[163406] in North American Network Operators' Group
Re: PRISM: NSA/FBI Internet data mining project
daemon@ATHENA.MIT.EDU (Mark Seiden)
Fri Jun 7 15:09:52 2013
From: Mark Seiden <mis@seiden.com>
In-Reply-To: <13976.1370628323@turing-police.cc.vt.edu>
Date: Fri, 7 Jun 2013 12:05:43 -0700
To: Valdis.Kletnieks@vt.edu
Cc: goemon@anime.net, NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
i have talked with a dozen people about this who ought to know if there =
were something
more creepy than usual going on.
and nobody in engineering knows of anything. but hm, people in =
compliance said "no comment".
that, and the $20M annual number, suggests that what they actually did =
was set up a portal=20
for intel agency people to use to request "business records" of the =
members (service providers).
(maybe PRISM stands for something like Portal to Request Intelligence =
Service Materials,
or somesuch.)
of course, under patriot, the legal concept of "business records" was =
greatly expanded,
and the kinds of approvals needed to get them reduced. i really wonder =
if the FISC has
a pki. i.e. as a technical matter can a FISC judge electronically =
approve a NSL or FISA=20
warrant?
if i'm right, now they're following the letter of the new law =
electronically, rather than using paper and
fax. which would increase timeliness, accuracy and efficiency for all =
parties concerned.
this would only affect compliance activities at the providers, who would =
continue receiving
and handling individual requests just as previously and supplying the =
same data as before.
(and i suppose now the providers could actually supply the returned =
records electronically also=85)
(i am actually in favor of this kind of thing for both law enforcement =
requests and for intel agency
requests. the amount of time and money wasted and delays in handling =
perfectly legal and necessary
investigative requests was kind of shocking to me. i repeatedly heard =
complaints about cases where=20
compliance would not respond to LE in long enough that the data provided =
was stale for judicial=20
purposes, and the same search warrant would have to be reissued. (or =
where they would take a=20
very long time to reject a request for a technical or legal reason.)
(there's an interesting gray area in this request handling: there were =
several times as an internal
investigator at a provider when i wanted to be able to convey to LE that =
they *should go through=20
the trouble* of doing all the paperwork of going to a judge, or even =
worse, through the MLAT
which means a foot of paper and a man-month of work. there were even =
more times when
i wanted to say "don't bother to even ask, you'd just be wasting your =
time"). but my lawyers
would not allow that sort of communication.
On Jun 7, 2013, at 11:05 AM, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said:
>> and also, only $20m/year? in my experience, the govt cannot do =
anything like this
>> addressing even a single provider for that little money.
>=20
> Convince me the *real* number doesn't have another zero.
>=20
> Remember - the $20M number came from a source that has *very* good =
reason
> to lie as much as it can right now about the true extent of this.
>=20
>=20
