The Washington Post has published a massive investigative report revealing a secret state-run program called PRISM, which allows the National Security Agency to legally extract "audio and video chats, photographs, emails, documents, and connection logs that enable analysts to track foreign targets" from the servers of nine U.S. internet companies. According to the document obtained by The Post, the official roster includes Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. (Here's everything we know about PRISM so far.)
The Post has since backtracked on its original stance that the companies "participated knowingly" in the program, and has added this hedging paragraph:
It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing 'collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,' rather than directly to company servers. [Washington Post]
Here are statements from the firms that have so far denied involvement with the program. Remember: Skype is owned by Microsoft, and YouTube is owned by Google. AOL has yet to respond, but we'll update this list when or if it does:
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it. [Microsoft]
Yahoo:
Yahoo! takes users privacy very seriously. We do not provide the government with direct access to our servers, systems, or network. [TechCrunch]
Google:
Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a backdoor for the government to access private user data. [TechCrunch]
Facebook:
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law. [All Things D]
PayTalk:
No comment. [VentureBeat]
Apple:
We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order. [All Things D]
Dropbox:
We've seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users' privacy. [TechCrunch]
So what's going on? A few early possibilities:
1. The Washington Post is wrong. At this point, that doesn't look likely.
2. The companies are being less than forthright. They could be phrasing their denials in such a way that they're technically telling the truth. "Comparing denials from tech companies, a clear pattern emerges," writes Andrea Peterson at ThinkProgress:
Apple denied ever hearing of the program and notes they "do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order;" Facebook claimed they "do not provide any government organization with direct access to Facebook servers;" Google said it "does not have a 'back door' for the government to access private user data"; And Yahoo said they "do not provide the government with direct access to our servers, systems, or network." Most also note that they only release user information as the law compels them to. [ThinkProgress]
3. PRISM is simply a very, very closely guarded secret. It could be that the NSA's arrangements with the companies "are kept so tightly compartmentalized that very few people know about it," writes TheWeek.com's Marc Ambinder. "Those who do probably have security clearances and are bound by law not to reveal the arrangement." Security expert Robert David Graham puts it another way:
Chris Gayomali is the science and technology editor for TheWeek.com. Previously, he was a tech reporter at TIME. His work has also appeared in Men's Journal, Esquire, and The Atlantic, among other places. Follow him on Twitter and Facebook.
Bermuda destination guide: exploring an island paradise
Vegetable cocktails are having a moment
Mars may have been habitable more recently than thought
