What Prism slide-presentation means by "direct access" to Internet giants' servers

At Techdirt, Mike Masnick has further thoughts on the NYT piece on Prism, in which they try to resolve the contradiction between the NSA and Obama's admission that Prism exists and the leaked NSA slide deck is real, and the categorical (and eerily similar) denials from the companies involved (as well as Twitter's glaring absence from the list of cooperating companies):

This is not, by the way, the first time that we've seen Twitter stand up and fight for a user's rights against a government request for data. Over two years ago, we pointed out that Twitter, alone among tech companies, fought back when a court ordered it to hand over user info. Twitter sought, and eventually got, permission to tell the user, and allow that user to try to fight back. It later came out that, as part of that same investigation, the government also had requested information from Google and Sonic.net, with Sonic.net fighting back and losing. It never became clear whether Google fought back.

Separately, however, Chris Soghoian has noted that an "unnamed company" fought back and lost against a FISA court order... and that, according to the PowerPoint presentation, Google "joined" PRISM just a few months later. It is possible that Google fought joining the program, and then only did so after losing in court. That said, Google's most recent denial insists that "the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box." Perhaps they don't consider a special server set up for lawfully required information a "drop box," but others certainly might.

In the end, it appears that the initial Washington Post report was overblown in that it suggested direct access to all servers, rather than specific servers, set up to provide information that was required. That said, it is still true that the FISA Court appears to issue a fair number of secret orders for information from a variety of technology companies, some of them quite broad, and that many of the biggest tech companies have set up systems to make it easier to give the NSA/FBI and others access to that info -- though, they are often required by law to provide that information. The real outrage remains that all of this is happening in complete secrecy, where there is little real oversight to stop this from being abused. As we noted just a few weeks ago, the FISA Court has become a rubber stamp, rejecting no requests at all in the past two years.

More Details On PRISM Revealed; Twitter Deserves Kudos For Refusing To Give In


  1. They built this surveillance system for political repression.  If you are not onboard with status quo, economic or military plans you are potential target.  Political dissidents have been spied on, harassed, and detained for decades now.

  2. One problem with Masnick’s suppositions: the PRISM documents specifically state that the NSA has direct access to the servers.  Either the PRISM documents are incorrect, or the statements from Google are.

    1. I would bet its more likely that the slide show is. The slide show looks like amateur hour, probably left to some under-informed secretary, perhaps delegated by someone who is even less familiar with the technology involved.

      I think this is the same for all companies. They have much to gain from turning this into a government problem (which it squarely is) than to get caught being dishonest twice. They know there is more leaks in the pipe line that Greenwald or others could drop at any second (and Greenwald has said as much).

      1. I wouldn’t bet either way at this point. An underinformed secretary shouldn’t have clearance to read such documents, much less write them–this would suggest there’s some serious confusion at the NSA about what their own projects do, which I grant is possible but I think unlikely.

        Ultimately, industry cannot reasonably answer the questions raised. We don’t know the extents to which their hands are tied, nor to what degree they are obligated to cover up the existence of the program.

        1. Considering what it takes just to be a janitor in the NSA, I have little doubt to become an assistant is more of a strenuous investigation to be hired. There is simply very few ways to be effective at your job without nearing the level of clearance as the person you’re serving. That said, the government is made up of just as many incompetent people (especially political appointees over career public servant), so the veracity of any document is subject to human error.

          Ultimately, these companies have a literal gun to their head from the government and have a figurative gun to their head from their users should this thing have legs and grow. I do not envy the position they are currently in.

      2. >The slide show looks like amateur hour

        I’ve seen this comment posted elsewhere. Who cares about the design? Does the Powerpoint presentation of Higgs-Boson in a Comic Sans make the information less important? Most people are lousy at presentations. This is no surprise.

        The blame lies everywhere including ourselves. Mike Arrington is wrong many times in my view but he was right in calling tech companies cowards.

        1. Woah buddy, if you have some issues with Comic Sans, take it to a support group – I could give a shit about the type face of a document, but how and what it presents. 

          They are cowards in some regards, and Mike hit on a few of those points – but Congress and the Obama administrations overly broad interpretation of the PATRIOT Act has left them little recourse in the current surveillance state we operate in. There are no good guys today (besides Snowden himself), but there are those that had more to lose than others.

      3. Who has more to gain/lose here? The NSA intended for the slide to be kept secret. They had no reason not to call it what it was. Google doesn’t want to be criticized in public. They have every reason to twist the meanings of words. For this reason, the NSA has more credibility on this issue than the companies through which it spied.

        1. The NSA, operation in a possible extra-judicial manner through an overly broad and tortuous interpretation of the PATRIOT Act, in acting programs with severe Constitutional issues at stake in an administration already under fire for a slew of other scandals (some more legit than others) – and you think Google and Yahoo have more to lose? 

        1. Notice how every company made nearly the same denial using nearly the same wording. I’m betting that the NSA distributed an authorized talking point to them by twisting the definitions. If the NSA didn’t distribute the talking point, most of these companies would simply respond “no comment” and that would be the end of it. The fact that they are going as far as to claim no direct access indicates that they were authorized to use that terminology as a form of damage control by the NSA.

    2. In a statement, Google said: “Google cares deeply about the security of
      our users’ data. We disclose user data to government in accordance with
      the law, and we review all such requests carefully. From time to time,
      people allege that we have created a government ‘back door’ into our
      systems, but Google does not have a back door for the government to
      access private user data.”

      (From The Guardian’s article) It looks like the relevant statement is “We disclose user data to [the] government in accordance with the law,” and the rest is chaff.

      Incidentally, the whistleblower responsible for the leaks just made his identity public.

  3. It seems to mean, “Hey, we’re going to be asking for information so often that we’d really like you to make it super easy for us.  In fact, we insist.”  Maybe one of those companies could make producing standardized PRISM servers a side business

  4. The “foreigner” verbiage is also especially weaselly. As I understand this, if you send an email to a non-US citizen, that email is legally subject to surveillance under PRISM. Same goes for chat, private message on a social network, etc.

    So, assuming the government is being truthful about the legal surveillance targets (*cough*), the only internet users who can’t be PRISM’d are US citizens who have never used the internet to communicate with a non-US citizen. Anyone know anyone who fits that description?

  5. One thing to keep in mind is that PRISM is just there to make it easier. And of course it matters that the companies are cooperating (and denying it, playing ‘it depends what the definition of “is” is’ games).

    NSA has direct access to every single packet that goes through any major backbone (pointed out in another slide), so they have all the data. I’m assuming they already have the certs to decrypt anything SSL so they don’t have to waste too much time on the big cracking farms. It’s just easier to search and put into context when the service provider predigests it for you.

  6. Even assuming you buy in to the whole idea of a secret process to review and approve intelligence surveillance, there are 2 things that are broken here: a) The FISC is not giving due scrutiny to the orders it issues and b) The NSA (and possibly other agencies) is taking advantage of the lack of oversight.

    Of course, if you think the idea of a secret court for this stuff is unconstitutional to begin with, the list goes on even from there.

    Some policy suggestions:
    1) Make a law that authorizing, approving or implementing a security classification on any document that contains evidence of illegal activity by the government or government employees as part of their duties constitutes conspiracy to obstruct justice. Statute of limitations to only expire 5 years after the document is declassified.
    2) FISC orders for the collection of more than 72 hours of data and/or more than 5 individuals need to be approved by a 3-judge panel.
    3) Prosecution and/or impeachment against those who have clearly violated their oaths of office to uphold the constitution by requesting or granting obviously illegal and unconstitutional access data..

  7. Not to be a dick, ah, too late. I also have 24 hour direct access to Googles servers and use it to sort mountains of data to find exactly what I am looking for. I am glad to hear the government is using outside contractors for some of this tedious work.

Comments are closed.