> When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
> It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
I agree that whether or not the NSA can pull records from these companies without the companies meaningfully reviewing each request is a very important detail.
"But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers" is a strong statement. I agree that it is probably not compatible with the details Google has divulged about its "SFTP and manually by human only" process. But that is only one of the many companies.
I understand the "slides or GTFO" attitude that I'm seeing in these claims that the original story is inaccurate, but I think it's a bit arrogant and premature. A journalist who has seen the entire slide deck continues to tell us that the nature of what the whole presentation reveals is more invasive than a digital lockbox with workflow management software where humans meaningfully verify, evaluate, and approve requests. He could have misinterpreted the slides, but I doubt he would stick to the report so steadfastly once all these objections arose if he were not pretty confident he understood the claims in the Prism presentation.
We shouldn't accept that the NSA can grab a user profile without explicit, individual legal approval from the company as fact yet--there's a lot more we will hopefully learn. And how true this is could vary from company to company. But it's silly to ignore that a credible voice who has seen the presentation is telling us something.
I would be slow to assume that anything is known for certain in this kind of "spook biz". I also don't assume that everything interesting has been released on the slides already. (For example, there's interesting reporting in the first Guardian story about what happened to FISA 702 request rates since PRISM was introduced which includes quotations from the slides, but hasn't got much attention seemingly because the relevant slide or slides have not been reproduced yet.) However, there a couple of things that make me fairly confident Greenwald is (or was? I'm not sure if he is still standing by his claim) wrong about this.
One is that AFAIK the Guardian and the WaPo both have access to all the same materials Greenwald has, and they have both been backing away from the NSA-has-root claim for some time. But an even bigger factor is how Greenwald defended his claim. If he'd said "there's still-unreleased material which proves me right, hold tight" that would be one thing. But instead he quoted the "collection directly from the servers" text and linked the new slide it came from, implying that the quotation unambiguously ruled out the drop-box/API interpretation and supported the NSA-has-root interpretation. But in fact "collection directly from the servers" is not at all unambiguous between the two interpretations. And even worse, the You Should Use Both slide, which Greenwald produced as his trump card, provides context which clearly undermines the NSA-has-root interpretation! In that slide it's clear that "collection directly from the servers" is being contrasted with upstream collection of IP data from the telcos. The fact that Greenwald evidently didn't pick up on this himself is pretty clear evidence that his understanding of the presentation is imperfect, whether because it's being distorted by his desire for a bigger and more damning scoop or just impeded by a lack of technical savvy.
> When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
As soon as people suggested that "collection directly from the servers" actually meant a FISA workflow-automation system involving an API and maybe dropbox servers, Glenn Greenwald indignantly denied, or maybe didn't understand, the possibility that the companies' statements could actually be compatible with the PRISM document https://twitter.com/ggreenwald/status/343421926057861121 https://twitter.com/ggreenwald/status/343422182589870081 https://twitter.com/ggreenwald/status/343423399609131008 https://twitter.com/ggreenwald/status/343423727066824705 . Meanwhile both the Washington Post and the Guardian started backing down from the NSA-has-root idea. The paragraph WaPo added to its original story
> It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
plus the later story it printed http://www.washingtonpost.com/world/national-security/us-com... both help to make clear that the Post did intend its original PRISM story to be understood as NSA-has-root.