PRISM is real. Even the U.S. government now acknowledges its existence. The question that remains unanswered, though, is how involved Google, Apple, Yahoo, AOL, Paltalk and Facebook were. These companies are all named as “providers” on the original slides, including the dates the NSA started collecting data from them. The reporter with the most direct access to these documents, Glenn Greenwald, has also now repeatedly stated that the NSA had “direct access” to these company’s servers or seized this data from them.
According to Greenwald, NSA agents even have real-time access to conversations and chats on Skype, Gmail and other platforms that are being targeted. We contacted every single one of the companies implicated on these slides, though, and all of them either denied having ever heard of the program and virtually all of them claim that they would never give any government “direct access” to their servers. The one line virtually all of them use is some variation of “we do not provide the government with direct access to our servers.” They all, however, say that they comply with court orders after scrutinizing the request.
So we’re at an impasse here. The government acknowledges that PRISM exists, but the companies that are supposedly involved all say they’ve never heard of it. Greenwald says they are either giving the government direct access or the government simply seized the data from them.
If these companies aren’t giving the government direct access, could they give it “indirect access?” That way, the statements remain technically valid. Assuming these companies knew about the program, they obviously wouldn’t be allowed to talk about it anyway.
One suggestion I’ve seen floating around is that all Facebook, Google, Microsoft and Co. would have to do is give the government access to their networks and let the NSA copy all of this data. Or they could send their users’ data to the NSA, too, but given that the leak seems to imply real-time access, that seems unlikely.
The way things stand right now, it seems the NSA has deals in place with these companies — deals they can’t talk about — that allow the government to tap into their traffic (maybe at a large exchange point) and route it through one of the NSA’s massive data centers for storage and analysis.
If everybody but the U.S. government is denying knowledge of this program, something is clearly wrong. There are still 37 pages of this 41 page presentation that haven’t leaked. Hopefully we get to see those in the near future, and maybe that’ll shed some light on these tech companies’ exact roles in this program.
Update: The Washington Post, which also reported on this story independently from the Guardian, has now added the following to its report:
It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
This lends credence to the idea that the data collection was indeed done “indirectly” without direct access to the companies’ servers (but still with their knowledge).