Comparing denials from tech companies, a clear pattern emerges: Apple denied ever hearing of the program and notes they “do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order;” Facebook claimed they “do not provide any government organisation with direct access to Facebook servers;” Google said it “does not have a ‘back door’ for the government to access private user data”; And Yahoo said they “do not provide the government with direct access to our servers, systems, or network.” Most also note that they only release user information as the law compels them to.
But the PRISM program’s reported access to data and the now repeatedly confirmed widespread access to phone records and other types of digital data appears to be almost exactly what the 2008 Protect America Act (PAA) allows Foreign Intelligence Surveillance Act (FISA) courts to compel tech companies to do — as many warned around the time of its passage. If tech companies are not providing direct access to their servers but are cooperating with the PRISM program, that leaves at least one other option: Companies are providing intelligence agencies with copies of their data.
This theory isn’t that much of a stretch based on prior reporting. Mark Klein, a former AT&T employee testified in 2007 that the company was splitting and copying all internet traffic coming through his San Francisco office — with the copies being diverted to a secret room controlled by the NSA. And numerous NSA whistle blowers have suggested the agency is hoarding everything everyone is doing online in the name of protecting Americans from terrorists.
It would also match up with James Bamford’s Wired report last year about the goal of the massive NSA data center being built in Utah. Here’s how he describes the ultimate role of the facility:
“Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.'”
ThinkProgress does not have any hard evidence that this is what is happening. But access to copies of all of this data would seem to fit with the warnings of whistle blowers and the very narrow wording used by most tech companies in responding to reports of the PRISM program.
The Washington Post has now backtracked on their claims that government had direct access to servers, editing their report to include more responses from companies and this statement: “[i]t is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing ‘collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,’ rather than directly to company servers.” This change only strengthens the argument that the NSA had access to copies of the data.