- Sasha Obama went to prom and Twitter is delighted with the photos 6 Years Ago
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Today 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Today 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Today 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Today 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Today 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Today 6:30 AM
- How to watch the Copa del Rey Final online for free Today 5:45 AM
- How to watch the DFB-Pokal final for free Today 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’-inspired miniseries is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Friday 1:58 PM
- Instagram photos showing prison conditions spark massive protest Friday 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Friday 1:03 PM
The NSA doesn’t need a secret back door to Google’s servers to get the information it wants.
Though we don’t know the particulars of PRISM—the recently revealed program that allows the NSA and FBI to monitor users of Google, Yahoo, and Facebook, among others—a clearer picture is starting to take shape as those companies deny being part of such a system.
An NSA presentation, leaked late Thursday, says that the intelligence agency gathers communication information—everything from emails to video chat logs—directly from nine major Internet companies. What’s interesting isn’t just that these companies have issued seeming denials to these claims, but how they’ve issued them.
“Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers. … We hadn’t even heard of PRISM before yesterday,” Facebook CEO Mark Zuckerberg said on that site. “When governments ask Facebook for data, we …only provide the information if is required by law.”
“We have never heard of PRISM,” Apple said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
“We do not have any knowledge of the Prism program,” AOL announced. “We do not disclose user information to government agencies without a … formal legal process, nor do we provide any government agency with access to our servers.”
“We provide customer data only when we receive a legally binding order or subpoena to do so,” Microsoft said.
In other words, assuming no one is lying outright, all the companies the NSA says it taps for information agree on three things:
1) They don’t give the government direct access to their servers.
2) They do comply with court orders.
3) They haven’t heard about a specific system called PRISM.
There is absolutely nothing in these claims that contradicts a theory put forth by security expert Lauren Weinstein: that PRISM doesn’t actually tap directly into any company’s servers. Instead, it’s a quick and easy court process. Under it, the NSA and FBI can easily get a court order for targets of their choosing.
The government likely doesn’t have “back doors” into major Internet sites that would allow government access to those sites’ user data on a “willy-nilly” basis. But it does seem reasonable to assume … that the government has pressured major Internet sites to deploy the means for rapid access to specific data requests that would be mediated by gatekeepers at those firms.
That is, NSA (or whomever) would have an expedited means to present a firm with (for example) a court order…
“That’s certainly a possibility that would be consistent with what we know so far,” Matt Zimmerman, an attorney at the Electronic Frontier Foundation, told the Daily Dot, though he stressed that understanding the exact nature of PRISM is still a work in progress.
In fact, the Director of National Intelligence, James Clapper, seemed to explicitly agree with this theory in a release issued Thursday. He doesn’t refer to the program outlined in the Guardian and Washington Post articles as PRISM, but rather as a “collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA).”
FISA was renewed by law in 2012; it passed the House, dodged amendments in the Senate, and was signed by President Obama in December. FISA listens to NSA and FBI requests for information about communications—emails, phone calls—and issues something of a secret warrant for them to obtain this information. FISA rulings themselves are conducted in secret.
FISA courts—which, as of 2008, no longer require the government to show probable cause or even identify its targets to get a surveillance order—are set up to rapidly issue the exact sort of secret demands for user information that Weinstein suggested.
That leaves one hitch: What about the fact that none of those companies had apparently ever heard of PRISM? It probably doesn’t matter. There’s no particular reason the NSA would have to tell them the details of the overarching program under which it was obtaining court orders.
Besides, as cybersecurity expert Robert Graham tweeted, “Internal code names are often not shared with the counterparty. Just because NSA calls it PRISM doesn’t mean Apple/Google knows that name.”
Photo by davidsancar/Flickr
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.