|
I posted this theory on my G+ feed the first day it was leaked, that PRISM amounted to an automated-NSL-request-and-response management system, like an issue tracker. Click a button to mail an NSL request electronically, notify employee when company approves, go pick up the data automatically. PRISM is an NSA issue tracker with auto-import essentially. But someone else pointed out to me something more interesting. All companies which provide voice telephony, even VoIP, have to comply with CALEA, which means they have to install equipment maintained by the FBI which allows intercepts of Voice calls via search warrant. Once Google added Voice/Video chat, they might have had to comply with this, just like Skype. Ditto for Apple and Facetime. The Washington Post said something about the NSA tasking the FBI in this pipeline. Therefore, PRISM may be abusing CALEA devices which companies are compelled to install, by leveraging them for intercepts of voice in ways that don't fit the law. So, revised theory: For email and non-voice data, PRISM sends an NSL to company, waits for approval, then hits a REST API to pick up the goods. For voice, PRISM sends request to FBI, who then commands CALEA device for intercept. No company action required? |
These devices are not (normally?) under LEA control. The service provider would receive a warrant/court order that says "send data for customer XYZ to this CALEA capture IP". Even if the LEA had direct control of the CALEA device it would need the assistance of the SP to know what data is coming from what customer.