PRISM, The Guardian, slide #2.

Purpose:

PRISM is an NSA programme that exploits data collected by the FBI’s Data Intercept Technology Unit (DITU) from nine major US corporations including Facebook, Google and Apple. There is no single PRISM database. Rather, when the data arrives at the NSA, it is sorted and distributed to the following systems:

• MARINA: Internet metadata
• MAINWAY: telephone metadata
• NUCLEON: voice content
• PINWALE: selected email and other content

MARINA is the counterpart of PRISM, where MARINA stores metadata and PRISM provides access to content. The telephone counterparts are MAINWAY (metadata) and NUCLEON (content) (MOJ01).

Mother Jones Magazine, Four programmes.

According to the leaked slides, PRISM is the biggest single contributor to the NSA’s intelligence reporting (GUA01).

Capabilities:

• Access to content and metadata from service providers via the FBI

Data sources:

• Content and metadata from nine major US companies:
  • Google
  • Skype
  • Facebook
  • Yahoo
  • Microsoft
  • Apple
  • YouTube
  • AOL
  • PalTalk

Related programmes:

MARINA – NSA repository for Internet metadata.

PINWALE – NSA content repository.

Layers of operation:

• Application layer: Collection of content and metadata through interfaces created by service providers.
• Social layer: Aggregation of content and metadata from multiple applications.

Background:

PRISM is considered a downstream programme as it collects information from service providers. It is used in conjunction with upstream programmes that collect communications from fibre-optic cables and other infrastructure.

Although PRISM is an NSA programme, GCHQ is a key partner and has full access to the database (GUA02). In 2013, a UK parliamentary committee deemed GCHQ’s activity legal (BBC01). However, in 2015 the Investigatory Powers Tribunal deemed the activity unlawful (GUA03).

Company partners:

• Google
• Skype
• Facebook
• Yahoo
• Microsoft
• Apple
• YouTube
• AOL
• PalTalk

Sources:

BBC News (BBC)
1) http://www.bbc.co.uk/news/uk-23341597

Guardian (GUA)
1) http://www.theguardian.com/world/interactive/2013/nov/01/prism-slides-nsa-document
2) http://www.theguardian.com/technology/2013/jun/07/uk-gathering-secret-intelligence-nsa-prism
3) http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-internet-surveillance-unlawful-court-nsa

Mother Jones Magazine (MOJ)
1) http://www.motherjones.com/kevin-drum/2013/06/washington-post-provides-new-history-nsa-surveillance-programs

MUSCULAR , Washington Post, “Google Cloud Exploitation” slide.

MUSCULAR is a joint GCHQ and NSA programme that collects data travelling between internal data centres owned by Google and Yahoo. It achieves this by accessing the cables through which the companies’ internal network traffic passes. The programme is used to collect emails, documents, pictures, search queries and other data.

The programme relies on the telecommunications provider Level 3 to offer secret access to a fibre-optic cable at a point where Google and Yahoo traffic passes (NYT01). The access point, known as DS-200B, is located somewhere in the UK (WAH01).

MUSCULAR stores data for a three to five day period, during which GCHQ and NSA decode the proprietary data formats used by each company and extract information they want to keep (WAH02).

Capabilities:

• Bulk collection from private networks
• Bypassing encryption used on public networks
• Decoding proprietary data formats

Data sources:

• DS-200B, cable location owned by Level 3
• Digital content from two major US companies

Related programmes:

WINDSTOP – NSA umbrella programme for bulk collection in partnership with “trusted second party” countries (UK, Canada, Australia and New Zealand). The programme targets “communications into and out of Europe and the Middle East” (ELE01).

Layers of operation:

• Physical layer Tapping of fibre-optic cables.
• Link layer, network layer and transport layer: Reconstruction of communication sessions.
• Application layer: Extraction of content and metadata.

Background:

MUSCULAR is one of at least four similar “trusted second party programs” which together are known as WINDSTOP within the NSA (ELE01). This programme taps into the private leased fibre-optic cables that are used to connect the companies’ data centres across the globe (WAH02). These corporate internal networks have historically been unencrypted; however, both companies are beginning to encrypt their networks as a result of the MUSCULAR leak.

Company partners (NYT01):

• Level 3: Provider of fibre-optic cables for Google

Sources:

Electrospaces (ELE)
1) http://electrospaces.blogspot.co.uk/2014/11/incenser-or-how-nsa-and-gchq-are.html

New York Times (NYT)
1) http://www.nytimes.com/2013/10/31/technology/nsa-is-mining-google-and-yahoo-abroad.html

Washington Post (WAH)
1) http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the-nsa-had-access-to-internal-google-and-yahoo-cloud-data
2) http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

OPTIC NERVE, The Guardian, 28 February 2014.

Purpose:

OPTIC NERVE is a GCHQ programme that collects still images of Yahoo webcam chats in bulk and saves them to agency databases, whether or not an individual is an intelligence target (GUA01). The programme uses automated facial recognition technology to match existing targets and to discover potential new targets. Searching a facial recognition database allows for the identification of people who might use multiple online identities. The programme saves one image every five minutes from users’ feeds, partly to comply with human rights legislation, and also to avoid overloading GCHQ’s servers (GUA01).

Capabilities:

• Facial recognition

Data sources:

• Yahoo webcam application

Related programmes:

MUSCULAR – GCHQ programme collecting bulk data from Google and Yahoo data centres.

TEMPORA – GCHQ programme for bulk data collection and buffering.

XKEYSCORE – NSA system for searching and analysing Internet data.

MARINA – NSA repository for Internet metadata.

Layers of operation:

• Application layer: Extraction of content and metadata.

Background:

In a six-month period in 2008, OPTIC NERVE collected webcam images from over 1.8 million Yahoo user accounts worldwide (GUA01). The programme collects images from “unselected” people, meaning it is used for bulk rather than targeted collection. Yahoo has denied any prior knowledge of the program, and has since expanded encryption across its services.

Sources:

Guardian (GUA)
1) http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo