> The initial report of PRISM implied that the NSA and FBI had direct, unfettered access to providers' "central servers", but that has been since walked back a bit.
Really? I haven't been able to follow every report, as the Snowden leaks generated a lot of content over the past year. Can you give a source to where PRISM's central server access has been "walked back a bit"?
Incidentally the author of that story is doing a startup now, visits HN, and actually has posted in this thread! Username is "declan."
Essentially, it seems there are a number of NSA programs that we can now distinguish from one another.
PRISM uses the FBI and FISA court orders to directly request records from hosted application providers like Google, Yahoo, Apple, etc.
But there are also other programs that claim to be authorized under the FISA law that target network infrastructure companies like Verizon and AT&T, apparently sucking up and storing huge amounts of raw traffic directly from network infrastructure. This would be the famous "secret room" at AT&T network building in California. These could suck up Apple traffic (or anyone else) but Apple would not be aware because it's at the network layer.
Then there is MUSCULAR, in which the NSA helped the British GCHQ hack into the internal networks of Google (without Google's knowledge) to suck data out of the unencrypted connections between Google servers.
Really? I haven't been able to follow every report, as the Snowden leaks generated a lot of content over the past year. Can you give a source to where PRISM's central server access has been "walked back a bit"?