What a week, let’s talk PRISM

08. June 2013 Security 4

You may have heard the term PRISM in these last few days. PRISM is an NSA program that was, until a few days ago, top secret. PRISM allows the NSA to access the servers of major internet companies like Microsoft, Yahoo, Google, Apple and a few others and with that, your information.

PRISM
First reported by the Washington Post and now acknowledged by Obama himself it is a covert cyber security program started in 2007. The NSA and FBI started this program to monitor the Internet data of “foreigners” using major U.S. Web sites. As it turns out PRISM does not ‘intentionally’ target citizens or people living in America but with unlimited, unrestricted access to these servers it stands to reason that anyone using these servers is fair game. If the government had a track record of being trustworthy and not abusing power we might believe PRISM is being used the way they say but personally i do not.

There is a lot more to learn about PRISM and i will provide some links to other sites that have covered this better than i could. Instead let’s see what this means for you, the target of PRISM.

You encrypt your hard drives, you use alternatives to google, you use iMessage because it’s security has not been compromised (yet) etc. etc. But whatever you do to your data, most of it ends up on or comes from, one of the servers compromised by PRISM. The very source of the data has been compromised so any security measure after the data leaves the source is useless, right? Yes and no, i’ll explain. These are the known companies of which PRISM collects data and the year they got connected to the program:
Microsoft, 2007.
Yahoo, 2008.
Google, 2009.
Facebook, 2009.
PalTalk, 2009.
Youtube, 2010.
Skype, 2011.
AOL, 2011.
Apple, 2012.
Now that we know who has been compromised we can take steps to limit what they can learn about us. Keep in mind, with unrestricted access to the servers of these companies there is nothing about you the government doesn’t already know. Yup, sounds very ‘conspiracy theory’ but it’s a simple truth. Even if you have encrypted certain data or communications, this data may be safe right now but as computing power grows and quantum computing is but a few years away, this once safe data could possibly be decrypted next year or the year after that. It already passed through one of those servers so it has been labeled, categorized, identified and possibly stored. Some of us who already knew or suspected the government does these kind of things were not surprised to learn about PRISM and have been working hard in trying to keep data as secure as possible and privacy as intact as possible. For those of you that are shocked by the discovery of PRISM and think ‘how could the government possibly do this to me’, welcome to the club. Every government world wide does this in one form or another, be sure of that.

So what can you do to protect your data, communications, privacy and identity from this day forward? This is tricky. If you go on full lockdown using VPN’s that bounce all over the world, encrypt every bit that leaves your machine or disappear off the virtual grid, you will raise red flags and draw a lot of attention to yourself. These kinds of programs, automated or not, will spot this behavior and will start paying extra attention to everything you do online. As the government’s computing power, manpower and budget far exceeds yours, this is attention you don’t want. You can of course carry on as you always have and accept that everything you do online is collected in one form or another and just accept it. If that is your choice i am somewhat surprised you have ended up on this website but it is an option never the less. You can also find a middle ground. Protect the real valuable information and let them have everything else. For this to work you need a good understanding of what you want to protect, how you need to protect it and how you can try to keep it protected. Thanks to the NSA documents that were leaked we now know about PRISM and the companies connected to it. While these are all major players in the virtual world, there are alternatives.

For example you can replace your search engine with DuckDuckGo or Startpage. Services that take your search and perform it for you. This way Google will have a record of ‘someone’ ‘somewhere’ performing a search but if it is traced it will show the IP address for DuckDuckGo or Startpage, not yours. As Microsoft, Google, Yahoo and AOL are on the list of PRISM-ers you should forget about ever using their search engines ever again if you want to keep some of your online privacy. This will be an inconvenience at first, it sure was for me, but i got used to it and i am happy that at least since 2009 none of these companies have seen a single search that can be tied to me in any way. Do i have to hide the fact i am searching for a good place to buy a monitor or shoes? No. But it’s no ones business but mine either.

One thing that does currently trouble is me is to see Apple on that list. Of course i knew Apple tracks and collects a lot on their own but somehow i had hoped they wouldn’t go as far as letting government agencies dig around on their servers unrestricted. I am a little hurt. Anyway, i use iCloud 24/7 just to name one service. My address book, email, calendars, documents are all on the Apple servers and are as visible and accessible to the NSA and FBI as they are by me. So i cleared out my iCloud and discontinued the use of the service. A sad day and very inconvenient at first but i am sure i’ll find an alternative down the road. For the past few days, syncing my iPhone to my Mac using the USB cable has actually not caused me any inconvenience at all. So everything i have ever stored on Apple’s servers has possibly been compromised or will be compromised in the future as PRISM digs through the many many terabytes of stored data. Though i have removed all my data now, backups done by Apple etc. etc. keep my data available to programs like PRISM still. But at least as of earlier this week, they will no longer know who gets added to my address book or what my day looks like in callendars.

So why did all the companies that were confronted by the people and the media, lie about their involvement? They didn’t. Instead, they worded their statements very carefully because a program like PRISM comes with a gag order. These companies are the government’s bitches and are not allowed to speak about it to anyone. So when Facebook says “We have never heard of PRISM” this may very well be true. The program could have been presented to them under a different name, who knows. Fact is, at some level they all knew what was happening and who was doing it with what goals. So yes, their servers are super secure, impossible to be hacked, encrypted and then encrypted again, we take your information and privacy very serious, blah blah blah, this may all be true but they know there is a tiny door built just for the government that allows them to do whatever they want. With a door like that in place all the encryption, heavy steel doors to the data centre, security guards by all the exits etc. work great against anyone who is not allowed but doesn’t do anything against those who are allowed, like the NSA.

you can take this as far as you want to. Think about all the services you use online and the ones that at some point connect to the internet. Then see if any of them use one of the above mentioned companies. Then see about replacing those services with others that do not use those companies at any point down the line. It’s a very time consuming mission but it is the first and most important step in regaining your privacy.

More about PRISM:
Washington Post
Gizmodo
CNET
And of course a lot more can be found about this by doing a simple search.

4 thoughts on “What a week, let’s talk PRISM”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.