News organisations and, possibly, the National Security Agency leaker Edward Snowden himself, are misinterpreting a key concept in a leaked NSA presentation, senior tech industry sources say.
One of these sources argues that this misunderstanding calls into question whether Snowden really understands some of the other assertions he is making about U.S. intelligence activities.
Late last week, two major newspapers reported that the National Security Agency has “direct access” to the central servers of the world’s biggest Internet companies, including Google and Facebook.
With this access, the papers implied, the U.S. government can snoop in real-time on the digital communications of hundreds of millions of people worldwide.
After these reports appeared, the companies named in the reports issued vehement, explicit denials about the “direct access” assertion. And when sceptics suggested that the companies were just parsing their words carefully, the companies issued even more explicit and strenuous denials.
Google, for example, said the government has no access to its servers, no “back door” into the systems, and no API (application programming interface) through which the government could spy on its users.
Facebook said basically the same thing, adding that the government had also not requested vast amounts of “bulk data” like the startling request that was made of Verizon.
All the companies confirmed that they do provide data to the government in response to specific court orders — once the requests have been reviewed by the companies’ lawyers. And after a batch of data is delivered to the government (often, presumably, electronically), the government can obviously query the data however the government likes.
But senior tech industry sources say that the assertion that the government has “direct access” to these companies’ servers — and, with it, unlimited real-time snooping capabilities — is flat-out wrong.
So it’s worth reviewing where this claim of “direct access” to the companies’ servers came from. And it’s worth asking how much, if at all, this apparent misunderstanding calls into question some of the other claims made by the 29 year-old NSA leaker, Edward Snowden.
The assertion by The Guardian and The Washington Post that the NSA and FBI had “direct access” to the servers of Google, Facebook, and other companies came from the following slide (published here by The Guardian), which is from a National Security Agency presentation obtained by the papers. The presentation, the papers have now revealed, was provided by Snowden, who is now holed up in a hotel in Hong Kong.
As you can see, this slide suggests that the government is collecting data in two ways: first, from the “fibre cables” that the data flows through as it travels from the sender to the recipient (a.k.a., the Internet); second, in the “PRISM” program, from the companies themselves.
Specifically, the green area in the bottom of the slide states that the PRISM collection comes “directly from the servers of [nine] U.S. Service Providers.”
According to many of the technology companies named in that sentence, however, as well as the senior tech industry sources that we have spoken to, the “directly from the servers” wording is either being misinterpreted or is just plain wrong.
It is true that any data provided by Google, Facebook, et al, to government investigators does come originally from some “servers” of these companies — because that’s where the data is sent, received, and/or stored.
Importantly, however, the government does not have access to these servers.
The government gets the data only after the companies’ lawyers approve the government’s request for the data and the companies then either send the data to the government or put the data somewhere the government can access it (by storing it on another server, for example, to which the government is granted access. This is a common method of sharing data these days, although according to a New York Times report, the companies are not using a server on their premises to share data with the government).
If the government were making massive data requests of these companies — for example, if the government were demanding to see “all data generated by all Facebook users in the years 2012 and 2013” — then this might be a distinction without a difference. But according to the companies and our sources, the requests are far narrower than that.
(One source estimated that the number of actual people covered by data requests at one big technology company over the past few years was in the “thousands,” not the millions, much less the hundreds of millions. The source did not have exact numbers, however.)
The bottom line is that news organisations and, possibly, NSA leaker Edward Snowden, appear to fundamentally misunderstand the nature of how the big tech companies provide data to the government.
And given that misunderstanding, it’s worth asking what else Snowden might not understand.
In his interview with The Guardian, Snowden made two claims that were particularly startling:
- First, that he, Snowden, a 29 year-old contractor, could easily “wiretap” anyone in the United States including “you or your accountant, to a federal judge, to even the President.”
- Second, that the U.S. government is secretly recording nearly all human communications (not just American communications — human communications).
Snowden did not elaborate on exactly what he meant by these claims. (Would this “wiretapping” be legal? Could Snowden actually initiate the wiretap or did he just have the authority to order it? Is the government recording the contents of communications or just records of communications? Etc.) But at first glance, the claims seem far-fetched.
And given that Snowden appears to misunderstand how the government gathers data from big technology companies — or is passing on a presentation that misrepresents this — it seems possible that he might be misunderstanding these broader assertions, too.
In any event, the first order of business for those who are interested in what Snowden has to say (e.g., pretty much everyone) is to get more detail on what, exactly, he is claiming the government can and can’t do and is and isn’t doing. And then the second step will be to corroborate his assertions with other intelligence sources.
Snowden’s leak appears to be one of the most significant intelligence leaks in history. If nothing else, it has triggered a public debate about how much information the government is and should be collecting and how it is using that information. Although public awareness of U.S. data gathering might make the program less effective as a national security tool, it appears to be high time that the public understands what the government is and isn’t doing.
Business Insider Emails & Alerts
Site highlights each day to your inbox.