Is there privacy in the
cloud?
The Snowden Effect
KP Chow
Dept of Computer Science
University of Hong Kong
July 2013
1
Something you should know
• Cloud computing has significant
implications for the privacy of personal
information
• A user’s privacy and confidentiality risks
vary significantly with the terms of service
and privacy policy established by the cloud
provider
• Law could oblige a cloud provider to
examine user records for evidence of
criminal activities
CISC
2
Something you should know
• The legal status of some types of
information may change when stored in the
cloud
• The location of the information in the cloud
may affect the privacy and confidentiality
protections of the information
• Information in the cloud may have more
than 1 legal location at the same time, with
different legal consequence
CISC
3
Something I didn’t know until
June 2013, how about you?
•
•
•
•
FISA and FISC
The PRISM
The MTI
…
I learnt it from Snowden
“I don’t want to live in a society that does these sort of
things… I do not want to live in a world where everything
I do and say is recorded.” by Snowden (The Guardian,
June 2013)
CISC
4
Who is Snowden?
• American former CIA employee
• A former contractor for the NSA
• Leaked details of NSA mass surveillance programs to
the press
• 2004: US Army Special Forces
• 2007: CIA computer technician, stationed with diplomatic
cover in Geneva, Switzerland, responsible for
maintaining computer network security
• 2009: left CIA and joined a private contractor inside an
NSA facility on a US military base in Japan
• 2013 (< 3 months): consultant with Booz Allen
Hamilton as a system administrator inside the NSA at
the Kunia Regional SIGINT Operations Center in Hawaii
Disclosures Stories
5 June - a top secret order of Foreign Intelligence Surveillance
Court (FISC)
Ordered a business division to provide metadata for all telephone
calls “wholly within the United States, including local telephone
calls” and all calls “between the United States and abroad.”
6 June – PRISM (begin from 2007)
A clandestine electronic surveillance program that allegedly allows
the NSA to access e-mail, web searches, and other Internet traffic
in real-time.
9 June – Boundless Informant
A system "details and even maps by country the voluminous
amount of information [the NSA] collects from computer and
telephone networks."
15 June - Government Communications Headquarters (GCHQ)
A British intelligence agency, worked jointly with the NSA to
eavesdrop on a meeting of industrialized nations in London in
2009.
21 June -- GCHQ has secretly gained access to the network of
cables and has started to process vast streams (The MTI Project)
Major Programs/Events
• FISC (Foreign Intelligence Surveillance
Court)
• PRISM Program and Boundless Informant
• China and Hong Kong Hacking
• GCHQ (Government Communication
Headquarters) & British eavesdropping
• MTI (Master The Internet)
CISC
7
FISC
CISC
8
FISC
• Foreign Intelligence Surveillance Court (FISC)
ordered a business division of Verizon
Communications to provide “on an ongoing
daily basis” metadata for all telephone calls
“wholly within the United States, including
local telephone calls” and all calls made
“between the United States and abroad”
• NO CONTENT
CISC
9
What are the metadata?
• Caller and receiver
• Caller and receiver current location
• Length of call
• …
CISC
10
How the data
was used?
Boundless Informant
CISC
11
Boundless Informant
• The NSA's powerful tool for cataloguing global
surveillance data – including figures on US collection
The color scheme ranges from green (least subjected to surveillance)
through yellow and orange to red (most surveillance). Note the '2007' date
in the image relates to the document from which the interactive map
CISC
derives its top secret classification, not to the map itself.
12
Boundless Informant
• Recording and analysing where its intelligence
comes from
• Use advanced data mining techniques: details and
maps by country the voluminous amount of
information it collects from computer and
telephone networks
• Focus on counting and categorizing the records of
communications, known as metadata, rather than
the content of an email or instant message
• The agency collecting almost 3 billion pieces of
intelligence from US computer networks over a 3013
day period ending in March 2013
Besides Verizon
Communication, who else?
The Prism
CISC
14
The PRISM Program
The seal of
Special Source
Operations, the
NSA term for
alliances with
trusted U.S.
companies.
The program
is called
PRISM, after
the prisms
used to split
light, which
is used to
carry
information
on fiber-optic
cables.
This note
indicates that the
program is the
number one
source of raw
intelligence used
for NSA analytic
reports.
NSA slides explain the PRISM data-collection program
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
Monitoring a target's
communication
NSA slides explain the PRISM data-collection program
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
Providers and data
Why the companies
willing to participate?
NSA slides explain the PRISM data-collection program
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
Companies Participation
• Through a top-secret program authorized
by federal judges working under the
Foreign Intelligence Surveillance Act
(FISA), the U.S. intelligence community
can gain access to the servers of nine
Internet companies for a wide range of
digital data. (Washington Post 6 Jun 2013)
CISC
18
Participating providers
NSA slides explain the PRISM data-collection program
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
The PRISM
• Data collected
–
–
–
–
Search history
Contents of emails
File transfers
Live chats
• NOT METADATA anymore, it includes
contents
CISC
20
Where is the law?
• Allows NSA to obtain targeted communications
without having to request them from the service
providers and without having to obtain individual
court orders
• In the past, NSA needed individual authorization,
and confirmation that all parties were outside USA,
they now need only reasonable suspicion that
one of the parties was outside the country at
the time of the records were collected by the
NSA
CISC
21
What the PRISM found
• The number of obtained communications
increased in 2012 by 248% for Skype
• 131% increase in requests for Facebook
data
• 63% increase in requests for Google data
• Plan to add Dropbox as a PRISM provider
CISC
22
If you are using the cloud and
you don’t know where the
data is,
It is very likely that NSA is
watching you.
CISC
23
If you are using the cloud and
the data is moving around
the world,
According to FISA, it is likely that
NSA is gaining access to the
servers that store the data.
CISC
24
MTI
Mastering the Internet
The web is for everyone and
so is surveillance.
(The Guardian, 21 Jun
2013)
CISC
25
MTI
• Under GCHQ (Government
Communications Headquarters)
• Mastering the Internet, started in 2007
• Capture and analyse a large quantity of
international traffic consisting of
– emails, texts, phone calls, internet searches,
chat, photographs, blogposts, videos and many
uses of Google
CISC
• Collecting signals from up to 200 fiber-optic
cables at the physical points of entry into
the country, each with 10 gigabits per
second, approx. 21.6 petabytes in a day
26
Internet Buffer
• Internet traffics into and out of UK are intercepted
and collected, then filtered to get rid of
uninteresting content
• The filtered traffics are then stored: 3 days for
content and 30 days for metadata
• Some degree of co-operation from companies
operating either the cables or the stations which
they came into the country: referred to as the
“special source” provider
CISC
27
Project Tempora
• Core programme in MTI
• The evolution of a secret programme to capture
vast amounts of web and phone data
CISC
28
The “Real” Big Data
CISC
• MTI produces larger amounts of metadata
collection than the NSA
• NSA analysts effectively exploit GCHQ metadata
for intelligence production, target
development/discovery purposes
• With Tempora's "buffering capability", and
Britain's access to the cables that carry internet
traffic in and out of the country, GCHQ has been
able to collect and store a huge amount of
information
• Every area of ops can get real benefit from this
capability, especially for target discovery and
target development
29
Where is the law?
• The 2000 Regulation of Investigatory
Powers Act (Ripa) requires the tapping of
defined targets to be authorised by a
warrant signed by the home secretary or
foreign secretary.
• A clause allows the foreign secretary to
sign a certificate for the interception of
broad categories of material, as long as
one end of the monitored communications
is abroad
CISC
30
TINT
• By March 2010, analysts from the NSA had been
allowed some preliminary access to the project
MTI
• Refer to as "joint GCHQ/NSA research initiative“
• TINT: "uniquely allows retrospective analysis for
attribution" – a storage system of sorts, which
allowed analysts to capture traffic on the internet
and then review it
CISC
31
If you are using the cloud and
the data in located in Europe
It is likely that the data will
travel through the fiber in UK,
and got buffered by GCHQ.
CISC
32
Conclusion
• Data privacy protection: laws exist to
protect data in a particular country
• Unfortunately, laws cannot protect data
resided in another country where the
intelligent agencies do not observed, or
laws exist allow unlimited access of data
that are potential dangerous in the oversea
CISC
33
Thank You
34