I'm cool with technology to catch bad guys, I just don't know that catching everything for some kind of dragnet is the right approach. There will be a time where Americans realize they are actually not in control of their governence, perhaps that time is now? On the upside, Holder now has another leak (reason) to subpoena a journalist.. ;) As a side note.. I don't know how many of you have been on major government projects, but 20MM was spent in the first 20 minutes.. Much of the gear can be developed by another organization on another (massive) budget. Look at Groom Lake*.. What's their budget?Government contracting is murky territory, especially when things are critically needed and a General says "go". *Groom Lake (area 51) was confirmed to be the facility that developed the stealth helicopter used in the Bin Laden raids. Sent from my Mobile Device. -------- Original message -------- From: Mark Seiden <mis@seiden.com> Date: 06/07/2013 12:11 PM (GMT-08:00) To: Valdis.Kletnieks@vt.edu Cc: goemon@anime.net,NANOG <nanog@nanog.org> Subject: Re: PRISM: NSA/FBI Internet data mining project i have talked with a dozen people about this who ought to know if there were something more creepy than usual going on. and nobody in engineering knows of anything. but hm, people in compliance said "no comment". that, and the $20M annual number, suggests that what they actually did was set up a portal for intel agency people to use to request "business records" of the members (service providers). (maybe PRISM stands for something like Portal to Request Intelligence Service Materials, or somesuch.) of course, under patriot, the legal concept of "business records" was greatly expanded, and the kinds of approvals needed to get them reduced. i really wonder if the FISC has a pki. i.e. as a technical matter can a FISC judge electronically approve a NSL or FISA warrant? if i'm right, now they're following the letter of the new law electronically, rather than using paper and fax. which would increase timeliness, accuracy and efficiency for all parties concerned. this would only affect compliance activities at the providers, who would continue receiving and handling individual requests just as previously and supplying the same data as before. (and i suppose now the providers could actually supply the returned records electronically also…) (i am actually in favor of this kind of thing for both law enforcement requests and for intel agency requests. the amount of time and money wasted and delays in handling perfectly legal and necessary investigative requests was kind of shocking to me. i repeatedly heard complaints about cases where compliance would not respond to LE in long enough that the data provided was stale for judicial purposes, and the same search warrant would have to be reissued. (or where they would take a very long time to reject a request for a technical or legal reason.) (there's an interesting gray area in this request handling: there were several times as an internal investigator at a provider when i wanted to be able to convey to LE that they *should go through the trouble* of doing all the paperwork of going to a judge, or even worse, through the MLAT which means a foot of paper and a man-month of work. there were even more times when i wanted to say "don't bother to even ask, you'd just be wasting your time"). but my lawyers would not allow that sort of communication. On Jun 7, 2013, at 11:05 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said:
and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money.
Convince me the *real* number doesn't have another zero.
Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this.