Like many of you, I have been reading and watching a lot about the latest leaks about the NSA Prism program. It has been a fascinating weekend. I want to share with you some of my own sources if you want to learn more about what is going on, apart from the sensational news headlines.
Coincidentally, last week I finished reading Andy Greenberg’s excellent book, This Machine Kills Secrets. Greenberg is a reporter for Forbes and the book covers the rise and fall of Wikileaks over the past several years. Some of this information is also presented in another excellent work, the documentary film “We Steal Secrets” by Alex Gibney (you can watch it on Amazon here). Both the book and the movie bring up all sorts of ironies about the conduct of Manning, Assange, and Lamo. The movie draws heavily on AIM chat logs.
Fortunately, we have this exceptional 12 minute video interview of Edward Snowden, the NSA leaker. It is well worth your time to watch. He raises some interesting points about his motivations and worldview.
More coincidence: Manning’s trial started last week, and the daily transcripts are available here.
I have a small personal connection: I first began corresponding with Lamo many years ago, and then actually met him when he crashed on my sofa in 2004. He is a curious character (you can read my thoughts about him in one of my Web Informant columns here), and obviously conflicted about his decision to turn in Manning. This topic and other things are captured in a recorded audio interview I did with him two years ago for ReadWrite (the article is here and I have uploaded the mp3 recording here).
So what is really possible about this NSA program? Your first stop should be a blog post by Alex Stamos, the CTO of Artemis Internet. He has an interesting taxonomy of the various possibilities of what Prism can’t or can do, based on the various conflicting statements from government and computer industry principals. It is well worth reading.
Robert Graham’s excellent Errata Security blog has some interesting comments also about the various claims and counter-claims. Many years ago he wrote a piece of software that demonstrates how the government can listen to Internet traffic. He says, “The PRISM program isn’t all that we fear, but more than we find tolerable.”
He also suggests that we ask questions of the major computer software vendors, such as “Have you changed what user information you log at the request of law enforcement?” I would welcome that dialog and clarification.
In another post where he talks about the responsibilities of the NSA, Graham states, “The IRS hires people with high-school diplomas, the NSA hires Ph.D.s with military service.” He claims that the lowly NSA staffer is very scrupulous about their mission.
To get an idea of what is possible, you should check out a story Wired magazine ran last year about the NSA’s new and as yet incomplete data center south of Salt Lake City.
Finally, you should also follow what Bruce Schneier is posting. He is always a thoughtful and insightful security analyst, and in this post he writes about the need for whistleblowers to force our governments to be open and to keep abuses under control. He also has a long list of questions that he’d like to have answers to, and how much we really don’t know.
Is Prism one of those abuses of power? Maybe, and maybe we will never find out really what it does.