NSA’s PRISM and the Oddity of PalTalk

[graphic: GuardianUK (mod)]

[graphic: GuardianUK]

Remember this presentation slide on PRISM from last month’s blockbuster report by the Guardian-UK?

Remember the one outlier right smack in the middle of the slide — the company name most folks don’t recognize?

PalTalk.

Very few news outlets tackled PalTalk, explaining what the business is and asking why it was included in the program. There was little more than cursory digging; Foreign Policy looked into PalTalk’s background, while PCMag merely asked in a snarky piece why PalTalk instead of a myriad of other larger alternative social media platforms.

It’s still a good question, but the answer might be right in front of us with a little more analysis.

PalTalk is an “online video chat community,” according to its own description. This means it is in the same competitive space as AOL and Skype, as well as Microsoft’s Hotmail IM and Yahoo Messenger.

The slide we’ve seen doesn’t tell us if access to AOL, Microsoft, and Yahoo was limited to email only, however. We can’t be certain PRISM and the other programs referenced in this particular NSA presentation weren’t also permitted access to live chat environments hosted by these companies. Foreign Policy sidled up to the issue, mentioning Yahoo as well as PalTalk, but didn’t follow through. It’s been relatively easy to see how interest veered away from this question; many news outlets focused on email metadata, not chat.

Squirrel away the unasked, unanswered question(s) about chat someplace for future reference.

With regard to PalTalk, Foreign Policy noted the organization was singular among the companies cited in the NSA slide as it was not a Silicon Valley firm. PalTalk is based in New York. The line of inquiry here went no further.

Hello, New York? This small business is co-located in an AT&T facility in Manhattan, and in New Jersey according the firm’s CEO and founder Jeffrey Katz in a Forbes article dd. 2003 to which FP linked:

“…He rents space in two AT&T data centers, one in Manhattan, another in Secaucus, N.J., with $700,000 worth of computer equipment, including 80 lower-end servers from Dell Computer and five IBM Unix servers. …”

This should raise numerous questions at this point. Manhattan must be an extremely expensive place to run a data center, cheek-and-jowl with financial traffic demanding extremely high uptime. Because of the frequency with which New York was mentioned in published content about PalTalk, the New Jersey location is likely a redundant facility for the purposes of business continuity if the main facility is disrupted.

You’ll recall the last major disruptions to data traffic out of New York were due to Hurricane Sandy and 9/11.

Why would a tiny online video chat community need a data center likely to have world-class uptime and redundancy of a nature a company might need only twice a decade?

Another surprising matter is Foreign Policy’s reference to earlier articles about Paltalk, while missing this key tidbit to which it linked from that same Forbes article:

“ A less savory crowd naturally migrates to such services. Katz reckons that about 5% of his traffic comes from folks using PalTalk to engage in a video-enhanced version of phone sex. But he prefers to talk about wholesome users, like Dennis Hill, a Marine at sea who uses his ship’s Internet connection and PalTalk to reach his dad in Indiana. Or Reza Pahlavi, son of the late shah of Iran, who last year addressed 700 PalTalk subscribers in an online video forum. “We had people from all over the world,” Katz marvels. “What other medium could do this?” …”

Of course the NSA might have some interest in a chat community where many Iranians congregate, especially Pahlavi loyalists.

Which brings us to a question which has been asked in a few different forms: What is it the domestic spying program really looking for in all the data from PalTalk along with the other Silicon Valley tech firms?

Whatever it is, it wasn’t information to put the U.S. ahead of the curve on Arab Spring in Libya, Egypt, or now in Syria. PalTalk access was acquired in 2009; last year, British news outlets reported Al-Qaeda supporters used PalTalk as a venue for planning a bombing scheduled to detonate around Christmas Eve 2010. In spite of likely monitoring of PalTalk after the bomb plot was foiled, U.S. response to Arab Spring and Syria appears to have been rather reactive, not proactive.

An interesting facet of the reporting on the December 2010 UK bomb plot was the images of the suspects used in the reporting. Were some of these mug shots actually low resolution snaps from PalTalk video? Even if this isn’t the case, is it PalTalk’s video component which is most valuable to the NSA? The Telegraph-UK noted in 2010 that PalTalk was the largest online video chat service at that time, offering the ability to participate in multiple chats simultaneously. Was the network of contacts participating in multiple video chats what made PalTalk access critical to PRISM?

Perhaps there’s yet more revelatory information in all the content written to date about PalTalk. It’s worth another look. In the meantime the question remains: why PalTalk?

image_print
18 replies
  1. PeasantParty says:

    Man! That is some butter slathering you have going on!

    I haven’t seen anything on the PalTalk as of yet. I think you just did another ZOOM-Scoop.

    Thanks for the information and the great detail.

  2. Arbusto says:

    In the meantime the question remains: why PalTalk?

    I’ll bite; NSA/CIA wholly owned subsidiary?

  3. JohnT says:

    My first thought, without doing any kind of search is, were they funded by In Q Tel? Is that how they got their start?

  4. earlofhuntingdon says:

    Those resources would make PalTalk no ordinary start-up. It’s more likely a virtual Dionaea muscipula, with attractants for 5.5 million Internet, IPhone and Android users. Yum yum.

  5. Rayne says:

    @earlofhuntingdon: Another facet of this Dionaea muscipula is the paid accounts for hosting chats. Who was paying for accounts? That’s yet another network of information gathered, depending on the purchaser. *snap!*

  6. The Tim Channel says:

    I’ve noticed my comments hardly ever appear when I add my website to the reply info in the box provided for same and not only here, but on many other sites as well. Not sure what’s up with that (conspiracy theory?), but let me try this again without my link to thetimchannel on wordpress.com

    The government is collecting everything from everywhere and storing it forever. Any other fanciful ideas on “it’s only the metadata” are hockum. This spying will remain perfectly “legal” until Lindsay Graham’s web browser history gets posted to Gawker. Mark my words. Enjoy.

  7. Anonymous says:

    PalTalk is based in NY, so they use a data center in NY. How is this a mystery?

    You assume that NY co-location is more expensive than other co-location, but it often isn’t.

    PalTalk is pretty typical, from a NY tech start-up perspective. They raised $6M, which is decent but not amazing.

    http://www.crunchbase.com/company/paltalk

    You might be on to something when you talk about Iran and international users, but (at first glance, at least) there is nothing sketchy about the company or that they are located in NY data centers.

  8. MichaelD says:

    Much respect, but Leo Laporte mentioned PalTalk and the Arab Spring a few days after the first Greenwald/Snowden release.

    PS It was on the Security Now podcast

    MD

  9. Rayne says:

    @Anonymous: Let me be more clear about why NYC is so odd.

    New York City commercial real estate is some of the most expensive in the world; it is THE MOST EXPENSIVE in the U.S.

    Why would a tiny start-up locate its data center in the most expensive place in the U.S.? That’s just pure stupid. If I were venture capital or a bank loaning them money, I’d tell them hit the bricks until they came up with a better business plan. Pretty typical my left ovary; there’s no compelling reason why a start-up that wants a NYC presence must have a data center in NYC. If they wanted to locate their OFFICES in NYC, great, but they’d still better have one helluva business plan if they were looking for financing.

    Hell, why not locate the data center in Princeton, NJ?

    As for Iran: can you think of any reporting about any other social media outlet to which Pahlavi loyalists have congregated in the hundreds? Can you think of one with video conferencing at this scale? There just aren’t any. This business is highly unusual for this reason alone.

    I’m going to point out that a business like this, establishing a start-up data center inside an AT&T site, makes it all too easy for a Room 641B to exist just outside PalTalk servers but inside AT&T’s facility.

    @MichaelD: Did LaPorte do more than note PalTalk? Did he actually provide any new background material about PalTalk? The point here is that monitoring PalTalk since 2009 did not appear to put either State Dept. or Defense Dept. in a proactive response mode to Arab Spring. Rather, in spite of the access, they were caught flat-footed. Did LaPorte say that last month, or no?

  10. joanneleon says:

    There is and has been big hosting companies in NYC and directly across the river in Jersey City (and I guess Hoboken and Secaucus) since the 90’s. When I worked for a Wall St. company, that’s where we hosted some sites and I spent many a day on freezing cold caged in racks of servers on the Hudson River in Jersey City, directly across from the World Trade Center. It’s not at all unusual to find companies with data centers there.

    The IT needs of the financial world are enormous.

    Now on the other hand, there are data centers used for actual trading systems, high speed trading, that are in some premium data centers on the island itself, and these guys are competing for tiny fractions of a second in speed, so that’s something else altogether.

    But run of the mill data centers and hosting – plentiful in that area.

    I was wondering if PalTalk was used by Wall Street traders, and the various wheelers and dealers, analysts, research writers, people who calculate things, etc. If you recall, some traders were using their Bloomberg terminals messaging system to make markets. Some kinds of trading and market making are still done by phone, electronic communication.

  11. joanneleon says:

    @Rayne: Rayne, there was a time when hosting companies were going out of business. I can’t remember the name of the one we used in Jersey City, but it went belly up. I think this was in the mid 2000’s, but I’m not entirely sure. Maybe some of those data centers were up for sale for a good price during that time.

  12. Rayne says:

    @joanneleon: This part here makes sense:

    I was wondering if PalTalk was used by Wall Street traders, and the various wheelers and dealers, analysts, research writers, people who calculate things, etc. If you recall, some traders were using their Bloomberg terminals messaging system to make markets. Some kinds of trading and market making are still done by phone, electronic communication.

    because there are customers who host video conference sessions related to trading who have been quoted about PalTalk’s service.

    But does this really require location inside Manhattan?

    As for the possibility of cheap hosting: the service was inside AT&T’s facility, the very last hosting/communications business I would ever see departing Manhattan, the one you could be sure would have best uptime due to the nature of customers and content carried in that locale.

    This wasn’t about price for PalTalk. It was about uptime.

Comments are closed.