There are some rumblings amongst tech types that Glenn Greenwald, in his reporting of the PRISM story, misinterpreted one of the alleged PowerPoint slides. Karl Fogel, a pro-open-source blogger tech type, calls it an “epic botch.” So what happened?
Greenwald’s original article over at the Guardian revealed that the government has been using a secret court order to force Verizon into handing over an extensive amount of user data on a regular basis. But Fogel, among others, points to this slide:
Confusing PRISM Slide
That slide has been interpreted as the government directly tapping into company servers to retrieve whatever information the government wants. The Washington Post, which also filed an extensive expose of the program (perhaps more extensive), said the agencies were “tapping directly into the central servers.” Fogel has a problem with this language; his analysis of the slide indicates that what’s actually going on isn’t so much companies handing over keys to their servers, but companies creating a private digital locked box in which the government can access data they’ve requested through legal means.
Fogel writes: “The crucial question is: Are online service companies giving the government fully automated access to their data, without any opportunity for review or intervention by company lawyers?”
The New York Times, in their own investigation, found that this locked box concept is probably what’s going on here. The government uses FISA, the Foreign Intelligence Surveillance Act (the statute that specifies how and in what manner the government can obtain data), to demand information, and instead of the companies handing it over in individual chunks, the government requested these locked boxes so the handoff of information could be efficient and secure. It’s sort of the internet-age equivalent of a source meeting a handler on back-to-back park benches and exchanging manila file folders while never looking at each other. These requests, by the way, are legally binding and also come with a gag order preventing the companies from discussing them.
Fogel, and many other tech types I’ve talked to, are outraged about the media handling of this story. In their mind, the media is bungling all of the intricate technical aspects of the story due to a lack of expertise in the field. And that’s a fair point! Journalists, even tech journalists, are trained to report and write stories, not to have the same command of tech that an IT person has.
Fogel is being kind of ridiculous by calling Greenwald’s discussion of “direct access” an “epic botch,” though. I do think Greenwald misinterpreted the use of the word “servers” and in turn may have misunderstood how this program actually works–not a small thing, and in a case as sensitive as PRISM, we need to make sure we have as many of the facts as possible. (I don’t blame Greenwald for this, by the way; this was a brand-new story and nobody quite knew the scope or effect of it, and he did a hell of a job exposing the surface of the program.)
This post, from Mark Jaquith, another tech type, hammers home that “this is not a pedantic point” and insists that Greenwald’s misinterpretation could be “the difference between a bombshell and a yawn of a story.” I completely disagree; I think it is a worthy point, one that should be discussed and cleaned up, but there’s much more at stake here than whether the government had direct access to a company’s data. I’m glad these guys are on the case; before we decide how to respond as a country to this program, we need to know exactly what’s going on. But I don’t think that if the answer turns out to be “no, the government did not have direct access to this data” that we can just brush off our hands and say “well, okay then.”