It was just revealed in New Zealand that Kim DotCom's intercepted data allegedly shared with Five Eyes may have emanated from PRISM:

Documents show strings of data being fed into a spying system which has links to the Five Eyes network, of which New Zealand's GCSB is a member with Australian, Canadian, UK and US partners.

It is the same information used to match personal detail harvested by the Prism system, revealed in the Guardian newspaper as being set up in 2007 to monitor people outside the US by sifting through massive amounts of data collected from Apple, Facebook, Google, Microsoft and other internet giants. The revelation rocked the US, forcing President Barack Obama to defend the system as a "modest encroachments on privacy", and then the UK, after it emerged its partner in the Five Eyes network had access to the Prism scheme for at least three years.

Dotcom is certain of the PRISM link:

Mr Dotcom, who faces extradition to the US on charges of copyright violation, said he believed the GCSB sifted through Prism data with his details prior to the arrest. "It certainly did involve Prism. GCSB relies heavily on US spy technology. The Five Eyes have one brain and it sits in the US."

Papers released in the Dotcom court case support the links to the Five Eyes network but crucially have the name of the intelligence system doing the actual spying deleted.

What the documents show:

Documents show analysts tasked with organising the spying marked it as associated with the Five Eyes network. One document, classifying it as "Secret", listed the five member nations and stated: "Please enter into [name of system redacted] and mark as priority." The accompanying list is called "Selectors of Interest" and details a long string of information similar to that used in Prism. It includes cellphone numbers, driver licence details, email addresses, passport numbers, internet protocol and real world addresses.

Another document was headed up "Top Secret" and "rel to NZL/FVEY" (New Zealand/Five Eyes). It referred to "traffic volume from these selectors", showing information was intercepted.

Then there's this European report by the Centre for the Study of Conflicts, Liberty and Security that I wrote about in January. The report says that FISA allows “purely political surveillance on foreigners' data” if it is stored using U.S. cloud services like those provided by Google, Microsoft and Facebook." Via Slate:

According to [report co-author Caspar]Bowden, the 2008 FISA amendment created a power of “mass surveillance” specifically targeted at the data of non-U.S. persons located outside America, which applies to cloud computing. This means that U.S. companies with a presence in the EU can be compelled under a secret surveillance order, issued by a secret court, to hand over data on Europeans. Because non-American citizens outside the United States have been deemed by the court not to fall under the search and seizure protections of the Fourth Amendment, it opens the door to an unprecedented kind of snooping.

William E. Kennard, United States Ambassador to the European Union, denied the U.S. was engaging in mass snooping of Europeans at the 2012 European Cloud Computing Conference:

While some cloud providers here in Europe have recently made the fear of unlimited U.S. Government access to data a selling point for their services, this is an inaccurate assessment and completely ignores the facts. As many of you know, all law enforcement and national security investigations in the United States are subject to a careful set of legal and judicial constraints to protect individual privacy. While our systems may differ in approach, let me assure you that we have in place protections that are fundamentally similar to those in Europe. In a number of critical areas, the U.S. provides more restrictions to the access of personal data than do European Member States. 


Caspar Bowden, who previously served as the chief privacy adviser to Microsoft Europe, says differently. He says the new FISA extensions are worse than the Patriot Act:

Bowden says FISA is effectively “a carte blanche for anything that furthers U.S. foreign policy interests” and legalizes the monitoring of European journalists, activists, and politicians who are engaged in any issue in which the United States has a stake. FISA, according to Bowden, expressly makes it lawful for the United States to do “continuous mass-surveillance of ordinary lawful democratic political activities,” and could even go as far as to force U.S. cloud providers like Google to provide a live “wiretap” of European users’ data.

The report says the 2008 FISA Amendments extended snooping on foreigners to data stored in the cloud.

[A] test case at the Foreign Intelligence Surveillance Court of Review... held definitively that the Fourth Amendment requirement for a specific warrant only applied to surveillance directed at US persons. This opened the door for Congress to enact FISAA §1881a in 2008, which authorized mass- surveillance of foreigners (outside US territory), but whose data was within range of US jurisdiction.

However, the most significant change escaped any comment or public debate altogether. The scope of surveillance was extended beyond interception of communications, to include any data in public cloud computing as well. This change occurred merely by incorporating “remote computing services” into the definition of an “electronic communication service provider.”

As a result of the way FISA defines “foreign intelligence information”, "which includes information with respect to a foreign-based political organization or foreign territory that relates to the conduct of the foreign affairs of the United States," (which was accomplished by truncating and substituting limbs of clauses §1801e and §1801a)the report says:

In other words, it is lawful in the US to conduct purely political surveillance on foreigners' data accessible in US Clouds .... FISAAA 1881a means that any data-at-rest formerly processed “on premise” within the EU, which becomes migrated into Clouds, becomes liable to mass-surveillance – for purposes of furthering the foreign affairs of the US (as well as the expected purposes of terrorism, money-laundering etc.).

Then the report discusses the threat caused by "new NSA data centres constructed for storage and analysis on an unprecedented scale," citing the March, 2012 WIRED article, exposed by NSA Whistleblower William Binney and James Banford (more about that and PRISM and Stellar Wind here.) The report says:

The EP should ask for further enquiries into the US FISA Amendments Act, the status of the 4th Amendment with respect to NONUSPERS, and the USA PATRIOT Act (especially s.215). The EP should consider amending the DP Regulation to require prominent warnings to individual data subjects (of vulnerability to political surveillance) before EU Cloud data is exported to US jurisdiction. No data subject should be left unaware if sensitive data about them is exposed to a 3rd country's surveillance apparatus.

Prime Minister John Keys of course denies New Zealand is getting information from U.S. spies. But he also says he doesn't know the details of how information is gathered that is shared between the two nations.

The strings of data obtained illegally under New Zealand law on Kim DotCom match the strings of data PRISM obtains. This is all cloud data, like that described in the European report, warnings about which were published by WIRED and NSA Whistleblower William Binney in 2012.

It sure sounds like the NSA gave Kim Dotcom's data, obtained via PRISM, to Five Eyes, which in turn gave it to New Zealand's Government Communications Security Bureau (GCSB), which illegally gave it to the New Zealand police who were providing assistance to the U.S. in its efforts to have Dotcom arrested. According to the Prime Minister:

A specialist group of New Zealand Police Officers has been involved in assisting the United States authorities and investigating a couple of related New Zealand matters. As part of the New Zealand Police assistance, communications passed between the Police group and GCSB. Those communications were related to a proposal to arrest Kim Dotcom and associated persons.

...The documents show that information was collected about Dotcom and his associates by the Bureau (largely about their movements or possible movements at relevant times) and passed on to the Police.

Is there anything positive to take from this? Maybe it means the wall between the FBI and intelligence isn't completely demolished. If it were, why wouldn't the NSA have given the intercepted information directly to the FBI to assist in its operation to take down Kim Dotcom and associates in the New Zealand raid, instead of using Five Eyes as the go-between?

Kim Dotcom's extradition has now been postponed from August, 2013 to November, 2013 at the earliest, and probably April 2014, as a recent order by the High court about whether Dotcom can see the evidence seized by local police during the illegal raid goes to the New Zealand Supreme Court. (Court ruling here.)According to Dotcom lawyer Ira Rothken:

"The extradition hearing schedule was changed to allow time for appeals to take place and to get more clarity on the disclosure of the Government's evidence and other pending issues that could impact the integrity of the process.

The High Court also ruled that New Zealand had to return the data seized on Kim Dotcom's hard drives that it shipped to the FBI.

In yet another action, the New Zealand Supreme Court is set to rule in August 2013 on whether Dotcom should be provided access to the American evidence (in the form of documents, rather than seized data) against him in the extradition proceeding.