Two things about the submission title, which is currently: "WaPo: Execs From Internet Companies Acknowledge PRISM"
1. The original title for the article is "U.S., company officials: Internet surveillance does not indiscriminately mine data"
2. The excerpt that the submitted title refers to is this: "Executives at some of the participating companies, who spoke on the condition of anonymity, acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community."
Some, not all of the companies involved. So too soon to conclude that the public statements were lies...but Zuckerberg and Page, at the least, could be said to have lied if the companies referred to in the OP are them (both Page and Zuckerberg said that they (they as in "we") had no prior knowledge of PRISM at all)
"government employees cleared for PRISM access may “task” the system and receive results from an Internet company without further interaction with the company’s staff."
What does that mean? Does the company have any oversight over what's being requested? It doesn't sound like it. How does that square with the statements from the CEOs that each request is carefully considered and restricted?
“The server is controlled by the FBI,” an official with one of the companies said. “We do not offer a download feature from our server.”
This is a very fine distinction that doesn't matter much. Word games are being played here.
> What does that mean? Does the company have any oversight over what's being requested? It doesn't sound like it. How does that square with the statements from the CEOs that each request is carefully considered and restricted?
> The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.
So, it seems, there are Google-lawyer mechanical Turks clicking "OK" or "Contest" (or whatever) for each FISA order in the Google FISA-order queue. If the lawyer clicks "OK" it seems the requested information is slurped automatically from the Google user-data servers into the PRISM server's outbox (and/or a live data feed is set up). If the lawyer clicks "Contest" then presumably something messier and more manpower-intensive happens. A system like this raises plenty of questions - but it doesn't at all automatically conflict with or falsify what the tech CEOs said.
EDIT: Actually there's apparently a direct conflict between the NYT's version and what WaPo appears to be saying here:
> According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.
That seems to imply that there's no Google-lawyer mechanical Turks reviewing the individual FISA orders. Given that that would contradict both the NYT report and the statement from (for example) Page and Drummond http://googleblog.blogspot.ie/2013/06/what.html this is a big deal. Given the WaPo's demonstrated ability to misunderstand information from NSA sources, for the moment I'm inclined to assume that the Post has got this wrong, too - but let's see. (Another possiblity might be that some companies are waving FISA orders of the form "give us the personal data of Suspect X" through automatically, while others still have a lawyer clicking "OK".)
> According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.
Could refer to queries on accounts/targets that have already been approved. In that sense, it's not much different from a traditional wiretap...once it's in place, the government investigators want the ability to monitor it continuously...the difference in this context is that this "wiretap" encompasses Internet activity, which may require active querying beyond passive listening.
Could well be. (Though I'd assume that as long as a "virtual wiretap" is in place on an individual the NSA gets a firehose of everything which happens to that user account (or at least everything the FISA order permits) and then just filters out whatever doesn't interest it.) For my part I wouldn't be surprised if "The companies cannot see the queries that are sent from the NSA to the systems installed on their premises" just turns out to mean "The connection between the on-site server and Fort Meade is protected by SSL" (and probably dedicated fibre). To someone looking at the NSA as the bad wolf here it sounds like an odd thing to emphasise, but from the perspective of an actual NSA agent the security of these off-site servers handling top-secret material (in an environment full of highly-technical leftists and libertarians!) must be an obvious concern. Just for a start, you wouldn't want anyone at Google other than the appointed lawyers taking a look at what you're requesting surveillance on... But that's just a guess of course.
> Zuckerberg and Page, at the least, could be said to have lied if the companies referred to in the OP are them (both Page and Zuckerberg said that they (they as in "we") had no prior knowledge of PRISM at all)
How so? They said they had no system for direct access, and indeed PRISM is apparently not a system for direct access. They said they hadn't heard of PRISM, but it's at least quite possible that they weren't familiar with the NSA's "PRISM" moniker, as opposed to the system itself.
This is not direct access in the sense which the Guardian and Washington Post suggested yesterday and the tech companies denied. OP is the Washington Post (which has access to the full PowerPoint) backing down from that claim, something it had already started to do yesterday http://www.forbes.com/sites/jonathanhall/2013/06/07/washingt... . In the context of the latest slide it's clear that direct collection probably means collection from the endpoint - Google, Facebook etc. - as distinct from "upstream" collection by wiretapping IP traffic through US telcos' networks.
If PRISM means the NSA has unsupervised access to any records they want from these providers, that's pretty disturbing, irrespective of word-games over the meaning of 'direct'. The scope for abuse of this sort of unregulated access rubber stamped by a secret court is huge, and there doesn't appear to be any effective supervision as people like clapper are happy to lie to congress about the extent and methods of the various surveillance programs, and the companies are obliged to lie about the program and conceal its existence.
Secret court orders only apply for data related to US citizens. FISA allows warrantless surveillance of foreign powers. The amount of warrantless data these companies give out is unknown.
>The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.
>"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."
1. The original title for the article is "U.S., company officials: Internet surveillance does not indiscriminately mine data"
2. The excerpt that the submitted title refers to is this: "Executives at some of the participating companies, who spoke on the condition of anonymity, acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community."
Some, not all of the companies involved. So too soon to conclude that the public statements were lies...but Zuckerberg and Page, at the least, could be said to have lied if the companies referred to in the OP are them (both Page and Zuckerberg said that they (they as in "we") had no prior knowledge of PRISM at all)