The idea that US-based Internet companies are not directly supplying information to the US government and its intelligence agencies took a hit today with the release of a new slide detailing the PRISM program by Tom McCarthy on the Guardian: it states directly that direct access of servers exists.
Here’s the slide in question:
The slide itself makes it plain that PRISM is in fact distinct from collection of data from ‘upstream’ sources. As the Guardian rightly points out, some have speculated that that specific form of collection is how PRISM operates; those ideas are false, as PRISM instead operates in a quite distinct fashion.
This comes after the companies accused by the media and public at large stated almost in the same language that they do not provide “direct access” to their servers.
The New York Times reported recently on the form of access that has been erected by Internet companies for the United States government. I can’t improve on their language, so we will instead quote their prose:
[I]nstead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.
The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.
That description of the data sharing can jive with the slide; the slide after all doesn’t distinctly state which servers it is pulling from, and could therefore imply the ‘locked mailbox’ that the Times describes. And, at least in my reading, the above description does in fact fit with statements from the companies in question.
Far more data sharing than I am comfortable with? Yes. Too cozy a relationship between private enterprise and government with your data as the pawn between? In my view yes. Legal? Almost certainly.
We should publicly applaud Twitter for refusing to erect easier access to its user data for the government, and award Microsoft demerits for being the first to do so more than a half decade ago.
Top Image Credit: Michael Brunton-Spall