Point to Point and PRISM

By

Colin here with a question: Does Point to Point Communications bypass PRISM?

PRISM has been in the media a lot recently. And, it has raised a lot of questions about what is being monitored and which carriers are being monitored.

People have started to ask where their communications are secure and whether they should use smaller carriers that may not be in the PRISM program. One telcom expert even suggested that using SIP peer-to-peer would entirely bypass carriers and perhaps be secure.

Here is the simple summary: Everything is being intercepted and recorded. Absolutely everything. All of it. Everywhere in the US.

The fundamental process is called a “half-tap.” You take a wire going from point-A to point-B and you splice into it. You don’t break the wire, and you don’t insert any equipment. Thus, everything works precisely as before. But, you have a tap into the wire. From there you can just simply listen. Passive listening devices cannot be detected because they don’t send any signal nor do they inject any delay.

Today, there are two types of half-taps being used. The more popular is a fiber optic half-tap. Basically, the fiber-optic line goes through an optical tee with most of the light continuing down the fiber, but with a small portion being siphoned off to go to a monitoring device. The other is a traditional wired half-tap that is used for copper ethernet.

Most of the “meet-me” rooms are equipped with half-taps. A meet-me room is a place where traffic is interchanged between carriers. In most major cities there is a designated location–often a floor in a building–where all of the carriers bring their trunk lines. Then, mondo-capacity switches switch traffic between the carriers.

While monitoring systems could be installed in the switching equipment areas, this would subject the equipment to scrutiny and tampering. It would make it evident that it is there monitoring. And, it could be bypassed.

The better solution (from a surveillance perspective) is to install half taps. Lets say that the fiber optic cable is headed to the 19th floor of the Westin building in Seattle, where the region’s meet-me room is located. Then, the fiber optic cable can be run up, but a large loop in the cable can be installed in a lower floor. Looking up from the basement the cable heads up the cable raceway. Looking down from the 19th floor the cable heads through the raceway to the basement. But in-between, nobody has any idea that the cable makes a loop through an NSA facility. That facility dutifully splices into every fiver strand, creating a half-tap. From there it can be run through a fiber back to a larger NSA facility or (more often) to a set of analyzers that toss uninteresting data.

Since most of the traffic on the internet consists of videos, there is no need to re-record those videos in the NSA facility. All that is needed is to gather the IP address and the various header information of traffic.

Of course, watching and organizing a sea of traffic is an organizational task. Every packet needs to be organized by IP and thread, and you need to sort traffic by port and type. Then, you need to examine the headers to extract phone numbers, from/to email addresses, and other meta-data.

So, wouldn’t it be better if you could get everything pre-organized right at the source? Of course. And, that is where PRISM fits into the picture.

Prism gathers information right at the source. After all, Skype knows not only the IP address, but the user name and full identity of every user and call. Google can capture every search and every click and link this up with a user as that user travels from computer to computer. When you make a reservation at AirBnB.com for a room in somebody’s home they know who you are, what credit cards you have, and what your Facebook account is. They can then monitor your location more precisely.

So, what makes PRISM so much more invasive is not that it is the first government program to record everything. PRISM is noteworthy because of the richness of the data being captured. It is more easily linked to individuals.

From one central console the data can be efficiently mined. They can see every UPC code you purchase from a major retailer, every hotel and B&B reservation, every gas fill-up, every video rental, and every search you do on the internet. Tied in with transcripts of your phone calls, a very accurate summary can be made of you. They can determine your political viewpoints, your affiliations, and your proclivity to be an activist.

How good is this information? Well, you have certainly seen those creepy ads that seem to be far too relevant. You go to one website store but don’t buy anything. Then, as you surf the web that company’s ads keep coming up…or their competitors. You see products that you had looked at. Right? The fact is that extremely accurate profiling is now possible with the information available on the web. And, that is precisely what PRISM is all about.

So back to the question about peer-to-peer and privacy.

It is true that PRISM focuses on high-level meta-data primarily. But remember that everything on the internet is being recorded now. So your peer-to-peer SIP calls are still being recorded and are available for data-mining. They still have those, but they don’t necessarily know who is making the call…just the IP address endpoints. They don’t have as much resolution as they would as if you used, say, Skype.

PRISM is best used in conjunction with wholesale capture. While wholesale capture won’t tie your SIP call to your Facebook account and credit profile, it is still a vital component.

The PRISM system doesn’t record the audio of phone calls, so it doesn’t know what you are saying. This is where the wholesale capture of internet data is still important. In order to obtain a complete written transcript of every phone call in the United States it is necessary to half-tap the fiber cables and capture the audio stream so that it can be voice recognized. Once recognized then it can become searchable text and be fed back into the same data mining tools that PRISM feeds.

The combination of PRISM and wholesale data capture allows the fullest insight into what every person believes, thinks, and who they may support.

If you have not yet read the article about the new Utah Data Center that was published into Wired Magazine then this will explain a lot:
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/

Colin Berkshire