I agree, this is one of the few useful analyses of the PRISM leaks that makes much sense. One begins to feel that the Snowden person is a relatively low-level employee of government contractors, with a predisposition to the EFF/EPIC/ACLU end of the spectrum, who came across some slide decks, misinterpreted them, and constructed some far-fetched conclusions therefrom, and wrapped himself in the middle. Greenwald probably didn't do him any favors, because he has a history of grabbing any barely-true story and detonating it (see: dozens of wrong things written by him in regards to the Plame thing.)
Under rational scrutiny the PRISM story has fallen to pieces. It doesn't make any sense that all of the high-level executives and hundreds of thousands of top engineers have no idea what is happening, while some guy from Booz Allen and a blogger are the only people with the truth.
I also agree that the article poses useful questions that need answers. However, in this case I think it is extremely important that we get real answers, and don't allow ourselves to be swayed by ad-hominem or other specious arguments. Greenwald may be a flake, and it is one unknown's word against that of many public and powerful people... but lets not let that stop us demanding those answers.
These allegations are very serious and if by any remote chance they were true, those powerful people would be busy trying to make Greenwald look like a flake and Snowden like a confused tech incompetent.
Excerpt: "How is this apparent contradiction possible? It is generally done via secret arrangements not with the company, but with the employees. The company does not provide back-door access, but the people do. The trick is to place people with excellent tech skills and dual loyalties into strategic locations in the company. These 'assets' will then execute the work required in secret, and spare the company and most all of their workmates the embarrassment. ..."
In a discussion of this article (on a cryptography list) I observed this incredulous response: "Hmm. So what does that mean a team of ex-military/intelligence security
people work there way up or get assistance with contacts and references,
replace all the key people in a companies inner security department and
start coding up backdoors, APIs and allowing VPN access to it? All without
telling anyone or getting noticed by ops people etc."
To which the other party retorted: "Been there. They are noticed, but you get orders from on high to shut up and not notice."
If that's all true, then it sounds like only a very few engineers and managers acting as moles will have specific knowledge of the program. A few non-mole engineers will sense that something's afoot, but they'll stay mum. Maybe that's as far as it goes.
Well that's great, but it's also stupid. Companies like Google and Facebook have hundreds of high-level engineers staring at all levels of their system all day long, trying to find out where their microseconds have gone. And these people are responsible for umpteen billions of dollars in capital expenditures every year, and responsible for capacity planning and so forth. The theory espoused at the link you posted requires that all of these people are either not smart enough to notice that an external entity is using their resources, or that these people, who I would point out are largely not Americans, are in on the conspiracy, or, finally, that the NSA is capable of pulling off their surveillance without having any detectable impact on production CPU, memory, storage, and networking.
It is also, as far as I know, illegal to hack or disrupt computer networks in that way (even for the NSA). If they had warrants giving them access to information they wanted it would have been overkill to do something like that, risk getting caught, and now have to go to the company for intelligence cooperation in the information.
and if the NSA should break the law that makes it illegal to hack networks in this way, what would be its punishment? Do we send the NSA to jail? Do we fine the NSA? Who do you think pays the for the lawsuit (punishment, legal team, etc) when the NSA breaks the law?
I had the same thought as you, which is why I posted the skeptical response "... All without telling anyone or getting noticed by ops people etc."
To anyone who notices, there's always "shut up and not notice." But there's also "oh that rsync you see there is for our geographically redundant backup facility" or whatever -- in other words, dissembling.
Under rational scrutiny the PRISM story has fallen to pieces. It doesn't make any sense that all of the high-level executives and hundreds of thousands of top engineers have no idea what is happening, while some guy from Booz Allen and a blogger are the only people with the truth.