Living in a PRISM State
Q and A with New York Institute of Technology Professor about the recent NSA surveillance leak:
what does it mean for me?
In an interview with New York Insitiute of Technology's Babak Beheshti, Associate Dean and Professor, School of Engineering and Computing Sciences explained the details of the recent data surveillance controversy leaked by whistleblower Edward Snowden, and what it could mean for the average citizen.
What are the basics of PRISM and how does it work?
PRISM is a system that the National Security Agency (NSA) uses through nine popular Internet servers. The access is authorized by Congress by the Foreign Intelligence Surveillance Act (FISA) Amendments enacted in 2008. The released classified Powerpoint presentation indicated that PRISM enables collection directly from the servers of Yahoo, Microsoft, Facebook, etc. We also know in the past few days, the officers and spokespeople from the various internet providers have vehemently denied NSA's unfettered access to their servers. The major technology companies have systems that involve access to data under individual FISA request -- they will send a request to company X and say they need info on an individual or group Y. The scope is still unknown to us. The requests are reviewed by the companies. Once a request is reviewed, that info is transmitted directly to NSA. Now from all of the info available and the very clear statements coming from offices of these companies, this information is not sent automatically or in bulk.
What are the misconceptions of PRISM and the NSA circulating?
There's the idea that NSA has direct access to the servers. Based on all of the statements made, we don't have any evidence that NSA has automatic access.
Is this legal or Constitutional?
As far as legal, as I said these are all under the auspices of the FISA Act Amendments enacted by Congress. The act is currently being reviewed by committees in Congress. It appears that they are following the rule of the law. Whether it is constitutional or not, remains to be seen. The constitutionality is to be determined by the U.S. Supreme Court.
How does the data collection and surveillance work?
We live in a day and age where every single electronic transaction -- credit card charges communication, email, searches etc. All of these transactions are very clearly tagged and identified so they are always associated with the individual. There is no such thing as anonymity anymore. All of this data is stored somewhere. The question remains who and in what capacity will they use that information. The question is policy as opposed to technology.
How easy it is to access data like this even on a small scale?
I would say if there's a will, there's a way. The homeland security department runs a national clearinghouse of cyber threat info every year. In 2007, the United States received 12,000 cyber incident reports, and that number doubled in 2009. In 2012, it quadrupled. The energy company, BT, said it suffers 50 million attempts per day. The Pentagon reports 10 million attempts per day. There is a constant barrage of attempts to gain access to stored information.
How many attempts are successful?
I don't have data on that but one could imagine, based on those huge numbers, even if a small percentage are successful, we are still looking at large numbers.
Can someone who works for the NSA take our private information?
Once you have access, yes, you have access, in terms of being able to view the information. Whether they can freely download it and take the information off-site is another thing entirely, like Snowden was able to do.
Were you surprised that the whistleblower Snowden could take information away from site?
These high profile cases are always surprising. It speaks to the gaps in the protocol that allow it to happen. There are many factors that go into making sure to lock the system and inform supervisors if unauthorized info has been accessed or downloaded
What can the average everyday citizen do to help themselves with this?
Other than the regular things we hear like not divulging information electronically unless necessary?But unless you live under a rock, everything we do and every phone call is easily traced to individuals. One's information can be available upon request to someone somewhere.
Would you compare this type of surveillance to a Big-Brother-esque state?
I would not be that concerned because the comparison should be broken down into two components: technology and policy. The technology obviously exists today that did in Orwell's "1984," but to make the leak and immediately conclude that government infrastructures are in place to spy on us, simply based on the plot of "1984," is not realistic based on the policy today.