Daily links are still flooded with stories about PRISM, which was also related to our regular scope of coverage [1, 2, 3]. PRISM is not exactly news to those who watched the NSA closely (as I did for several years). What's new, for the most part, is concrete proof finally existing and being accessible to the public. Cablegate has been the bloodline of some valuable posts of ours, showing the importance of secret policy being made public. The Guardian did decent work, but it didn't publish all the documents as the leaker had hoped based on some reports. This permits some companies to deny what they are doing. This means that people will carry on with their addiction to Web search and proprietary chat facilities from Microsoft and Google. It is already clear that Microsoft gives governments easy access to Skype (we wrote about it months ago, citing Microsoft's own admission) and the 'guardian' reminds us of that:
UK intelligence agencies made thousands of requests for information on private communications via Microsoft products last year, with demands for Skype call information outnumbering those made by US agencies.
In 2012, the UK made 1,268 requests to Skype for information such as the names of callers, their address, email account details and telephone numbers dialled. This was a quarter of all requests received by the Microsoft-owned internet call service from governments around the world. The requests could have come from British police and intelligence agencies, such as GCHQ.
identi.ca the other day, "Microsoft for security, like fencing with a baguette." There is more to the numbers above, which is why Glenn Greenwald should pass the leaked documents to Wikileaks, making a copy of the whole lot of documents, thus permitting full publication of public policy (the 'guardian' won't do it). Unless this happens, many companies will carry on evading/lying to restore public acceptance of a mass surveillance state where dissidents are the real target. ⬆
There were many striking details in the Washington Post’s scoop about PRISM and its capabilities, but one part in particular stood out to me. The Post, citing a top-secret NSA PowerPoint slide, wrote that the agency has a specific “User’s Guide for PRISM Skype Collection” that outlines how it can eavesdrop on Skype “when one end of the call is a conventional telephone and for any combination of 'audio, video, chat, and file transfers' when Skype users connect by computer alone.” (Emphasis added.)
This piece of information is significant for a number of reasons. Last year, speculation arose in the hacker community that Skype, which was purchased by Microsoft in 2011 and had been difficult to wiretap, had become compliant with law enforcement demands. I pressured Skype to disclose its eavesdropping capabilities, but the company refused to discuss the matter. After a range of advocacy groups published an open letter calling for more clarity on the issue, Microsoft eventually released a transparency report detailing information about law enforcement requests for user data. The report devoted an entire section to Skype and claimed that in 2012, it hadn’t handed any communications content over to authorities anywhere in the world. Microsoft also said in notes accompanying the transparency report that calls made between Skype-Skype users were encrypted peer-to-peer, implying that they did not pass through Microsoft’s central servers and could not be eavesdropped on—except maybe if the government deployed a spy Trojan on a targeted computer to bypass encryption.
But the NSA “PRISM Skype Collection” guide casts doubt on whether any Skype communications are beyond the NSA’s reach. That the NSA claims to be able to grab all Skype users’ communications also calls into question the credibility of Microsoft’s transparency report—particularly the claim that in 2012 it did not once hand over the content of any user communications. Moreover, according to a leaked NSA slide published by the Post, Skype first became part of the NSA’s PRISM program in February 2011—three months before Microsoft purchased the service from U.S. private equity firms Silver Lake and Andreessen Horowitz.