i have talked with a dozen people about this who ought to know if there were something more creepy than usual going on. and nobody in engineering knows of anything. but hm, people in compliance said "no comment". that, and the $20M annual number, suggests that what they actually did was set up a portal for intel agency people to use to request "business records" of the members (service providers). (maybe PRISM stands for something like Portal to Request Intelligence Service Materials, or somesuch.) of course, under patriot, the legal concept of "business records" was greatly expanded, and the kinds of approvals needed to get them reduced. i really wonder if the FISC has a pki. i.e. as a technical matter can a FISC judge electronically approve a NSL or FISA warrant? if i'm right, now they're following the letter of the new law electronically, rather than using paper and fax. which would increase timeliness, accuracy and efficiency for all parties concerned. this would only affect compliance activities at the providers, who would continue receiving and handling individual requests just as previously and supplying the same data as before. (and i suppose now the providers could actually supply the returned records electronically also…) (i am actually in favor of this kind of thing for both law enforcement requests and for intel agency requests. the amount of time and money wasted and delays in handling perfectly legal and necessary investigative requests was kind of shocking to me. i repeatedly heard complaints about cases where compliance would not respond to LE in long enough that the data provided was stale for judicial purposes, and the same search warrant would have to be reissued. (or where they would take a very long time to reject a request for a technical or legal reason.) (there's an interesting gray area in this request handling: there were several times as an internal investigator at a provider when i wanted to be able to convey to LE that they *should go through the trouble* of doing all the paperwork of going to a judge, or even worse, through the MLAT which means a foot of paper and a man-month of work. there were even more times when i wanted to say "don't bother to even ask, you'd just be wasting your time"). but my lawyers would not allow that sort of communication. On Jun 7, 2013, at 11:05 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said:
and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money.
Convince me the *real* number doesn't have another zero.
Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this.