Ever since reports from the Washington Post and the Guardian revealed the existence of the National Security Agency's PRISM — the government program that allegedly works with major Internet companies to collect (some) U.S. citizen data — reports have conflicted about whether the NSA has "direct access" to the servers of belonging to some of the biggest tech companies in the world — Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. The Guardian's James Ball released a new slide from the PRISM presentation that he thinks proves the NSA has unfettered access to these servers. He still doesn't prove anything definitively, though.
In the last few days, Facebook and Google were forced to come out and deny the NSA has "direct access" to their servers. "From inside a company's data stream the NSA is capable of pulling out anything it likes," the Post's Barton Gellman and Laura Poitras had reported. Then, on Saturday morning, a pair of reports seemed to corroborate Facebook and Google's defense. They cooperated with the NSA's data collection practices but didn't give the agency the keys to the kingdom.
This was not sitting well with Ball and his colleagues at the Guardian. "Some articles have claimed that Prism is not a tool used for the collection of information from US companies, but is instead an internal tool used to analyse such information," he writes, before getting to his big debunking. "In the interests of aiding the debate over how Prism works, the Guardian is publishing an additional slide from the 41-slide presentation which details Prism and its operation." This is the slide:
So, the two things this slide shows: 1) that PRISM collects information over fiber Internet connections (ahem, Google?); 2) Ball's smoking gun: the words "collection directly from the servers," of the tech companies in question right there on the U.S. government Powerpoint presentation. So that's that, then, right? It says so right there in the slide! Not really.
The upshot of the reports denying the NSA had direct access was there was a carefully crafted routine in place between the NSA and the tech companies: the agency would deliver as FISA request for info, company lawyers look over the request, and then the information would be securely delivered to the NSA. What system is in place to exchange information between the NSA and the tech companies.
Andrew Nacin, the lead developer for Wordpress, doesn't think the NSA has "direct access" to Facebook's servers, as Ball implies:
“Direct access” is *clearly* drop boxes. If you think Facebook would let *anyone* connect to actual DB servers, you’ve never met a sysadmin.— Andrew Nacin (@nacin) June 8, 2013
Here's The New York Times' Claire Cain Miller explaining how Facebook and Google have their exchange system set up:
In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.
We bolded the important parts so they wouldn't be missed. In another example, Miller says an NSA agent worked out of a tech company office for multiple weeks to retrieve information. The agent collected the data on an NSA laptop and brought it back with him.
Ball's insistance that the NSA has access to all the information on Facebook and Google servers is founded entirely on the words "directly from the servers," found on a crudely made government Powerpoint presentation. Glenn Greenwald, the Guardian journalist credited with leaking much of this information, was measured when analyzing the inconsistencies on Facebook:
Our story was written *from the start* to say NSA claimed this, telecoms deny-we wanted them to have to work it out *in public* what they do— Glenn Greenwald (@ggreenwald) June 8, 2013
We reported - accurately - what the NSA claims. We reported - accurately - what the companies claim. It conflicts. That's why we reported it— Glenn Greenwald (@ggreenwald) June 8, 2013
Given the information previously available to us, and developers arguing direct access is next to impossible, his smoking gun isn't very hot. It looks like the result of a confused government agent who can barely make a Powerpoint presentation that would earn a passing grade in college trying to explain the innerworkings of a complicated government data collection network to a room full of people who know even less.