Educause Security Discussion mailing list archives
Re: Reactions to reported NSA PRISM program
From: Emery Rudolph <erudolph () UMD EDU>
Date: Fri, 7 Jun 2013 13:41:34 +0000
I too am extremely interested in the responses from those who are embedded in the IT industry and responsible for the security of data. To this point, the NSA's access to this data has been characterized as direct connection to the servers within the various vendors data centers. To me, that means they have the ability to tap of the primary data feeds and thus do not require any intermediate authorization mechanism. I would like more details on the actual connection details, but I would argue that if they have access within the data center, then by default, they and the ISP, vendors are one in the same in their access. Given the nature of this program, it does not seem that there is any "real" option for an institution or corporation to protect the privacy of their data, except to bring it all back in house and isolate it from the network, which is impractical for many environments and programs. Although the goal of the NSA program is to mine data in an unidentifiable manner, the agency is comprised of humans and we will always overreach when presented with the opportunity. Interested to read more on this and hear others responses. Very Best Regards, Emery Rudolph, MS Manager IT-ETI-PS Enterprise UNIX Services University of Maryland (301) 405-9379 http://www.umd.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim Doty Sent: Friday, June 07, 2013 9:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Reactions to reported NSA PRISM program On 06/07/2013 08:02 AM, Kevin Halgren wrote:
For those of you already using Google or Microsoft cloud e-mail solutions, I'll be curious to hear the reactions on your campuses to this news. I believe the tech companies are telling the truth when they say they don't provide direct backdoor access into their systems and that the PRISM presentation may overstate the cooperation and capabilities of the system, however that doesn't preclude the government from abusing existing systems and capabilities e.g. those under CALEA lawful intercept capabilities.
My reading of the statements is they carefully skirt ever stating that they aren't participating in PRISM -- in effect what they say is that they only provide information pursuant to legal requests. The arrangement outlined by PRISM would, AFAICT, be currently interpreted as legal no matter how abhorrent one might find it. James Clapper (Director of National Intelligence) confirms the program's existence, only differing on the accuracy of unspecified details. If you provide a narrow interpretation, such as "direct backdoor", then sure it is likely to not be technically accurate. But there appears to be sufficient evidence to support assertions that they have query access to the data sets in question only constrained by unspecified keywords that may, or may not, limit a query to foreigners. And a policy to move out from the target by two degrees which is likely to result in collection on US citizens. In "the good old days" an investigation had to get approval to collect data on contacts made by the target (excepting only a very limited scope of data collection and actions such as would permit such a request). That policy applied to physical investigations -- apparently digital is somehow different. Tim Doty
Current thread:
- Reactions to reported NSA PRISM program Kevin Halgren (Jun 07)
- Re: Reactions to reported NSA PRISM program Tim Doty (Jun 07)
- Re: Reactions to reported NSA PRISM program Emery Rudolph (Jun 07)
- Re: Reactions to reported NSA PRISM program Flynn, Gary - flynngn (Jun 07)
- Re: Reactions to reported NSA PRISM program Manjak, Martin (Jun 07)
- Re: Reactions to reported NSA PRISM program Mark Monroe (Jun 07)
- Re: Reactions to reported NSA PRISM program Emery Rudolph (Jun 07)
- Re: Reactions to reported NSA PRISM program Manjak, Martin (Jun 07)
- Re: Reactions to reported NSA PRISM program Jesse Thompson (Jun 07)
- Re: Reactions to reported NSA PRISM program Kevin Halgren (Jun 07)
- Re: Reactions to reported NSA PRISM program Stockdale, Alan (Jun 07)
- Re: Reactions to reported NSA PRISM program Emery Rudolph (Jun 07)
- Re: Reactions to reported NSA PRISM program Emery Rudolph (Jun 07)
- Re: Reactions to reported NSA PRISM program Tim Doty (Jun 07)