June 12, 2013
Privacy Roundup: PRISM Special Edition
May has rolled into June and summer is fast approaching. Originally I had planned for this privacy update to be another collection of somewhat random links regarding the world of security and privacy. And then… We had Thursday. And then PRISM. And it seemed only right to gather as much information, opinion and material as possible around PRISM and make it available to our readers.
But what is PRISM?
This far in, all anyone can tell for sure is that PRISM is the name of a data collection model and technology solution that improves speed and simplicity in allowing NSA and possibly other US agencies to access user data from a large number of the worlds most popular online services. (Including Google, Skype, Microsoft, Facebook etc.)
It seems the program in itself actually does not introduce any new laws, or even break any current ones. What it does however is enables a more effective way for the NSA to request and receive private user data. And of course, this makes it ripe for speculation as to what this ‘new’ stream lined procurement process is being used for and how.
One of the most informative posts as to the model, use, and participants ironically enough comes from the NSA themselves (via Washington Post) and can be found here:
If you desire to dig a bit deeper into PRISM, what people are saying / thinking, and what companies may or may not have been directly involved, here are a collection of what we found to be the most informative links on the subject from the last several days:
- Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL And Apple Deny Participation In NSA PRISM Surveillance Program
- Tech Companies Concede to Surveillance Program
- Technology giants struggle to maintain credibility over NSA Prism surveillance
- What is a Pen Register
- We are shocked, shocked…
- Orwell’s fears refracted through the NSA’s Prism
- Edward Snowden: the whistleblower behind the NSA surveillance revelations
Though we will be elaborating on the PRISM program in relation to SpiderOak in a separate blog post, I can say definitively that our users’ data is encrypted client-side, uploaded, and stored in its fully encrypted state which means we are never able to view plaintext user content under any circumstances. In short, PRISM would be wholly and entirely useless in the SpiderOak context.
To Note: We also have yet to even be contacted by any agency regarding the program – surely a result of our ‘Zero-Knowledge’ privacy environment. After all, encrypted data is rather useless for conducting data mining activity.
In light of recent news and the topic for this special roundup I think it’s only fitting we sign off with this quote of the week:
“He who controls the past controls the future. He who controls the present controls the past.” – George Orwell in 1984