Snowden, NSA, PRISM — the “direct access” question
I regard the “direct access to the systems” claim as neither confirmed nor disconfirmed. Here’s why:
The tech companies’ assurances aren’t enough to disconfirm the claim. These companies have already been coerced (or bribed) into supporting PRISM, so it’s not such a big stretch to imagine them being coerced (or bribed) into lying about PRISM data collection. If PRISM really is important to national security (and is “the SIGAD used most in NSA reporting”), lying makes perfect sense. Of course, lying is also a viable approach from a business standpoint — perhaps the only viable approach.
Alternatively, the companies may not be lying; they may simply be unaware of the NSA’s direct access. Crypto experts believe the NSA is decades ahead of academia when it comes to crypto, and the same is undoubtedly true for cyber tech in general. Or it could be more of a people blindness than a tech blindness. Either way, does the NSA have the will? Very likely. Does it have the means? Also very likely.
The slides themselves are suggestive, at worst, for confirmation purposes — and ambiguous, at best, for disconfirmation purposes. It’s worth reflecting on the plausibility or lack thereof of the disconfirmation scenario (i.e., the scenario in which the tech companies are telling the truth and are right), which includes these elements:
- The NSA has given a top-secret code name and status to the pedestrian process of sending out legal documents and getting data in return.
- The NSA didn’t have this pedestrian process available before 2007.
- This pedestrian process took the NSA five years to implement across all providers. (In the disconfirmation scenario, something is laughably off here unless we factor in considerable legal resistance. Even then, there may still be something laughably off about what results: “Look at this top-secret five-year timeline. It shows when companies stopped ignoring our legal requests.”)
- This pedestrian process deserves to usurp the glory of the fiber-optic sniffing referred to as “Upstream” in the slides — “Collection of communications on fiber cables and infrastructure as data flows past.” (In the disconfirmation scenario, this is the technological equivalent of Dan Brown deserving to usurp the glory of Shakespeare.)