How I learned to stop worrying and love Prism

There 's been great moral outrage this week as a new leak shows we are being monitored by something called Prism  - a tool that sucks up masses of data and then trawls it to ensure we are safe from terrorists and other bad people.

Prism is nothing more than a PR mess. If it had been packaged in other ways we’d quite happily have swallowed it whole without a whimper, however the sensational release of the PowerPoint and subsequent noise generated by the media coverage has caused a great fuss.

Further, the reality is that Prism is nothing in the wider context of spying and the toolsets and technology that are used to achieve it.

There are some facts about the world that people seem to not understand, or conveniently forget.

We, New Zealand, have been spied on and have spied on other countries for years.

As part of the “five eyes” network we were one of the first participating nations on the planet to spy on the satellite communications of foreign powers. Waihopai ran a 24X7 operation that squirted data back to the other five participating nations and in return we got data back about things of interest to us.

This has been going on since post World War II and was strengthened during the Cold War years. IBM supplied a top-secret “Stretch Harvest” computer system to the NSA in 1962.

It was the most advanced computer of its day, and a mammoth machine. Stretch-Harvest was made of dozens of refrigerator-sized cabinets, wired together, with the entire system weighing as much as 75,000 pounds, according to Dag Spicer, a senior curator at the Computer History Museum in Mountain View, Calif.

Technically, the computer was indeed a “stretch” and its mission was to “harvest” intelligence from intercepted communications from spy listening posts around the world.

If we fast forward a few years we see the deployment of Echelon. As geostationary satellites became commonplace and international communications exploded, listening posts were established in the US, Australia, Canada, the United Kingdom, and New Zealand. As time passed, the amount of satellite based traffic effectively dropped to nothing as fibre replaced the medium. This didn’t stop Echelon, the five eyes established “black rooms” where fibre backbones were intercepted and all data split off into large data stores. Echelon also developed Carnivore in response to the increasing traffic, a packet sniffing tool with a complex set of business rules sitting in the back end.

We knew that Echelon was used for nefarious purposes when Nicky Hager and Duncan Campbell blew its cover in the 1990′s. Echelon wasn’t just saving us from terrorists and pedophiles but in addition was providing information to commit industrial espionage.

“Examples alleged by the journalists include the gear-less wind turbine technology designed by the German firm Enercon and the speech technology developed by the Belgian firm Lernout & Hauspie.^[12] An article in the US newspaper Baltimore Sun reported in 1995 that European aerospace company Airbus lost a $6 billion contract with Saudi Arabia in 1994 after the US National Security Agency reported that Airbus officials had been bribing Saudi officials to secure the contract.” – Wikipedia

This information caused Eurpoean nations to recommend that encryption be used in all communications.

“In 2001, the Temporary Committee on the ECHELON Interception System recommended to the European Parliament that citizens of member states routinely use cryptography in their communications to protect their privacy, because economic espionage with ECHELON has been conducted by the US intelligence agencies.” - Wikipedia

So there we have it. Over twenty years ago this spying was occurring with regular monotony and the only defence against it was cryptography. Further, this is all public knowledge. Does this image look familiar?

This is a view of Narus, an extremely powerful technology that sifts through the collation of Internet data. Looks, smells, and seems to be exactly like Prism. This was outed in 1997. Sixteen years ago. Furthermore, its all in the public domain and has been for years:

“Narus is a company, now a wholly owned subsidiary of Boeing, which provides real-time network traffic and analytics software with enterprise class spyware capabilities. It was co-founded in Israel in 1997 by Ori Cohen, who had served as Vice President of Business and Technology Development for VDONet, an early media streaming pioneer, and Stas Khirman.” ^{- WIkiepedia}

This is the link to their online sales brochure.

Of course, then there is the Utah Data Centre, a massive behemoth that is well in the process of being constructed in the deep desert. We’ve know about this place since 2011, two years ago, and its purpose is absolutely no secret at all.

“The data center is alleged to be able to process “all forms of communication, including the complete contents of private emails, cell phone calls, and Internet searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter’.” -  Wikipedia

So there we have it, fifty years of right out there in the open spying. So why the extreme reaction and moral outrage with Prism? All it appears to be is a not seen before analytics engine sitting behind the data collection systems that have been in place for years. It is actually doing exactly what Narus has been able to do for years. In fact, there is almost no distinguishing differences between the two that I can see.

It’s possibly because people simply aren’t educated in the extent of spying. It’s also possibly because we’ve been told that we wouldn’t be spied on without some kind of “warrant”. Anyone who believed that give me a call, I have an excellent, hardly used bridge for sale at a great price.

Now we see calls in New Zealand to lengthen the debate around the latest spying legislation, but I am not sure as to the reasoning for that either. The legislation is old before it agreed. It asks for the right to access telecommunications data with a warrant should GCSB want it. The reality is that Prism, and the previous fifty years of intelligence tools, just collect that by right anyway. Further, if it is only you that holds the encryption key to your data, then you’re relatively safe. They would need to serve a warrant on your personally to get the data by asking you for your key.

As I’ve written before, the Americans are already going a step further trying to change the law so that providers have to have a copy of your encryption keys, a move no doubt that will see a flood of offshoring data.

On some level this raises the question of the rise of the surveillance state. But it seems that we are happy to allow private companies to continuously surveil us, Fly Buys is a great example in New Zealand, and how many of you have your GPS on and sending data to Google Maps in real time? It’s a contradiction. We are outraged if the government spies on us but we happily give away all our secrets to “free” services on a regular basis.

There has always been a race between spying and protecting our data. If you don’t encrypt your data then don’t expect it to be entirely secure, especially if it is traversing the internet backbone, its that simple.

Already homomorphic cryptography is in development, the ability for your data to remain encrypted all the time as opposed to providers who decrypt your data in some cases to process it.

We see the rise of the “Grid.” The ability to move data around without using the Internet backbone at all, particularly within a large city or country.

This is why I learned to stop worrying and love Prism. We have the tools in our hands to secure our data already.

Ian Apperley is an independent cloud computing consultant. He posts at whatisitwellington.com.