is exactly that, splitting the fiber optic line using a prism and then boosting the signal so a copy can be sent anywhere they like.

I doubt this would be detectable unless you used light speed calculations to find the extra millisecond imposed by the signal boosters.

hyphenated

@bellsouth.net

Not direct

It's not direct, it's in the cloud
tmc8080

join:2004-04-24
Brooklyn, NY
Reviews:
·ooma
·Optimum Online
·Verizon FiOS

1 edit

no surprise..

much of this leaked as early as 2001-03.. and later the extent of it's use made known the world over with wiki leaks.. not sure why this is news today.. the patriot act and related law during "wartime" give these agencies carte blanche even without these laws in-place. the laws are further access to immunity from prosecution & interference from congress and limited oversight/accountability depending upon the agency in question.
xenophon

join:2007-09-17

Power is destined to be exploited...

...in some form no matter who is running the show. Is naive to be surprised by this. As long as the hoi polloi get their big screen TVs, able to post about themselves, watch mindless crap and worship supernatural forces, there will be no pursuit to stop this. Same goes for airport body scanners which are guilty until proven innocent machines. The ignorant many don't care about giving up liberty for a false sense of security.

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - attributed to Ben Franklin

stray

join:2000-01-16
Warren, NJ

The cheapest path

Perhaps the 2nd Powerpoint slide says it best: "(data) will take the cheapest path." If you wanted to tap a provider's data flow, simply enable some strategically placed backbone segments which are underpriced. Insert your prisms into the segments you control. All things being equal, the target's data will automagically flow into the prism, split, and be forwarded to both the proper destination and the NSA.
--
V-Rtifacts - When Virtual Reality Was More Than Virtual
Rojo

join:2009-04-14
New York, NY
kudos:1

1 edit

Shhh. Sleep, sleep, go back to sleep...

all is well... take our bait... all your privacy are belong to us.

Whatever you do don't let Richard Stallman wake you.
»www.guardian.co.uk/technology/20···stallman
jorcmg

join:2002-10-24
Covington, GA

Who watches the watchmen

J. Edgar Hoover would be impressed. These companies are going to play ball. It's in their interests. The owners of this country don't really give a flying **** about this domestic spying/surveillance nonsense. They don't have a stake in it. Same now as it's always been. Follow the money.

SrsBsns

join:2001-08-30
Oklahoma City, OK

Makes sense

When I was an AT&T employee they claimed they don't store the content of SMS ever. Now we know why. The government was just funneling it from spliced fiber.

Not to sound crazy but if you as a phone company said we don't keep text messages in the post 9/11 era the government would go ape shit. Wither it be by saying you support terrorism by not keeping the data or whatever. They were fine with AT&T not storing the messages.