Completing the PRISM jigsaw puzzle

The NSA takes such great quantities of data legally that it has built a system to manage it.

A week on from the revelations in the Guardian and Washington Post about the PRISM revelations, and the dust is settling. The tech companies have issued their denials; Edward Snowden has revealed himself as the source of the leak; and the Guardian has published five of the slides from the presentation in which the NSA lay out the scheme. At the same time, the recontextualisation of what we previously knew has brought more information forward.

Putting it all together, we can start getting our first really good guess at what PRISM actually is:

A system for requesting and managing data from major online companies using the FISA provisions which allow for secret collection of information.

That guess comes from examining the constraints which are laid out by the various pieces of information made public:

  • PRISM only cost $20m: That's an astonishingly low price, and suggests that the vast majority of the work was done by the companies themselves. It rules out anything involving breaking encryption, or significant amounts of hardware being installed externally.
  • The firms involved have all denied it: "Well, they would say that, wouldn't they?" Nonetheless, many of the denials are worded incredibly strongly. Take Google's chief architect:

    Even if I couldn't talk about it, in all likelihood I would no longer be working at Google: the fact that we do stand up for individual users' privacy and protection, for their right to have a personal life which is not ever shared with other people without their consent, even when governments come knocking at our door with guns, is one of the two most important reasons that I am at this company.

    That suggests that the majority of what the NSA considers to be the PRISM program is in their hands, not the companies'.

  • FISA requests are not public: The Foreign Intelligence Surveillance Act, a thirty-year-old law which was most recently amended in 2008, allows US government agencies to make demands for data through a secret court. Requests to the court for warrants are rarely turned down, and companies are not allowed to publicise how many requests they make.
  • The NSA describes collection of data "directly from the servers" of participating companies: This is the claim which has got everyone into such trouble. The Washington Post appears to have based its claim that PRISM consisted of "direct access" to their servers on this phrasing; it has since retracted that claim. The Guardian has not retracted, but has now provided an alternative description of what it means:

    The Guardian understands that the NSA approached those companies and asked them to enable a "dropbox" system whereby legally requested data could be copied from their own server out to an NSA-owned system.

    That would involve collecting data "directly from servers" while not quite involving the NSA having "direct access" to the companies data. (By way of analogy, when you visit Google.com, you are downloading data from Google's servers, but it would probably be misleading to say you had "direct access" to their servers.) That matches information Google has disclosed about how it transfers data to the NSA: through good, old-fashioned FTP.

So it seems like PRISM is the name for the scheme by which FISA demands for data are transferred to the NSA. If that's the case, the technology of PRISM isn't the scary thing. Neither is the possibility of illegal activity on the part of the NSA.

Instead, it's that FISA requests are served in such great quantities that the NSA has spent $20m building special infrastructure to speed up receiving the data. Microsoft, Twitter, Google and Facebook are now lobbying the NSA to allow them to reveal how many FISA requests they've been served with: if it's astronomical, we'll have confirmation that that's the real scandal.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty
Show Hide image

How virtual reality pigs could change the justice system forever

Lawyers in Canda are aiming to defend their client by asking the judge to don a virtual reality headset and experience the life of a pig.

“These are not humans, you dumb frickin' broad.”

Those were the words truck driver Jeffrey Veldjesgraaf said to animal rights activist Anita Krajnc on 22 June 2015 as she gave water to some of the 190 pigs in his slaughterhouse-bound truck. This week, 49-year-old Kranjc appeared at the Ontario Court of Justice charged with mischief for the deed, which she argues was an act of compassion for the overheated animals. To prove this, her lawyers hope to show a virtual reality video of a slaughterhouse to the judge, David Harris. Pigs might not be humans, but humans are about to become pigs.

“The tack that we’ve taken recognises that Anita hasn’t done anything wrong,” said one of her lawyers, James Silver. Along with testimony from environmental and animal welfare experts, her defence hope the virtual reality experience, which is planned for when the trial resumes in October, will allow Harris to understand Kranjc’s point of view. Via the pigs’ point of view.

It’s safe to say that the simulated experience of being a pig in a slaughterhouse will not be a pleasant one. iAnimal, an immersive VR video about the lives of farm animals, launched earlier this year and has already changed attitudes towards meat. But whether or not Harris becomes a vegetarian after the trial is not the most pressing aspect of this case. If the lawyers get their wish to bring a VR headset into the courtroom, they will make legal history.

“Virtual reality is a logical progression from the existing ways in which technology is used to illustrate and present evidence in court,” says Graham Smith, a technology lawyer and partner at the international law firm Bird & Bird.

“Graphics, charts, visualisations, simulations and reconstructions, data-augmented video and other technology tools are already used to assist courts in understanding complex data and sequences of events.”

Researchers have already been looking into the ways VR can be used in courts, with particular focus on recreating crime scenes. In May, Staffordshire University launched a project that aims to “transport” jurors into virtual crime scenes, whilst in 2014 researchers at the Institute of Forensic Medicine in Switzerland created a 3D reconstruction of a shooting, including the trajectory of a bullet. Although this will help bring to life complex evidence that might be hard to understand or picture in context, the use of VR in this way is not without its flaws.

“Whether a particular aid should be admitted into evidence can give rise to argument, especially in criminal trials involving a jury,” says Smith. “Does the reconstruction incorporate factual assumptions or inferences that are in dispute, perhaps based on expert evidence? Does the reconstruction fairly represent the underlying materials? Is the data at all coloured by the particular way in which it is presented? 

“Would immersion aid a jury's understanding of the events or could it have a prejudicial impact? At its core, would VR in a particular case add to or detract from the court's ability objectively to assess the evidence?”

The potential for bias is worrying, especially if the VR video was constructed from witness testimony, not CCTV footage or other quantitative data. To avoid bias, feasibly both the defence and prosecution could recreate an event from different perspectives. If the jury or judge experience the life of a distressed pig on its way to be slaughtered, should they also be immersed in the life of a sweaty trucker, just trying to do his job and panicked by a protester feeding his pigs an unknown substance from a bottle?

“These are not new debates,” says Smith. “Lawyers are used to tackling these kinds of issues with the current generation of illustrative aids. Before too long they will find themselves doing so with immersive VR.”

It seems safe to trust, then, that legal professionals will readily come up with failsafe guidelines for the use of VR in order to avoid prejudice or bias. But beyond legal concerns, there is another issue: ethics.

In 2009, researchers at the University of Leicester discovered that jurors face trauma due to their exposure to harrowing evidence. “The research confirms that jury service, particularly for crimes against people, can cause significant anxiety, and for a vulnerable minority it can lead to severe clinical levels of stress or the symptoms of post traumatic stress disorder,” they wrote.

It’s easy to see how this trauma could be exacerbated by being virtually transported to a scene and watching a crime play out before your eyes. Gamers have already spoken about panic attacks as a result of VR horror games, with Denny Unger, creative director of Cloudhead Games, speculating they could cause heart attacks. A virtual reality murder, however virtual, is still real, and could easily cause similar distress.

Then there is the matter of which crimes get the VR treatment. Would courts allow the jury to be immersed in a VR rape? Despite how harrowing and farfetched that sounds, a virtual reality sexual assault was already screened at the 2015 Sundance Film Festival.

For now, legal professionals have time to consider these issues. By October, Kranjc’s lawyers may or may not have been allowed to use VR in court. If they are, they may change legal history. If they’re not, Kranjc may be found guilty, and faces six months in jail or a $5,000 fine. 

Amelia Tait is a technology and digital culture writer at the New Statesman.