In the past few days, the super-secretive National Security Agency has been buffeted by a series of rare, damaging leaks, apparently all from one mid-level IT contractor, Edward Snowden. The most damaging revelation (so far) may be that the NSA apparently routinely collects and stores phone records of millions of Americans. But the splashiest arrived in twin articles, in The Washington Post and The Guardian, about the NSA's PRISM program.
Both newspapers reported that PRISM gave the NSA "direct access" to the servers of nine internet giants, including Google, Facebook, Apple, and Microsoft. Those tech companies "participate knowingly" in the program, The Washington Post said, which lets the NSA reach deep inside the U.S. companies' machines to extract "audio, video, photographs, emails, documents, and connection logs that enable analysts to track a person's movements and contacts over time."
That sounds scandalous, but, "it turns out, the NSA PRISM story isn't quite the bombshell that everyone said it was," says Bob Cesca at The Daily Banter. There are certainly reasons to be very concerned about government electronic surveillance, says Cesca, "but the reporting from [The Guardian's] Glenn Greenwald and The Washington Post has been shoddy and misleading."
The first sign that something wasn't right with the story was that the tech companies strongly denied that government snoops had any access to their servers. Then, "a funny thing happened," says Ed Bott at ZDNet: Quietly — without issuing any clarification or correction — "The Post revised the story, backing down from sensational claims it made originally." Gone was the phrase "participate knowingly." The phrase "track a person's movements and contacts over time" was changed to "track foreign targets." Also erased: The claim that the NSA is "tapping directly into the central servers" of Silicon Valley giants.
Those are huge changes to slip into a story, and many of the paper's other claims appear to be wrong, too, says Bott:
The real story appears to be much less controversial than the original alarming accusations. All of the companies involved have established legal procedures to respond to warrants from a law enforcement agency or a court. None of them appear to be participating with widespread surveillance. So what went wrong with The Post? The biggest problem was that The Post took a leaked PowerPoint presentation from a single anonymous source and leaped to conclusions without supporting evidence. [ZDNet]
The Guardian has not modified its original articles. To the contrary, Greenwald has been actively defending his reporting, and this op-ed, by Roy Greenslade, appears in Monday's Guardian: "Could The Guardian win a Pulitzer for Edward Snowden's NSA revelations?"
Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, said on Sunday that Snowden and Greenwald have no idea what they're talking about:
So, if PRISM doesn't give the NSA unfettered access to all our online files, Gmail messages, Facebook posts, and tracking metadata, what does it do?
Basically, "PRISM is a kick-ass GUI [graphical user interface] that allows an analyst to look at, collate, monitor, and cross-check different data types provided to the NSA from internet companies located inside the United States," says Marc Ambinder at The Week. That data is stored on U.S. servers, but "a lot of foreign intelligence runs through American companies and American servers."
The chain of action works like this. Under the FISA Amendments Act of 2008, the NSA and the attorney general apply for an order allowing them to access a slice of the stuff that a company like Facebook keeps on its servers. Maybe this order is for all Facebook accounts opened up in Abbottabad, Pakistan. Maybe there are 50 of them. Facebook gets this order.
Now, these accounts are being updated in real-time. So Facebook somehow creates a mirror of the slice of stuff that only the NSA can access. The selected/court-ordered accounts are updated in real-time on both the Facebook server and the mirrored server. PRISM is the tool that puts this all together. Facebook has no idea what the NSA is doing with the data, and the NSA doesn't tell them. [The Week]
And while what PRISM does, and how, may be top secret, its existence isn't, says Declan McCullough at CNET.
PRISM is also the name of a data processing tool used for other intelligence purposes, meaning it may be the same utility. It stands for "Planning Tool for Resource Integration, Synchronization, and Management," and it's long been in common military use. An Air Force-commissioned report that predates the FISA Amendments, for instance, describes PRISM (PDF) as "Web-based collection management software." It's not unusual to see PRISM experience required in job postings at government contractors as well. [CNET]
Still, others maintain that the PRISM leak raises "troubling questions about privacy and civil liberties that officials in Washington, insistent on near-total secrecy, have yet to address," says The New York Times:
Today, a revolution in software technology that allows for the highly automated and instantaneous analysis of enormous volumes of digital information has transformed the NSA, turning it into the virtual landlord of the digital assets of Americans and foreigners alike. The new technology has, for the first time, given America's spies the ability to track the activities and movements of people almost anywhere in the world without actually watching them or listening to their conversations. [New York Times]
It's this massive new power that makes Snowden's leak the most important in American history, says "Pentagon Papers" leaker Daniel Ellsberg at The Guardian.
Obviously, the United States is not now a police state. But given the extent of this invasion of people's privacy, we do have the full electronic and legislative infrastructure of such a state.... That is what Snowden has exposed, with official, secret documents. The NSA, FBI and CIA have, with the new digital technology, surveillance powers over our own citizens that the Stasi — the secret police in the former "democratic republic" of East Germany — could scarcely have dreamed of.... This wholesale invasion of Americans' and foreign citizens' privacy does not contribute to our security; it puts in danger the very liberties we're trying to protect. [Guardian]