FISA NSA Security

The Guardian Walks Back Prism Allegations

via LGF, The Guardian has changed their story on Prism, however this is not a correction to the original report.

The Guardian revealed last week that seven technology companies – Google, Facebook, Skype, PalTalk, Microsoft, Apple and Yahoo – were involved in the Prism surveillance scheme run by the NSA.

The Guardian understands that the NSA approached those companies and asked them to enable a “dropbox” system whereby legally requested data could be copied from their own server out to an NSA-owned system. That has allowed the companies to deny that there is “direct or indirect” NSA access, to deny that there is a “back door” to their systems, and that they only comply with “legal” requests – while not explaining the scope of that access.

Transferring “legally requested data” to the NSA is a far cry from having the ability to “directly and unilaterally seize the communications off the companies’ servers.” Furthermore, the latest incarnation of the story alleges that information is transferred to an “NSA-owned system,” which is a direct contradiction to the original report that alleged the NSA had direct access to the servers of Google, Apple, and Microsoft.

From the original Greenwald report:

The Prism program allows the NSA, the world’s largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

It’s unlikely Greenwald will issue a correction, clarification, or an apology, leaving it up to other writers to speak for The Guardian.

We don’t know if categorizing the transfer of information as a “drop box” system is accurate, however it seems clear that information is not unilaterally seized from company servers and that companies only comply with legally-binding FISA court orders.