How Prism Surveillance Works

How does Global Surveillance work such as PRISM, and DRDO Netra if the data is transferred through SSL/TLS?

I won’t claim that the entities named were doing mass MiTM or had backdoors to decrypt the encrypted data. But there is something I can tell you for sure.Metadata tells you a lot. Even for encrypted data, not everything is encrypted i.e. the IP header is not encrypted. By analyzing this plain text data, they can figure out:the endpoints (i.e. your IP and target IP)amount of data being exchangedduration of sessionnumber of times same endpoint was accesseddevice type can be guessed (read about p0f fingerprinting)Even, by using machine learning algos of state of the art, they can predict what kind of traffic is flowing through it.Now, when you record all this for a longer period and apply machine learning/data plotting alogs to these, you will get some very clear patterns and behavior. These findings can uncover a lot about the user/organization. Now, they can cross reference it with their real world intel (obviously for the suspicious people/companies) and can draw conclusions.Now, main point is that when the agencies need info on some entity, they don’t have two months to learn about it first and then react. So, they want to do this proactively. That is why they are doing this kind of mass surveillance. Also, such mechanisms can raise alert when they detect something unusual. So, helpful to spot mass cyber attacks or botnets.

How do survelliance programs like PRISM work?

Consider PRISM as a surveillance camera network that your neighbour installs after a break-in attempt at his home. While it does record all that goes on around his home, it also records your activities - when you mow your lawn, what time you come, what do you wear what time do you sleep etc.The only difference in this case is that PRISM is not simply a camera, but a network of multiple technologies that observe all that is sent over the network in the form of 0’s & 1’s. To do this, companies such as Facebook, Microsoft, Google, Comcast, Twitter, PayPal and others share what (and how) you use their services for; with the U.S Government.PRISM will then co-relate all of these “feeds” to form your profile and raise any flags necessary.For example, you rent a storage space by paying cash; but you present your drivers license as proof. Then you buy a lot of ammonia based fertilizers and rent a van all in a matter of 3–4 months. This can all be tied up to you and Fed’s can come knocking on your gates asking your motives behind doing all of this.PRISM is everywhere and ever seeing.

Mass Surveillance: What is the most effective way for people to work together to ruin the NSA and other government data sets on everyone?

I think that boat has sailed. Rather a long time ago, actually.It's less and less possible to even take the time-honored advice to just completely unplug and live "off the grid". There is no one office in the US that has the authority - even the President - to shut down the multiple surveillance systems in place. It's too far flung, and buried in too many "black" budgets, and we don't even know where it all IS.Plus there are deeply, deeply entrenched interests who, if threatened, will produce data on an "eyes only" basis, designed to scare the bejebbers out of the recipient, and turn an "let's shut this sucker down" initiative into increased funding. They're very, very good at their jobs.Not to be  a wet blanket, but this is all just wishful thinking. Not only in the US, in every other major power (and most of the minor states) in the world.It's just the way things are. Sad, I always thought that George Orwell was a dystopian; turns out, he was an optimist....

Are people who work for the NSA allowed to tell people they work for the NSA?

Quite often. In unclassified meetings both in government and professional societies, it is common enough. Sometimes it was a bit euphemistic, but nothing that DC area people usually didn’t immediately understand.People were supposed to put their badges under cover when leaving, which didn’t always happen.It might be less common at field stations.

How much do you like working at the NSA?

I don't! I own my own IT Security firm and worked with the Booze Allen hamilton on a project with snowden. It was a Crypto algorithm that we needed to encrypt data for government agencies.

What makes engineers work willingly on projects like PRISM?

I agree with everything that Gene Spafford said, but particularly what Stan Hanks said. I've been in the position where I was working on an engineering project which turned out later to be immoral by my standards, so I can definitely relate with the "not being told the whole story" situation.You have to remember that these projects are quite big. So a lot of the people who worked on project like PRISM were sub-contractors or sub-sub-contractors, who weren't told very much.Suppose that you are working on a large database system. That's cool technology, right? Such a system is multi-use. Your "primary" customer might be the Library of Congress, or the US National Archives and Records Administration, or even the IRS. There are no ethical problems with that.Then your company sells it as part of a defence project. But that could mean anything. It could be for storing North Korean military intercepts, for example. Nobody likes the North Korean government, not even the North Korean people, so someone has to keep an eye on them. Seems innocuous, right? The requirements seem a bit big for that, but who knows how much of that they need to store or for how long.If you're a self-reflective person, these are the sorts of thoughts that are going through your head. You don't actually know what you're working on, and you know you don't know what you're working on, but there are many reasonable things that it could plausibly be. At no point did anyone tell you that the actual plan was to store all phone conversations in the US. You might have been able to guess, but pre-Snowden, it would only have been a guess.Also, what if you're not even American? Remember, there are at least five countries (the "five eyes") involved. While an American may have suspected that the United States could be working on something like PRISM (because of all those movies), a typical New Zealander may not have had the same suspicions about their own country doing anything like that.So yes, there are many ways that an engineer might have worked on PRISM and related programmes without consenting.

Would you work for NSA? Why?

Leaving evil-ness aside, and based on what's been revealed about how they operate in the last few months (which may or may not reflect reality) I have to say no. The NSA that has been portrayed in the media is the most aggressively incompetent organization I've ever heard of. Their hiring practices are abysmal, their internal security is non-existent, and their public relations department is made up of very bad liars. Every day would be like watching the Three Stooges vs the Keystone Cops in a goat-fucking contest. I'd go nuts. Note - I don't believe the NSA is actually as bad at everything but breaking codes and sifting data as they are pretending to be. But based on what's public knowledge, there is no way I would work for them.