Wow, thanks for accusing me of being an NSA goon. For the record, I said the reporting was sensationalized, not the documents.
On the economic espionage front, I really don't care if the NSA spies in order to shape national policy. Things get a lot murkier when intelligence agencies spy and then hand off that data off to private companies. Huawei was caught red-handed using stolen source code from Cisco[1]. Cisco probably lost millions because Huawei was able to undercut them and skimp on R&D costs. Frankly, I don't want any foreign companies willing to steal trade secrets managing the same internet backbones I conduct business on, just like China probably doesn't want their internet backbones running on American equipment. If there is evidence that the NSA has been handing Huawei source code to Cisco, or any kind of data to any private organization for that matter, in order to gain a competitive advantage, then Greenwald has yet to show it.
You can consider Stewart Baker's opinion to be worth jack shit, but apparently Glenn Greenwald, Ryan Gallagher and Ryan Grim thought his opinion was good enough to quote extensively for the SEXINT article that they wrote. But that's not even the point - they could have been quoting Glenn Beck for all I care. The issue is that they quoted him very selectively in order to not discredit their argument. That wasn't even the first time: right off the bat they omitted slides from the PRISM presentation in order to make the argument that the NSA had direct access to Google/Yahoo/Microsoft/etc.[2] I can see in the PDF file for Greenwald's book that he still extensively cites the Boundless Informant slides, despite the fact that they've been thoroughly discredited[3]. I'm honestly curious - did he mention that part in the book?
The Washington Post silently corrected their initial reporting without issuing a public statement[4][5], and as far I know Glenn Greenwald has never issued any retractions. I'm sure that there's probably plenty of interesting information in the Snowden cache, but I don't trust most of the reporting up until now.
Sorry for the wall of text, but I quoted verbatim from the book below.
>Wow, thanks for accusing me of being an NSA goon.
I didn't accuse you of being an NSA goon. Stewart is definitely one though.
> If there is evidence that the NSA has been handing Huawei source code to Cisco, or any kind of data to any private organization for that matter, in order to gain a competitive advantage, then Greenwald has yet to show it.
What does that have to do with anything? Why is NSA interested in “energy,” “trade,” and “oil” in the PRISM slides? Why is the NSA spying on “heads of international aid organizations, foreign energy companies and a European Union official involved in antitrust battles with American technology businesses.” Why are they “monitor[ing] the communications of senior European Union officials, foreign leaders including African heads of state and sometimes their family members, directors of United Nations and other relief programs [such as UNICEF], and officials overseeing oil and finance ministries.”
The answer is simple:
"When the United States uses the NSA to eavesdrop on the planning strategies of other countries during trade and economic talks, it can gain enormous advantage for American industry. In 2009, for example, Assistant Secretary of State Thomas Shannon wrote a letter to Keith Alexander, offering his “gratitude and congratulations for the outstanding signals intelligence support” that the State Department received regarding the Fifth Summit of the Americas, a conference devoted to negotiating economic accords. In the letter, Shannon specifically noted that the NSA’s surveillance provided the United States with negotiating advantages over the other parties."
It's economic espionage no matter how you spin it. When NSA believes it's pertinent to the "national interests" of the USA, not the "national security" they'll take it.
>You can consider Stewart Baker's opinion to be worth jack shit, but apparently Glenn Greenwald, Ryan Gallagher and Ryan Grim thought his opinion was good enough to quote extensively for the SEXINT article that they wrote.
Two quotes shooting himself in the foot by acknowledging and defending the program is hardly extensively quoting him.
>they omitted slides from the PRISM presentation in order to make the argument that the NSA had direct access to Google/Yahoo/Microsoft/etc.
That was the Gellman and the Washington post that claimed that, without question. The Guardian article framed it as a question. Greenwald never had to issue any retractions.
And just fyi, Gellman is still sticking to the direct access accusations. And Greenwald now thinks that he's right, because analysts can query without staff intervention at Google et al.
I'll quote verbatim from the book:
The companies listed on the PRISM slide denied allowing the NSA unlimited access to their servers. Facebook and Google, for instance, claimed that they only give the NSA information for which the agency has a warrant, and tried to depict PRISM as little more than a trivial technical detail: a slightly upgraded delivery system whereby the NSA receives data in a “lockbox” that the companies are legally compelled to provide.
But their argument is belied by numerous points. For one, we know that Yahoo! vigorously fought in court against the NSA’s efforts to force it to join PRISM—an unlikely effort if the program were simply a trivial change to a delivery system. (Yahoo!’s claims were rejected by the FISA court, and the company was ordered to participate in PRISM.) Second, the Washington Post’s Bart Gellman, after receiving heavy criticism for “overstating” the impact of PRISM, reinvestigated the program and confirmed that he stood by the Post’s central claim: “From their workstations anywhere in the world, government employees cleared for PRISM access may ‘task’ the system”—that is, run a search—“and receive results from an Internet company without further interaction with the company’s staff.”
Third, the Internet companies’ denials were phrased in evasive and legalistic fashion, often obfuscating more than clarifying. For instance, Facebook claimed not to provide “direct access,” while Google denied having created a “back door” for the NSA. But as Chris Soghoian, the ACLU’s tech expert, told Foreign Policy, these were highly technical terms of art denoting very specific means to get at information. The companies ultimately did not deny that they had worked with the NSA to set up a system through which the agency could directly access their customers’ data.
Finally, the NSA itself has repeatedly hailed PRISM for its unique collection capabilities and noted that the program has been vital for increasing surveillance. One NSA slide details PRISM’s special surveillance powers. Another details the wide range of communications that PRISM enables the NSA to access. And another NSA slide details how the PRISM program has steadily and substantially increased the agency’s collection. On its internal messaging boards, the Special Source Operation division frequently hails the massive collection value PRISM has provided. One message, from November 19, 2012, is entitled “PRISM Expands Impact: FY12 Metrics”.
Such congratulatory proclamations do not support the notion of PRISM as only a trivial technicality, and they give the lie to Silicon Valley’s denials of cooperation. Indeed, the New York Times, reporting on the PRISM program after Snowden’s revelations, described a slew of secret negotiations between the NSA and Silicon Valley about providing the agency with unfettered access to the companies’ systems. “When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled,” reported the Times. “In the end, though, many cooperated at least a bit.”
[...]
The Internet companies’ claim that they hand over to the NSA just the information that they are legally required to provide is also not particularly meaningful. That’s because the NSA only needs to obtain an individual warrant when it wants to specifically target a US person. No such special permission is required for the agency to obtain the communications data of any non-American on foreign soil, even when that person is communicating with Americans. Similarly, there is no check or limit on the NSA’s bulk collection of metadata, thanks to the government’s interpretation of the Patriot Act—an interpretation so broad that even the law’s original authors were shocked to learn how it was being used.
> I can see in the PDF file for Greenwald's book that he still extensively cites the Boundless Informant slides, despite the fact that they've been thoroughly discredited[3]
How is that? That has nothing to do with whether the US records are correct.
> How is that? That has nothing to do with whether the US records are correct.
I have no idea how Greenwald brought up the issue of Boundless Informant in his book, I just know that I saw slides in his PDF showing the US and Poland (maybe more - I forget). In that series of articles, they seemed to make pretty clear that the program was showing where the collection came from, not where the targets were. So, for example, the numbers from Norway represented communications collected "to support Norwegian military operations in conflict areas abroad, or connected to the fight against terrorism, also abroad". Same with Germany, France, Spain and Italy (I'm probably missing some). When it comes to the US numbers, I don't see that it's that big of a leap to take the same statement that the Norwegian intelligence service made, and replace all instances of "Norway" with "US".
> That was the Gellman and the Washington post that claimed that, without question. The Guardian article framed it as a question. Greenwald never had to issue any retractions.
From the article published in The Guardian[1]:
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
...
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
With regards to the provider's denials, I don't see anything evasive about them:
Google: "I'm not sure what the details of this PRISM program are, but I can tell you that the only way in which Google reveals information about users are when we receive lawful, specific orders about individuals -- things like search warrants. And we continue to stand firm against any attempts to do so broadly or without genuine, individualized suspicion, and publicize the results as much as possible in our Transparency Report. Having seen much of the internals of how we do this, I can tell you that it is a point of pride, both for the company and for many of us, personally, that we stand up to governments that demand people's information." [2]
Microsoft: "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it." [3]
Facebook: "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure."[4]
AOL: "We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers." [5]
Every one of them is very clear: the NSA needs a court order to get user's data, and they have only complied with orders for specific users.
The two statements from The Guardian are referencing the documents themselves. If you want to talk about out of context, you missed the headline and the multiple paragraphs framing it as a question of what the providers say versus what the NSA documents say.
"Direct access," these are the NSA's own words. The Guardian ran the providers statements versus what the NSA documents said. That's a fact. That's why there are no retractions in The Guardian's story, and as Soghoian says they don't actually deny "direct access" in those statements, legally. What's likely is that the companies allow them to run informal searches to narrow the data down.
As for the "court order," they're just talking about a FISA court order which only "allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization," which they readily ignore, and it's more like a general warrant because NSA relies on self-reporting. As Snowden indicated, and LOVEINT showed, analysts can just use bullshit justifications and cover it up. And if they targetted a U.S. citizen, according to their own documents, it's "not a big deal."
Yes - they denied it... because it was false. "Direct access" is not the NSA's own words, they were The Guardian's/The Washington Post's words. The slides themselves say "Collection directly from the servers of these U.S. service providers...", which we later found out means "provided under court order directly from the providers". The Guardian article goes on to say:
"When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers."
That is a blatant lie. The companies receive court orders - they have the ability to challenge the court order in the same way that they would challenge a subpoena or search warrant by going back to the court. If the FISA court doesn't agree, there's still a higher court to appeal to. There has yet to be a retraction of The Guardian's statement.
> As for the "court order," they're just talking about a FISA court order which only "allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization,"
You're mixing up programs now. That quote comes from an ODNI statement[1] about the FISA Section 215 metadata collection (I'm not going into that one now - that's a whole different mess, and IMHO that program is rightly controversial). The PRISM slides repeatedly indicate that this collection under FISA Section 702, which gathers content and which has a whole different set of legal requirements. Most prominently, people collected on under 702 must be reasonably believed to be outside the US and not an American citizen/green card holder/etc. The Snowden trove has yet to show any general warrant style orders related to PRISM.
I think the LOVEINT example actually works in favor of my argument - there was a small group people doing illegal stuff at NSA; they got caught; as a result, they don't work there anymore. You could go on to ask why the DOJ didn't prosecute, and I wouldn't fault you for questioning - I don't know the answer to that one. But citing LOVEINT to justify limiting the NSA's capabilities is kind of like saying "this cop fired his weapon and killed an innocent civilian, so we need to disarm the entire police force."
You're right, partly. Either way, NSA ha(d|s) direct access to Yahoo and Google's internal networks with MUSCULAR and various other WINDSTOP programs that have collected many more records than MUSCULAR, without requiring warrants whatsoever. Arguing over why The Guardian didn't retract is just splitting hairs at this point, because they did include the slide that claimed "direct collection from the servers." Then there's also UPSTREAM. PRISM is hardly the smoking gun in these long chain of events. And again you're right, I did mix up the 215 blurb.
On the economic espionage front, I really don't care if the NSA spies in order to shape national policy. Things get a lot murkier when intelligence agencies spy and then hand off that data off to private companies. Huawei was caught red-handed using stolen source code from Cisco[1]. Cisco probably lost millions because Huawei was able to undercut them and skimp on R&D costs. Frankly, I don't want any foreign companies willing to steal trade secrets managing the same internet backbones I conduct business on, just like China probably doesn't want their internet backbones running on American equipment. If there is evidence that the NSA has been handing Huawei source code to Cisco, or any kind of data to any private organization for that matter, in order to gain a competitive advantage, then Greenwald has yet to show it.
You can consider Stewart Baker's opinion to be worth jack shit, but apparently Glenn Greenwald, Ryan Gallagher and Ryan Grim thought his opinion was good enough to quote extensively for the SEXINT article that they wrote. But that's not even the point - they could have been quoting Glenn Beck for all I care. The issue is that they quoted him very selectively in order to not discredit their argument. That wasn't even the first time: right off the bat they omitted slides from the PRISM presentation in order to make the argument that the NSA had direct access to Google/Yahoo/Microsoft/etc.[2] I can see in the PDF file for Greenwald's book that he still extensively cites the Boundless Informant slides, despite the fact that they've been thoroughly discredited[3]. I'm honestly curious - did he mention that part in the book?
The Washington Post silently corrected their initial reporting without issuing a public statement[4][5], and as far I know Glenn Greenwald has never issued any retractions. I'm sure that there's probably plenty of interesting information in the Snowden cache, but I don't trust most of the reporting up until now.
[1] http://blogs.cisco.com/news/huawei-and-ciscos-source-code-co...
[2] https://medium.com/state-of-play/8ebc878074ce
[3] http://electrospaces.blogspot.com/search/label/BoundlessInfo...
[4] http://www.forbes.com/sites/jonathanhall/2013/06/07/washingt...
[5] http://www.zdnet.com/how-did-mainstream-media-get-the-nsa-pr...