[163411] in North American Network Operators' Group
Re: PRISM: NSA/FBI Internet data mining project
daemon@ATHENA.MIT.EDU (Warren Bailey)
Fri Jun 7 16:18:09 2013
From: Warren Bailey <wbailey@satelliteintelligencegroup.com>
To: Mark Seiden <mis@seiden.com>, "Valdis.Kletnieks@vt.edu"
<Valdis.Kletnieks@vt.edu>
Date: Fri, 7 Jun 2013 20:14:49 +0000
In-Reply-To: <F271DDFD-C04A-44D3-95AC-24050D9C06CF@seiden.com>
Cc: "goemon@anime.net" <goemon@anime.net>, NANOG <nanog@nanog.org>
Reply-To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I'm cool with technology to catch bad guys, I just don't know that catching=
everything for some kind of dragnet is the right approach. There will be a=
time where Americans realize they are actually not in control of their gov=
ernence, perhaps that time is now? On the upside, Holder now has another le=
ak (reason) to subpoena a journalist.. ;)
As a side note.. I don't know how many of you have been on major government=
projects, but 20MM was spent in the first 20 minutes.. Much of the gear ca=
n be developed by another organization on another (massive) budget. Look at=
Groom Lake*.. What's their budget?Government contracting is murky territor=
y, especially when things are critically needed and a General says "go".
*Groom Lake (area 51) was confirmed to be the facility that developed the s=
tealth helicopter used in the Bin Laden raids.
Sent from my Mobile Device.
-------- Original message --------
From: Mark Seiden <mis@seiden.com>
Date: 06/07/2013 12:11 PM (GMT-08:00)
To: Valdis.Kletnieks@vt.edu
Cc: goemon@anime.net,NANOG <nanog@nanog.org>
Subject: Re: PRISM: NSA/FBI Internet data mining project
i have talked with a dozen people about this who ought to know if there wer=
e something
more creepy than usual going on.
and nobody in engineering knows of anything. but hm, people in compliance =
said "no comment".
that, and the $20M annual number, suggests that what they actually did was=
set up a portal
for intel agency people to use to request "business records" of the members=
(service providers).
(maybe PRISM stands for something like Portal to Request Intelligence Servi=
ce Materials,
or somesuch.)
of course, under patriot, the legal concept of "business records" was great=
ly expanded,
and the kinds of approvals needed to get them reduced. i really wonder if =
the FISC has
a pki. i.e. as a technical matter can a FISC judge electronically approve =
a NSL or FISA
warrant?
if i'm right, now they're following the letter of the new law electronicall=
y, rather than using paper and
fax. which would increase timeliness, accuracy and efficiency for all part=
ies concerned.
this would only affect compliance activities at the providers, who would co=
ntinue receiving
and handling individual requests just as previously and supplying the same =
data as before.
(and i suppose now the providers could actually supply the returned records=
electronically also=85)
(i am actually in favor of this kind of thing for both law enforcement requ=
ests and for intel agency
requests. the amount of time and money wasted and delays in handling perfe=
ctly legal and necessary
investigative requests was kind of shocking to me. i repeatedly heard comp=
laints about cases where
compliance would not respond to LE in long enough that the data provided wa=
s stale for judicial
purposes, and the same search warrant would have to be reissued. (or where=
they would take a
very long time to reject a request for a technical or legal reason.)
(there's an interesting gray area in this request handling: there were sev=
eral times as an internal
investigator at a provider when i wanted to be able to convey to LE that th=
ey *should go through
the trouble* of doing all the paperwork of going to a judge, or even worse,=
through the MLAT
which means a foot of paper and a man-month of work. there were even more =
times when
i wanted to say "don't bother to even ask, you'd just be wasting your time"=
). but my lawyers
would not allow that sort of communication.
On Jun 7, 2013, at 11:05 AM, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said:
>> and also, only $20m/year? in my experience, the govt cannot do anything=
like this
>> addressing even a single provider for that little money.
>
> Convince me the *real* number doesn't have another zero.
>
> Remember - the $20M number came from a source that has *very* good reason
> to lie as much as it can right now about the true extent of this.
>
>
