Truck-sized Holes: Journalists Challenged by Technology Blindness

[photo: liebeslakritze via Flickr]

[photo: liebeslakritze via Flickr]

Note: The following piece was written just before news broke about Booz Allen Hamilton employee Edward Snowden. With this in mind, let’s look at the reporting we’ve see up to this point; problems with reporting to date may remain even with the new disclosures.

ZDNet bemoaned the failure of journalism in the wake of disclosures this past week regarding the National Security Administration’s surveillance program; they took issue in particular with the Washington Post’s June 7 report. The challenge to journalists at WaPo and other outlets, particularly those who do not have a strong grasp of information technology, can be seen in the reporting around access to social media systems.

Some outlets focused on “direct access.” Others reported on “access,” but were not clear about direct or indirect access.

Yet more reporting focused on awareness of the program and authorization or lack thereof on the part of the largest social media firms cited on the leaked NSA slides.

Journalists are not asking what “access” means in order to clarify what each corporation understands direct and indirect access to mean with regard to their systems.

Does “direct access” mean someone physically camped out on site within reach of the data center?

Does “direct access” mean someone with global administrative rights and capability offsite of the data center? Some might call this remote access, but without clarification, what is the truth?

I don’t know about you but I can drive a Mack truck through the gap between these two questions.

So which “direct access” have the social media firms not permitted? Which “direct access” has been taken without authorization of corporate management? ZDNet focuses carefully on authorization, noting the changes in Washington Post’s story with regard to “knowingly participated,” changed later to read “whose cooperation is essential PRISM operations.”

This begs the same questions with regard to any other form of access which is not direct. Note carefully that a key NSA slide is entitled, “Dates when PRISM Collection Began For Each Provider.” It doesn’t actually say “gained access,” direct or otherwise.

The next challenge surrounds the questions of authorization and participation. Some news outlets point to the denials by social media firms Yahoo and Google, in which these firms claim no participation in PRISM. Yet the NSA slides show “acquired access to servers” for these firms.

Again, I can deftly maneuver a 40-foot dry van between these two attributes. The NSA’s acquisition of access does not require conscious authorization or active participation in PRISM. Of course this also hinges on the meaning of “access.”

[Insert Princess Bride pop culture reference here: “I do not think that word means what you think it means.”]

There’s one more wrinkle further clouding reporting, about which journalists are not demanding clarification, and that is the program itself.

An Apple spokesman said it had “never heard” of Prism.

[Guardian, 13-JUN-2013]

The natural followup for all other reporters:

— Have any Apple employees, management or its board of directors heard of PRISM?
— Have any Apple employees, management or its board of directors heard of US-984XN?
— Have any Apple employees, management or its board of directors heard of any U.S., state/local, or international government project not named PRISM or US-984XN through which non-corporate employees are granted direct access, remote access, or access in any shape or form to data flowing into or out of data center servers?
— Are any of Apple employees, management or its board of directors aware of any government-installed or government-monitored network installations directly outside the data centers, through which incoming and/or outgoing data flows into the WAN?
— How many federal or state court orders requiring copies of data, apart from National Security Letters, have the social media providers complied with — top secret or otherwise?

Insert Google, Yahoo, Paltalk, AOL here instead of Apple and ask the same questions. (Don’t waste time with Stuxnet-enabler Microsoft.)

Having brought up US-984XN, the next challenge is compartmentalization, by which I mean a program inside a program. What if PRISM is inside US-984XN, or vice versa? What does the larger of the two programs look like, if this is the case? Can a compartmentalized program explain the carefully worded denials or lack of recognition when it comes to PRISM?

Does the larger program — directed by Presidential Policy Directive 20 (pdf) issued 16-OCT-2012 and likely shaped by predecessor National Security Presidential Directive 54 issued 08-JAN-2008 — included monitoring systems sitting outside the social media corporate data centers, installed somewhere along the WAN?

Will any journalist start asking the network service providers? Granted, they’ll likely offer non-denial denials, but it’d be nice to have them on record. The truth may be disclosed by the shape of the black hole formed by their reluctant responses.

Perhaps ZDNet will look more carefully at the Guardian’s report, which spawned much of the subsequent confusion among its technologically uninformed competitors. Where exactly did the Guardian obtain the fact or come to the conclusion that the NSA had obtained “direct access” to major social medial providers’ servers? The public cannot see this in the slides they have revealed so far.

Don’t even get me started on the possibility of wireless network sniffing systems invisibly monitoring content sent between towers and the internet’s backbone.

Or the lack of questions about the NSA slide tagline, “The SIGAD Used Most in NSA Reporting” (boldface theirs).

Or questions about the WaPo’s redaction of the title, “PRISM Collection Manager, S35333” from the slide the Guardian had already published.

14 replies
  1. jerryy says:

    Do you think anyone wil explain how, with all of this surveillance and monitoring going on, those weaknesses in our internet connected infrastructure were left wide-open instead of being al least ‘silently’ fixed? You know the ones, big holes in the DOD ‘net, the utilities that got hacked, etc, etc; all taken down by ‘agents’ in other countries. It looks like those prism heat maps(8) are showing the NSA is more worried about spying on US Citizens than on the cyber warfare attacks.

    (*) If you have not seen any of the maps yet:

  2. Rayne says:

    @jerryy: Won’t get explained as long as no one asks in a manner where the public will see the answers.

    Many of the holes in the DOD net are the same as those in corporate net; they’ve not been closed with all due speed because (1) they are needed (see Stuxnet), or (2) the owners/users cannot/will not fix for a number of reasons including costs, or (3) owners/users are ignorant.

    WRT to the BI heat map: doesn’t it seem odd that with AQ-related entities known to be lurking in parts of South America, our nation’s sensitivity to fuel disruptions (see Venezuela), and the war on drugs, the region is amazingly green on this map?

  3. Valley Girl says:


    But, what struck me first when I looked at the map was that Brazil has traffic above the rest of SA. I looked at map when I read GG piece at Guardian. And where does GG live? Hmmm…Is this just a coincidence? (I’m sure there are other reasons, b/c of “our” political activities in Brazil, though I can’t give a cite, just a vague recollection.)

  4. Rayne says:

    @Valley Girl: Can’t believe GG would gin enough traffic on his own. LOL I do wonder if there’s a lot of cross-border content, though; there are a number of videos on YouTube showing drug interdiction flights which appear to be along Brazil’s border with other states. However that still raises the question why there isn’t more monitoring of Colombia and Peru specifically.

  5. Valley Girl says:


    Yeah, I was just telling you my first reaction. lol. btw, (OT I am green at google, so maybe you can get me up to speed in chat)

  6. Rayne says:

    @Valley Girl: I have to drop off in a minute or I’d ping you.

    Dawned on me after my last comment that Brazil is home to Embraer, which produces the Tucano. This plane is favored for drug interdiction use, sold often to Argentine and French military. I wonder if much of the monitoring actually reflects arms/weapons sales and movement, though it clearly isn’t focused on drugs that fund same through black ops.

  7. P J Evans says:

    @Valley Girl:
    What I noticed was that the ‘hottest’ places are Iran and Pakistan, and neither of them was mentioned in the caption. Nor was Egypt, which was conspicuous in Africa.

  8. Valley Girl says:

    @P J Evans:

    I’m still trying to figure out what is being measured- there were some comments on the GG thread, but didn’t help me, at least. What I didn’t (don’t) understand was how the “colors” were determined- absolute numbers (of something?) compared, or adjusted by population size of country? Or adjusted in some other way?

    And, yes, re: your other points.

  9. jerryy says:

    @Rayne: @Valley Girl: One other wild-assed guess is the monitoring may be due to some of Brazil’s economic views, namely their automatic-automated high tarrifs on imported goods, so high that some manufacturers wanting to do business there find it cheaper to build a local factory than to ship goods there:

    Those free-labor, errr, fixed trade, errr fair trade folks get really annoyed about that, more so than any annoyances caused by the drug farmers arguing with the revolutionaries.

  10. William Ockham says:

    I suspect much of the confusion results from the difference between what the tech companies believe they have given up vs. what the NSA believes they have. The NSA believes they can get anything they want off those servers anytime they want. The tech companies believe the NSA can only get what the tech companies give them. We can’t tell from this distance if one party is correct, neither is correct, or both are correct. My Bayesian prior is that each of the four possibilities is equally likely.

  11. lefty665 says:

    @William Ockham: Always a good start, and as we learn more, you’ll adjust and converge at the right answer.

    However, once you let the spooks in, it’d be hard to argue that there’s much that could be kept from them. That would weight my starting priors. Some of them boys and girls at NSA are pretty bright. Techies are bright too, but don’t have the same national technical means.

  12. Rayne says:

    I think based on Snowden’s comments we know there is some method of remote access which allows monitoring and collection of virtually anything attached to a public network.

    What we don’t know now is whether this is inside/outside social media servers’ firewalls, inside/outside the physical property of the social media companies’ facilities, and if a physical method or software application, or both.

    We still don’t know what the social media firms have agreed to, if at all; explanations so far are still sketchy and in need of clarification by journalists. Such clarification will only be obtained with better, tighter inquiry.

Comments are closed.