In early June, The Washington Post and The Guardian revealed through leaks provided by Edward Snowden that the NSA was in cahoots with major tech companies in a program called PRISM. In short, the leak claimed that the NSA could collect data directly from these companies’ servers, although the companies allegedly involved denied any involvement.
Since then, a number of new leaks have shown just how PRISM works. It doesn’t indiscriminately gather up any and all information as previously thought. Instead, it goes through a system that tries to automatically remove any information pertaining to American citizens while retaining information on potential foreign threats. Unfortunately, the system isn’t perfect, and PRISM still collects a lot of data on American citizens. Even worse, the information collected can be used under a variety of circumstances.
Now, fast forward to today – The Washington Post has published a new slide that reveals PRISM’s brother. The system, called Upstream, is a program that collects communications from the infrastructure that connect America to the rest of the world via underwater fiber cables.
As you can see in the slide above, the NSA encourages its agents to use both services in unison to collect data on potential targets. It makes sense as PRISM is only useful for data that’s stored on tech companies’ servers. Upstream would allow them to collect data as it’s being transferred to and from the U.S. via underwater cables.
You may also notice that the slide lists four names at the bottom of Upstream’s description – Fairview, Stormbrew, Blarney and Oakstar. What’s interesting about these is that nobody knows what they are. A previous report indicated that Blarney may be a system used to collect metadata being transferred along fiber cables. As for the other three, we can only assume that they are similar systems being used to collect or analyze data, much like PRISM’s Scissors, Nucleon and Pinwale.
In short, the above slide indicates that the NSA has tapped into the Internet itself to collect data on targets. Unlike accessing information on servers, however, you can’t be targeted when you’re just pulling information straight from the source. Google learned this the hard way when it was caught accidentally pulling information from unsecured Wi-Fi routers with its street view cars. Something tells me the NSA won’t suffer the same consequences as Google did though.