tag:blogger.com,1999:blog-16750015.post5152501742247360903..comments2024-01-24T20:01:37.600-05:00Comments on slight paranoia: Analyzing Yahoo's PRISM non-denialChristopher Soghoianhttp://www.blogger.com/profile/08950937382104783909noreply@blogger.comBlogger27125tag:blogger.com,1999:blog-16750015.post-64624956959688620052015-04-27T02:40:47.791-04:002015-04-27T02:40:47.791-04:00looooooooooaaaaaaaaaaaaaaaaaalooooooooooaaaaaaaaaaaaaaaaaaMr. Namhttps://www.blogger.com/profile/06130647450991230208noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-34227651998329113442013-06-21T16:06:42.256-04:002013-06-21T16:06:42.256-04:00Actually the weasel words were correctly parsed in...Actually the weasel words were correctly parsed in what was a strawman. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-34195780586633980652013-06-11T15:27:20.547-04:002013-06-11T15:27:20.547-04:00It's two different situations.
1. NSA freely ...It's two different situations.<br /><br />1. NSA freely has access to Yahoo data? False<br /><br />2. The Feds sometimes go knocking at Yahoo's (or any internet company for that matter) door asking for specific data and sometimes get access to that data (only after having the "proper paper work" filled out)? TrueAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-66198387244791432012013-06-10T19:47:36.038-04:002013-06-10T19:47:36.038-04:00What about Google's "What the ...?" ...What about Google's "What the ...?" blog post?<br /><br />He says:<br />"""<br />First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.<br />"""<br /><br />This can't be a blank statement. If the above statement is true, Yahoo might as well be saying the truth.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-90091589685747711282013-06-10T03:26:44.902-04:002013-06-10T03:26:44.902-04:00Sorry for english.
As a previous post said, it ap...Sorry for english.<br /><br />As a previous post said, it appears in this story that disclosures for foreigns users are not to be blamed ? Even a US citizen should not trust a company that tells seriously not using data of US users but without care of foreign users data.<br />More, deciding data is 'relevant' (part of a foreign exchange) is a myth - where is and how to set a border ?<br /><br />Then, IMO, the major threat is from companies themselves : we all know, except being naive, that data are disclosed for commercial and advertising purposes (Yahoo officially claims it !). Why being so confident with private companies and not with supposed-so democratic state ? <br /><br />So, no way, if information is really sensitive, we should not spread it over the web. Dot. <br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-28724946412500144692013-06-10T01:14:24.296-04:002013-06-10T01:14:24.296-04:00For largely the same reasons as CS has set out in ...For largely the same reasons as CS has set out in th OP I think this statement is not a denial, but I don't think they're lying, and I also don't think they're being sneaky. - I think the language is completely intentional - along the lines of "We do not do anything voluntarily here. We are being forced to provide data and forced to keep quite about this abusive and absolutely crazy interference by government in our business and breach of trust with our customers. Pay attention, people, thank G you're finally asking questions!". And fb is the same. Don't blame the providers , no one is "asking" them to cooperate as if there's a choice to say "no". I think this message from Yahoo is honest and well crafted to deliver a specific message. Look at what they actually said. <br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-79997312777262738742013-06-09T14:52:14.910-04:002013-06-09T14:52:14.910-04:00Notice Zuckerberg's carefully crafted statemen...Notice Zuckerberg's carefully crafted statement. He only copped to not doing it in the past. He didn't say Facebook would NEVER do it.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-71470637755011065812013-06-09T12:01:52.213-04:002013-06-09T12:01:52.213-04:00@Anonymous at 10:15 AM: He isn't taking issue ...@Anonymous at 10:15 AM: He isn't taking issue with their compliance, he's challenging their voluntary, implicit denial of it. FISA/NSL requests contain a gag order preventing those served from acknowledging receipt of such requests, so the corporations involved would be excused for staying mute; but here Yahoo has gone on record with insinuations of non-collusion. They could have said, for instance, that legal constraints prevent them from acknowledging the scope of their involvement with PRISM, "taking the Fifth," figuratively speaking, which would've deflected public criticism up to where it truly belongs: the state. Instead, they chose to frame themselves as non-participants. Yahoo's statement is arguably a lie, but as Sogohian points out, contains enough shrewdly selected verbiage to stop short of an actual denial.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-53246195659486227682013-06-09T11:57:57.187-04:002013-06-09T11:57:57.187-04:00Bob said: "All phenomena are real in some sen...Bob said: "All phenomena are real in some sense, unreal in some sense, meaningless in some sense, real and meaningless in some sense, unreal and meaningless in some sense, and real and unreal and meaningless in some sense."<br /><br />Let's pose both the Guardian piece and the company denials are both true and meaningful. What do we learn?<br /><br />Prism is the name of an NSA program for NSA users. <br />Prism is not a program Yahoo, Google or Facebook joined, at least not under that name.<br />There does not have to be direct access to the servers. Guardian document claimed: Data collected directly from the servers. <br /><br />How is it possible for the NSA to get access to this data without direct access?<br />The data is probably collected at the ISP-level (room 641a-style), Hardware level, Content Delivery level, or by the companies themselves (data retention laws).<br /><br />NSA can get access to this data by using a warrant or court order. Prism is a program to help with part of this process. It could format the requests for the different legal departments, format the log-data to actionable data like the raw mail contents and even linguistic analysis on those contents.<br /><br />Google and Facebook have not been getting blanket or huge requests like the ones Verizon received:<br />...we had never heard of the broad type of order that Verizon received<br />Yahoo probably has or it doesn't deny it:<br />...Where a request for data is received, we require the government to identify in each instance specific users and a specific lawful purpose for which their information is requested.<br />This can still be a huge overbroad list. But luckily:<br />...We fight any requests that we deem unclear, improper, overbroad, or unlawful.<br />Which means they have probably received overbroad requests, including those they can not disclose.<br /><br />Yahoo and other companies didn't offer a non-denial. They denied direct access without a warrant/request/order. They denied knowing the internal code-name for a NSA project that involved them.<br /><br />Between the lines they don't deny: Getting requests. Getting requests with a gag-order. Having to retain all their communications for a period of time to stay in accordance with the law. That the NSA probably has access to this data pile. In the case of non-Americans it has free lawful direct access to this data pile (not the servers). <br /><br />Obama even said as much as that all non-US phonecalls and internet communication are analyzed.<br /><br />I hope Google and Facebook can keep saying stuff like:<br />...We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received.<br /><br />It sounds like a canary of sorts. If they have received such an order they wouldn't be able to talk about that anymore.<br /><br />But if NSA has access to the back-up/retention data pile/ISP data/Content delivery data (again.. not the servers) in accordance with the law, they wouldn't even need to request access anymore. As in: Google and Facebook would not receive a request like the one Verizon got, the NSA would just get it with a court order.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-18203027085667615962013-06-09T11:54:39.344-04:002013-06-09T11:54:39.344-04:00There's a lot of room for manipulation in Zuck...There's a lot of room for manipulation in Zuckerberg's announcement too:<br /><br />"Facebook is not and has never been part of any program to give the US or any other government direct access to our servers."<br />-It's not direct. It's indirect via a secure portal that performs queries. Just like Google gives you indirect access to millions of websites.<br /><br />"We have never received a blanket request or court order from any government agency asking for information or metadata in bulk,"<br />-Of course not. You have only received a request to install a device, which could then extract information in bulk on its own.<br /><br />"like the one Verizon reportedly received." <br />-It's not like it, because it covers content and not just metadata.Not Anonymous Anymorenoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-83148888683715959722013-06-09T10:48:36.373-04:002013-06-09T10:48:36.373-04:00FB's (Zuck's) response seems pretty unambi...FB's (Zuck's) response seems pretty unambiguous<br /><br />https://www.facebook.com/zuck/posts/10100828955847631<br /><br />"Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received."Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-11301259198414359382013-06-09T10:15:45.875-04:002013-06-09T10:15:45.875-04:00As an ACLU spokesperson, why are you trying to cas...As an ACLU spokesperson, why are you trying to cast aspersions on the corporations involved? They have to comply under the law. Period. The problem is with the government and the law itself. You're complicit in this if you continue to make it seem like the companies did anything wrong; you're just distracting the public from the real problem.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-17042766117669151442013-06-09T10:06:58.688-04:002013-06-09T10:06:58.688-04:00@anonymous 1:31, @ravan -- it's not being a do...@anonymous 1:31, @ravan -- it's not being a douche and hardy hysteria to study carefully a legal statement coming from one of the few massive titans on the Internet. if you don't realize Yahoo's legal spent even more time crafting the message than he did parsing it, then you don't understand law. <br /><br />stop pretending you understand things others don't. unless you work for Yahoo and can set the record straight....but you don't. you're just another nobody on the Internet like the rest of us. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-26672445927749763102013-06-09T09:34:48.647-04:002013-06-09T09:34:48.647-04:00Fantastic article. Thank you!
To the commenters: ...Fantastic article. Thank you!<br />To the commenters: he just wants the people who take our money to provide services to be honest and open instead of hiding behind word screens.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-53735501841483339462013-06-09T09:23:19.760-04:002013-06-09T09:23:19.760-04:00> because it is a PITA.
Something being a "...> because it is a PITA.<br />Something being a "PITA" might be a good reason for providing an interface that works more automated in the background.<br /><br />> "direct access" to the servers […] denied it in no uncertain term<br />What does <i>direct</i> even mean? What if there is a nice interface in-between?<br /><br />> Is there any statement<br />"I want you to listen to me. I'm going to say this again: I did not have direct access to that database"Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-42531103390803128562013-06-09T09:16:02.537-04:002013-06-09T09:16:02.537-04:00To the naive folks saying the program is legal and...To the naive folks saying the program is legal and companies were forced to comply: then why and how could Twitter (and potentially LinkedIn) refuse it? And why did it take Apple 5 years to agree? <br /><br />The only explanation is that PRISM really gives the government unfettered access to servers whereby the companies' cooperation isn't needed anymore. Once installed they could suck the whole server and the company wouldn't even know.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-34279148356618427502013-06-09T09:09:23.273-04:002013-06-09T09:09:23.273-04:00Attacking this post by saying Yahoo! has to provid...Attacking this post by saying Yahoo! has to provide the data by law is meaningless - I don't think anyone is arguing that they shouldn't. <br /><br />Rather, it is about pointing out they are probably misrepresenting their involvement in the program - in other words: lying through misdirection and omission. <br /><br />From what I understand they're also required by law to not tell people about what they're doing. So the only way for the public to glean the truth is actually through analyses such as these. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-37418933330438226922013-06-09T06:57:44.565-04:002013-06-09T06:57:44.565-04:00I am amazed no one has yet been amazed how everyon...I am amazed no one has yet been amazed how everyone in the US does not give a damn about people from other countries. People are freaking out because these programs or law orders sometimes involve 1 party that is a US citizen.. What about the other party and his privacy? What about the other inter-foreigner communications? Does no one give a damn about their privacy?<br /><br />You know, just because the company is US based input does not mean it should ignore other countries laws.<br /><br />I assume these companies, by answering US court orders, are constantly breaking laws in other countries they operate...<br /><br />When people freak out so selfishly, something is very wrong I'm the values of a country.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-64216857570548030272013-06-09T05:25:30.722-04:002013-06-09T05:25:30.722-04:00For f*cks sake, ragan. That's not the issue. R...For f*cks sake, ragan. That's not the issue. Read the comment above again:<br /><br /><i>"I think he's suggesting that, having received a court order, companies should not lie to the very users they claim to be protecting, by saying that they have not.<br />Or use clever and ambiguous language that they know will mislead their users into believing this."</i><br /><br />Get it now?raganRAGEANnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-88089799011484175342013-06-09T03:39:46.015-04:002013-06-09T03:39:46.015-04:00Have you bought your new tinfoil hat yet?
Yahoo,...Have you bought your new tinfoil hat yet? <br /><br />Yahoo, Google, et al have to comply with FISA orders, period. It is not cheap to do so. Therefore, they give the minimum required, and have their corporate sharks review it so they can avoid giving anything they don't have to, because it is a PITA.<br /><br />IMO, PRISM is the name for the NSA's database+hadoop analysis software that takes raw data and tries to get intel from it.<br /><br />Seriously, when you don't understand what is involved, don't default to hysteria.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-74589680070741310712013-06-09T03:33:15.749-04:002013-06-09T03:33:15.749-04:00From what I understand, possibly- data mining at t...From what I understand, possibly- data mining at this level encapsulates a passive legal pass. Not all parties involved may be aware , nor required to report to notify said party- and do so under the specifics of the .... Nice angle btw. I think several pertinant points are made.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-26590770694529456522013-06-09T02:29:30.422-04:002013-06-09T02:29:30.422-04:00Anonymous@1:31AM: This statement from Yahoo! isn&...Anonymous@1:31AM: This statement from Yahoo! isn't just any statement. You seem to be completely naive about how the PR game is played. In a crisis such as this one, lawyers and PR people carefully construct public statements, judiciously selecting each word to thread the needle just so. Public statements are designed to sound pleasing to the layperson but often contain half-truths and qualifications which are always subject to semantic parsing by people who know how the PR game is played.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-38042463209507499092013-06-09T02:28:06.843-04:002013-06-09T02:28:06.843-04:00@Anonymous. Yahoo's statement was a official d...@Anonymous. Yahoo's statement was a official document written by a senior lawyer, so it's fair to assume the words were chosen with precision. These were not off-the-cuff remarks. So a legalistic analysis was wholly appropriate. <br /><br />To answer your question - yes, it would have been possible to write the document so as to leave no room for doubt. For example, "Yahoo has not received court orders under 50 USC 1881a (AKA FISA Section 702) for communications data."Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-51644970002063684132013-06-09T02:25:18.127-04:002013-06-09T02:25:18.127-04:00I think he's suggesting that, having received ...I think he's suggesting that, having received a court order, companies should not lie to the very users they claim to be protecting, by saying that they have not.<br /><br />Or use clever and ambiguous language that they know will mislead their users into believing this.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-24765401599495282822013-06-09T02:11:47.909-04:002013-06-09T02:11:47.909-04:00The claim in Greenwald's article was the they ...The claim in Greenwald's article was the they were given "direct access" to the servers. Google and Apple -- everyone but America Online (I think they were closed for the weekend, all three of them.) denied it in no uncertain terms. I presume also that giving specific access in response to a court order would not count as what was alleged in the article. It seems the leak came from someone who didn't understand what he was seeing. Or by an unscrupulous "crusader" like Greenwald, or the idiots who worked for years to make "Whitewater" into a scandal.Jameshttps://www.blogger.com/profile/05009819005678088817noreply@blogger.com