he Washington Post has published a massive investigative report revealing a secret state-run program called PRISM, which allows the National Security Agency to legally extract "audio and video chats, photographs, emails, documents, and connection logs that enable analysts to track foreign targets" from the servers of nine U.S. internet companies. According to the document obtained by The Post, the official roster includes Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. (Here's everything we know about PRISM so far.)
The Post has since backtracked on its original stance that the companies "participated knowingly" in the program, and has added this hedging paragraph:
It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing 'collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,' rather than directly to company servers. [Washington Post]
Here are statements from the firms that have so far denied involvement with the program. Remember: Skype is owned by Microsoft, and YouTube is owned by Google. AOL has yet to respond, but we'll update this list when or if it does:
We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it. [Microsoft]
Yahoo! takes users privacy very seriously. We do not provide the government with direct access to our servers, systems, or network. [TechCrunch]
Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a backdoor for the government to access private user data. [TechCrunch]
We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law. [All Things D]
No comment. [VentureBeat]
We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order. [All Things D]
We've seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users' privacy. [TechCrunch]
So what's going on? A few early possibilities:
1. The Washington Post is wrong. At this point, that doesn't look likely.
2. The companies are being less than forthright. They could be phrasing their denials in such a way that they're technically telling the truth. "Comparing denials from tech companies, a clear pattern emerges," writes Andrea Peterson at ThinkProgress:
Apple denied ever hearing of the program and notes they "do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order;" Facebook claimed they "do not provide any government organization with direct access to Facebook servers;" Google said it "does not have a 'back door' for the government to access private user data"; And Yahoo said they "do not provide the government with direct access to our servers, systems, or network." Most also note that they only release user information as the law compels them to. [ThinkProgress]
3. PRISM is simply a very, very closely guarded secret. It could be that the NSA's arrangements with the companies "are kept so tightly compartmentalized that very few people know about it," writes TheWeek.com's Marc Ambinder. "Those who do probably have security clearances and are bound by law not to reveal the arrangement." Security expert Robert David Graham puts it another way:
Internal code names are often not shared with the counterparty. Just because NSA calls it PRISM doesn't mean Apple/Google knows that name.— Robert David Graham (@ErrataRob) June 6, 2013
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- Why I'm a pro-life liberal
- If a nuclear bomb exploded in downtown Washington, what should you do?
- 10 things you need to know today: April 16, 2014
- 31 TV shows to watch in 2014
- He said he was leaving. She ignored him.
- What would a U.S.-Russia war look like?
- Can these 4 couples really afford their dream houses?
- There's a number of reasons the grammar of this headline could infuriate you
- How to be more satisfied with your life, according to science
- The contentious policy at the heart of Cliven Bundy's armed standoff with the government
Subscribe to the Week