So the world is desperately excited by a programme called “PRISM”, and we learn that – shockingly – the NSA reads people’s emails. Can that possibly be true? Hard to believe, I realise, but stay with me.
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian
we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers.
Early Warning, who is usually sensible, says Google is lying. But I tend to trust Google, certainly more than I’d trust the Graun or WaPo to understand tech. EW’s belief that Google is lying appears to stem from the US Govt confirming the existence of PRISM: but its an awfully long way from “existence” to “details of the story are correct”. And indeed the US have said explicitly that details are wrong.
I can’t tell where the truth lies, but I suspect that the Graun has indulged in what Wiki would call “Original Research”, which is to say connecting the dots a bit further than the sources permit. This is the key slide, and the key words are “Collection directly from the servers of…”. Weeell, its only a powerpoint slide, hardly a careful analysis. It looks like the real meaning of “directly from the servers of” is actually “we put in requests, following the law, and they comply with that law by providing data”. Which is a very different thing to direct access. The former is known and boring (even if you don’t like it); the latter would be new. The Graun knows about the distinction and is definitely claiming the latter (they have to be, otherwise there is no story): Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers.
Another thing that suggests strongly to me that this is only an analysis-of-received-data type operation is the price tag: $20M/y. That doesn’t sound like the kind of money to fund searching through all of even just Google’s vast hoards of data, let alone all the rest.
If you wanted a conspiracy theory, the one I’d offer would be that this is to deflect attention from the “Verizon revelation” about the phone records. You get people wildly excited about direct access, based on some ambiguous slides. That all turns out to be nonsense, and so people then start waving all the rest away.
[Update: According to Business Insider the WaPo has modified and weakened its story somewhat. It does indeed say “updated”, though not in what way. I did like BI’s “Many have questioned other aspects of the revelations, such as the amateurish appearance of the slides (though they are believable to those with government experience)”.]
[UUpdate: there is a US govt factsheet. Some of it is potentially weaselly Under Section 702 of FISA, the United States Government does not… – yeah, but what about things *not* done under section 702? However, it does make some direct positive statements PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers… So it looks more and more to me as though either the US govt, and Google, are lying to us directly; or (far more likely) the Graun and WaPo are wrong.]
[UUUpdate: the Graun sez Technology giants struggle to maintain credibility over NSA Prism surveillance. The substance is the same: Graun makes claims, the companies say they’re wrong, and the Graun has no evidence. The institution that is leaking credibility is the Graun, not the companies.
And: just when you thought they couldn’t lose the plot any more, we have them calling this the biggest intelligence leak in the NSA’s history. That’s twaddle. So far, this is nothing: they have no substance.]
[UUUUpdate: at last, the dog that didn’t bark in the night speaks, though softly. Bruce Schneier, who I’d have hoped would be on top of this, has some stuff to say. He praises whistleblowers in general; I agree. But he only talks about PRISM in an afterword, and its pretty clear that he doesn’t know what is going on either. He praises Edward Snowden but I think that is premature – some of the stuff the Graun has him saying makes him sound rather tin-foil-hat to me.]
[Late update: the Graun has now admitted that the original story as wrong, although to their discredit only by implication. They were no honest enough to publish an upfront correction – or, in other words, they are simply dishonest.
Kevin Drum points out that the Graun was mislead by the words “direct access” in the original powerpoint -and makes the obvious point (that I’ve though of, but not written down): why didn’t Snowden tell the Graun this? Its hard to think of a reason that rebounds to his credit. the most obvious are (a) he’s clueless, or (b) he knew that with that error corrected, the powerpoint was dull. Its not possible that it was an oversight, since the Graun talked to him *after* the story was public, and this was a major point.
More: The Graun (or is it just Glenn Greenwald?) is claiming total accuracy and no backpedalling. Read his point (4). How odd.]
Much later: even though the “direct access” claim has been thoroughly refuted, the Graun is still peddling this crap on Friday 12 July 2013. Have they no shame?