July 26, 2013

NSA says there are three different PRISMs

(Updated: July 28, 2013)

Yesterday, German media wrote about an official letter from the NSA, which was sent to the German government to clarify some misconceptions about PRISM. This because German media and politics were heavily confused after it became clear that there's more than one program named PRISM.

The NSA letter explains what the PRISM data collection program is about and then confirms that this program is different from a more common military web tool called "Planning tool for Resource Integration, Synchronization and Management" (PRISM).

Surprisingly, the NSA also reveals that there's even a third program called PRISM. In this case the name stands for "Portal for Real-time Information Sharing and Management" and it's apparently an internal NSA information sharing program. It was unknown until now, probably because it's used in the NSA's highly sensitive Information Assurance Directorate (IAD).

Initially: two different PRISMs

Almost immediately after The Guardian and The Washington Post came with their disclosure of PRISM on June 6, some people googled and found out there were also a number of other programs called PRISM. Because both papers failed to clarify the precise nature of PRISM, it seemed that the program could have been the same as a more common application called "Planning tool for Resource Integration, Synchronization and Management" (PRISM). We examined this in an earlier article.

However, this option of both PRISMs being one and the same had to be abandoned after The Washington Post published four new slides from the PRISM-presentation on June 29. These slides presented many new details and also proved that the PRISM which collects data from internet companies is different from the PRISM planning tool. The first operates on the national intelligence level, and the latter is used at a tactical level by the various military commands. These new insights were discussed on this weblog in this article and graphically shown in this figure:

Comparing the PRISM data collection program and the PRISM planning tool
(click for a bigger picture)

Confusion in Germany

On July 17, the German tabloid BILD came with big headlines claiming that troops of the German federal defense forces (Bundeswehr) in Afghanistan already knew about PRISM in 2011. This suggested that the German government was lying, because earlier it had denied all accusations of knowing anything about the PRISM program as unveiled by Edward Snowden.

BILD found "PRISM" mentioned in a confidential e-mail, which the ISAF Joint Command Headquarters in Kabul sent to all Regional Commands (RC) in Afghanistan on September 1, 2011:

Screenshot of the front page of the German tabloid BILD,
as shown on the German television channel ZDF

This publication caused a lot of discussion, so already on the same day, spokesmen from both the German foreign intelligence agency BND and the German defense forces declared that there are two different PRISM programs: the first one being the program unveiled by Edward Snowden, and the second one being a "computer supported US communications system", which is used in Afghanistan "to coordinate US reconaissance systems and to present collected information" - as we can read from this letter of the assistant Defense minister:

Screenshot of a letter from the assistent German Defense minister to the German parliament,
explaining the PRISM confusion, as shown on the German television channel ZDF

Both officials didn't say that the full name of this second PRISM is "Planning tool for Resource Integration, Synchronization and Management", making it harder to proof that both programs are different.

Again this shows severe deficiencies in informing the public and in research by the media. The BILD-article is pure sensationalism. Simply googling key words from sections of the e-mail like "collection management shop", "COMINT nominations [...] must be resubmitted into PRISM" and "SIGINT Operational Tasking Authority" would have rapidly pointed to the PRISM planning tool.

As described earlier, the second PRISM is a so-called tasking tool, which is used to request the intelligence information which is needed for military operations. As such it's the core application of the military intelligence collection management. This PRISM planning tool runs over the intelligence community's JWICS and the military's SIPRNet networks. It was developed by SAIC, first mentioned in 2002 and since then in many job descriptions on the internet.

Only very few media did this kind of research and found out that there are really two different PRISM programs. We can see for example one article at Netzpolitik.org, which connects a bit too many things, and another one at Golem.de, which is based upon research by this weblog.

A letter from the NSA

On July 25, the website of the German newspaper WELT cited a letter which the NSA sent to the German federal government to answer official questions about PRISM. The letter says the media is "confusing two separate and distinct PRISM programs" and continues with explaining what the first program is about:

"The first PRISM pertains to the foreign intelligence collection being conducted under Section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA). This is the program that has caught the most attention of our publics, politicians and the media.
This is not bulk collection, and there are restrictions on how long the information can be retained. It is carefully targeted in accordance with a public law and requires court approval and supervision.
A fundamental, protective requirement of FISA is that it restricts the ability of the U.S. Government to obtain the contents of communications from communications service providers by requiring that the court find that the government has an appropriate and documented foreign intelligence purpose, such as the prevention of terrorism, hostile cyber activities or nuclear proliferation."

Screenshot of the letter from the NSA to the German government,
as shown on the German television channel ZDF

According to German media, the NSA letter continues by saying that the second PRISM program is a tool, which is used by US troops in Afghanistan to order and search intelligence information. This is the program mentioned in the ISAF e-mail from 2011 and is clearly the Planning tool for Resource Integration, Synchronization and Management (PRISM), allthough that's not only used in Afghanistan, but also at other US military commands.

Surprisingly and all by itself, the NSA added that there's even a third program called PRISM, which is fully independent from the two PRISM programs mentioned before. In this case the name is also an acronym, which stands for "Portal for Real Time Information Sharing and Management" and the program is apparently used for internal real-time exchange of information.

By now we already have quite some information about the first PRISM program, we know there's a clear distinction from the second PRISM tool and we even learned about a third PRISM. Nonetheless, German opposition leaders said they still hardly know what PRISM is all about, but this seems to be mainly for political ends, as Germany is facing general elections in September.

Now: three different PRISMs

It seems that NSA revealed the existance of the third PRISM program for the very first time, as it never appeared somewhere online before. If we google its full name, the only results are the recent German news reports. The German magazine Der Spiegel came with another quote, which seems to suggest that this third NSA tool "tracks and queries requests pertaining to our Information Assurance Directorate".

If that's correct, it could explain why we never heard of this program. The NSA's Information Assurance Directorate (IAD) is a very secretive division, because it's responsible for safeguarding US government and military secrets by implementing sophisticated encryption techniques.

Probably the most remarkable thing about the new "Portal for Real-time Information Sharing and Management" is not its function, which seems pretty obvious, but the fact that there are three programs with exactly the same name.

But from what we know by now, it also becomes clear that each program is used for different purposes and in different environments: the PRISM data collecting program is part of NSA's Signals Intelligence division, the PRISM planning tool is used for military intelligence and the PRISM information sharing portal in the Information Assurance division of the NSA.

Finally, here's a short summary of all three different PRISM programs:

This is a codeword for an NSA project of collecting information about foreign targets from data of nine major US internet companies. This program started in 2007 and was unveiled by Edward Snowden in June 2013.

2. Planning tool for Resource Integration, Synchronization and Management (PRISM)
This is a web tool used by US military intelligence to send tasking instructions to data collection platforms deployed to military operations. This program is not very secret and was first mentioned in 2002.

3. Portal for Real-time Information Sharing and Management (PRISM)
This is an internal NSA program for real-time sharing of information, apparently in the NSA's Information Assurance Directorate. Its existance was revealed by the NSA in July 2013.

No comments:

Some older articles on this weblog that are of current interest: