Reports of PRISM, the National Security Agency’s program to gain perpetual access to all the information running through the servers of major Silicon Valley companies, are enough to give anyone a jolt. And, considering what we know about the N.S.A., it seems plausible that it’s spying on us. But there are some things about PRISM that don’t quite add up:
Are the companies lying?
Apple, Facebook, Google, Microsoft and Yahoo have all said that the government does not have access to their servers. This, from Google:
From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘backdoor’ for the government to access private user data.
Here’s Apple:
We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.
Maybe the companies are playing semantics with the terms “backdoor access” and “direct access”. And Apple doesn’t have to have heard of PRISM to be a part of it. Still, these are pretty strong denials for companies that generally play it very close to the vest.
Dropbox (coming soon)?
You’d expect a program based on accessing corporate servers to target only companies that have their own servers. But Dropbox, which was reportedly “coming soon”, according to the leaked PRISM presentation, runs its business on Amazon’s cloud servers. Yet Amazon is not one of the companies involved.
Has the N.S.A. ever done anything for $20 million?
The presentation and reports seem to describe a program of breathtaking scope, all for the modest price of $20 million annually. The New York Police Department spent significantly more than that last year just to keep its own phones running. Of course, the N.S.A. does seem to have saved money by skimping on the cost of the presentation, which looks like it was thrown together in a few minutes by a someone new to PowerPoint.
They’re only spying on foreigners?
James Clapper, the Director of National Intelligence, said Thursday night that the newspaper reports contained “numerous inaccuracies.” He said that the program, authorized under the Foreign Intelligence Surveillance Act, targeted only Internet users outside of the United States. “It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.” It isn’t immediately clear how the government could distinguish between these in any practical way. I
t’s possible that Clapper’s reference to intentional targeting is a way of saying what the government does once it has gathered a huge amount of data and stored it on N.S.A. servers. There is clearly a lot to learn in the hours and days ahead, maybe starting with the N.S.A. documents leaked by Anonymous on Friday morning.
