> How is that? That has nothing to do with whether the US records are correct.
I have no idea how Greenwald brought up the issue of Boundless Informant in his book, I just know that I saw slides in his PDF showing the US and Poland (maybe more - I forget). In that series of articles, they seemed to make pretty clear that the program was showing where the collection came from, not where the targets were. So, for example, the numbers from Norway represented communications collected "to support Norwegian military operations in conflict areas abroad, or connected to the fight against terrorism, also abroad". Same with Germany, France, Spain and Italy (I'm probably missing some). When it comes to the US numbers, I don't see that it's that big of a leap to take the same statement that the Norwegian intelligence service made, and replace all instances of "Norway" with "US".
> That was the Gellman and the Washington post that claimed that, without question. The Guardian article framed it as a question. Greenwald never had to issue any retractions.
From the article published in The Guardian[1]:
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
...
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
With regards to the provider's denials, I don't see anything evasive about them:
Google: "I'm not sure what the details of this PRISM program are, but I can tell you that the only way in which Google reveals information about users are when we receive lawful, specific orders about individuals -- things like search warrants. And we continue to stand firm against any attempts to do so broadly or without genuine, individualized suspicion, and publicize the results as much as possible in our Transparency Report. Having seen much of the internals of how we do this, I can tell you that it is a point of pride, both for the company and for many of us, personally, that we stand up to governments that demand people's information." [2]
Microsoft: "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it." [3]
Facebook: "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure."[4]
AOL: "We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers." [5]
Every one of them is very clear: the NSA needs a court order to get user's data, and they have only complied with orders for specific users.
The two statements from The Guardian are referencing the documents themselves. If you want to talk about out of context, you missed the headline and the multiple paragraphs framing it as a question of what the providers say versus what the NSA documents say.
"Direct access," these are the NSA's own words. The Guardian ran the providers statements versus what the NSA documents said. That's a fact. That's why there are no retractions in The Guardian's story, and as Soghoian says they don't actually deny "direct access" in those statements, legally. What's likely is that the companies allow them to run informal searches to narrow the data down.
As for the "court order," they're just talking about a FISA court order which only "allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization," which they readily ignore, and it's more like a general warrant because NSA relies on self-reporting. As Snowden indicated, and LOVEINT showed, analysts can just use bullshit justifications and cover it up. And if they targetted a U.S. citizen, according to their own documents, it's "not a big deal."
Yes - they denied it... because it was false. "Direct access" is not the NSA's own words, they were The Guardian's/The Washington Post's words. The slides themselves say "Collection directly from the servers of these U.S. service providers...", which we later found out means "provided under court order directly from the providers". The Guardian article goes on to say:
"When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers."
That is a blatant lie. The companies receive court orders - they have the ability to challenge the court order in the same way that they would challenge a subpoena or search warrant by going back to the court. If the FISA court doesn't agree, there's still a higher court to appeal to. There has yet to be a retraction of The Guardian's statement.
> As for the "court order," they're just talking about a FISA court order which only "allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization,"
You're mixing up programs now. That quote comes from an ODNI statement[1] about the FISA Section 215 metadata collection (I'm not going into that one now - that's a whole different mess, and IMHO that program is rightly controversial). The PRISM slides repeatedly indicate that this collection under FISA Section 702, which gathers content and which has a whole different set of legal requirements. Most prominently, people collected on under 702 must be reasonably believed to be outside the US and not an American citizen/green card holder/etc. The Snowden trove has yet to show any general warrant style orders related to PRISM.
I think the LOVEINT example actually works in favor of my argument - there was a small group people doing illegal stuff at NSA; they got caught; as a result, they don't work there anymore. You could go on to ask why the DOJ didn't prosecute, and I wouldn't fault you for questioning - I don't know the answer to that one. But citing LOVEINT to justify limiting the NSA's capabilities is kind of like saying "this cop fired his weapon and killed an innocent civilian, so we need to disarm the entire police force."
You're right, partly. Either way, NSA ha(d|s) direct access to Yahoo and Google's internal networks with MUSCULAR and various other WINDSTOP programs that have collected many more records than MUSCULAR, without requiring warrants whatsoever. Arguing over why The Guardian didn't retract is just splitting hairs at this point, because they did include the slide that claimed "direct collection from the servers." Then there's also UPSTREAM. PRISM is hardly the smoking gun in these long chain of events. And again you're right, I did mix up the 215 blurb.
Sorry, I misinterpreted your tone.
> Sorry for the wall of text
No worries - I'm about to post my own. :)
> How is that? That has nothing to do with whether the US records are correct.
I have no idea how Greenwald brought up the issue of Boundless Informant in his book, I just know that I saw slides in his PDF showing the US and Poland (maybe more - I forget). In that series of articles, they seemed to make pretty clear that the program was showing where the collection came from, not where the targets were. So, for example, the numbers from Norway represented communications collected "to support Norwegian military operations in conflict areas abroad, or connected to the fight against terrorism, also abroad". Same with Germany, France, Spain and Italy (I'm probably missing some). When it comes to the US numbers, I don't see that it's that big of a leap to take the same statement that the Norwegian intelligence service made, and replace all instances of "Norway" with "US".
> That was the Gellman and the Washington post that claimed that, without question. The Guardian article framed it as a question. Greenwald never had to issue any retractions.
From the article published in The Guardian[1]:
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
...
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
With regards to the provider's denials, I don't see anything evasive about them:
Google: "I'm not sure what the details of this PRISM program are, but I can tell you that the only way in which Google reveals information about users are when we receive lawful, specific orders about individuals -- things like search warrants. And we continue to stand firm against any attempts to do so broadly or without genuine, individualized suspicion, and publicize the results as much as possible in our Transparency Report. Having seen much of the internals of how we do this, I can tell you that it is a point of pride, both for the company and for many of us, personally, that we stand up to governments that demand people's information." [2]
Microsoft: "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it." [3]
Facebook: "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday. When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure."[4]
AOL: "We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers." [5]
Every one of them is very clear: the NSA needs a court order to get user's data, and they have only complied with orders for specific users.
[1] http://www.theguardian.com/world/2013/jun/06/us-tech-giants-...
[2] https://plus.google.com/u/0/+YonatanZunger/posts/huwQsphBron
[3] http://www.microsoft.com/en-us/news/press/2013/jun13/06-06st...
[4] https://www.facebook.com/zuck/posts/10100828955847631
[5] http://blog.aol.com/2013/06/07/aol-statement-regarding-nsa-p...
EDIT: Fixed formatting