APHey, “direct access” sounded much more exciting and scandalous. Can we put that back?As the actual details of the government’s data collection under its “PRISM” intelligence program are emerging, the hysteria that followed the initial reports is, justifiably, dying down.
Thanks to vehement, explicit denials by America’s big technology companies, it is becoming clearer that the government does not, as the initial reports stated, have “direct access” to the central servers of Google, Facebook, Yahoo, et al–access with which the FBI and National Security Agency can spy on any of hundreds of millions of global users anytime they feel like it.
Instead, it seems clear that, as in ordinary legal processes, the government frequently requests specific user data from these companies, and, after a legal review, if the companies deem to the requests to be lawful, the companies are making the data available to the government.
Based on the companies’ statements, as well as many follow-on news reports and our conversations with technology industry sources, the hullabaloo about “direct access” appears to stem from a misunderstanding about what “direct access” actually means. What the companies appear to be doing is delivering electronic data that the government has requested–after the companies review the request to make sure the request is legal. Once the companies have delivered the data, the government can access the data on a server, and query it however the government wants. But this does not mean the government has unfettered “direct access” to the companies’ central servers and billions of users, as the initial PRISM reports implied.
Given the volume of the information that the government is collecting, it’s certainly reasonable to consider whether American laws are appropriate and whether the necessary checks and balances in place–or whether we are focusing too much on “security” and not enough on “privacy.” And, as ever, it’s also worth making sure that the government is following the laws.
Importantly, however, these questions have nothing to do with the technology companies. Even the Washington Post has revised its story about government spying and no longer claims that the FBI and NSA are “directly tapping into the central servers” of the big tech companies.* So, as the reality of the process by which the tech companies make legally requested information available to the government becomes clear, the debate should shift to the laws and government behaviour.
Is the secret FISA court that approves specific information requests under the Foreign Intelligence Surveillance Act being too permissive in its approvals? Is the government following the law? Should the FISA oversight or laws be changed?
Those questions are worth asking.
But it seems highly misleading to continue to suggest that America’s biggest technology companies are secretly in cahoots with government spies, are providing direct access to central servers, and are selling out billions of users worldwide.
* The Post’s original story stated as an unqualified fact that Google, Facebook, et al, were allowing the government to “tap directly into the[ir] central servers” to spy on their users. After the story was published and the companies issued immediate and categorical denials, the Post revised its story significantly. Now the “direct access” claim is tied to a government document that some people say is being misinterpreted. And even the Post has now explained that the government is merely receiving electronic deliveries of requested data that the government then can then query and analyse (just as the government does in any investigation):
According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.
Crucial aspects about the mechanisms of data transfer remain publicly unknown. Several industry officials told The Post that the system pushes requested data from company servers to classified computers at FBI facilities at Quantico. The information is then shared with the NSA or other authorised intelligence agencies.
[Our guess is the Post will soon be further revising that last sentence to clarify that it is not “the system” that pushes the requested data to the FBI servers, but the companies. And that would mirror how any company provides requested data to the government–by sending it to them or putting it on a server where the government can get it.]
According to other reports, such as the one the New York Times filed yesterday, the companies haven’t even given the government access to shared delivery servers on their premises.
So, the more details that come out, the more it sounds as though the tech companies are just providing the government with standard electronic delivery of requested data.
Business Insider Emails & Alerts
Site highlights each day to your inbox.