Some Questions For and About Edward Snowden
Via Andrew Sullivan, I see that a number of people are pushing back against Glenn Greenwald's insistence that the PRISM program allows "direct access" to servers from Google, Microsoft and other tech companies. I'm glad to hear that, because it raises some questions that deserve answers.
As regular readers know, the "direct access" claim puzzled me from the start. Even with my modest technical background, I understood immediately that it didn't make sense. Sure enough, the Washington Post walked back the claim a bit the next day, the New York Times walked it back further the day after that, and even the Guardian has now finally agreed that it's wrong—though they buried the admission in the 18th paragraph of a story published a week after the original report.
There are various reasons this is important. The number one reason, obviously, is that we need to understand what's really happening. There's a huge difference between (a) Google giving NSA unfettered access to all of its user data whenever NSA feels like looking at something, and (b) Google agreeing to set up a secure method of transferring data that NSA has obtained a court order for. It's night and day.
But there's another reason: I want to know how far I can trust Edward Snowden. He's supposed to be a technical guru of some sort, but apparently he didn't understand this. Or, if he did, he didn't bother clearing it up for either Glenn Greenwald or Bart Gellman, who both went with the "direct access" phrase in their initial stories. If it's the former, I wonder just how much he actually knows about NSA's capabilities. If it's the latter, I wonder about his motivations.
I'd also like to know just what PRISM is. Is it really an NSA codeword for a data collection program? Or is it merely the name of the unclassified software they use to provide access and project management capabilities for the data they already collect? Does Snowden know? If not, why not?
Snowden has made several other dubious statements, including the suggestion that he could order a wiretap on anyone he wanted, and that he had access to any CIA station. Put this all together, and I think it's reasonable to ask just how much we can trust what Snowden is saying. He's done a public service by shining the spotlight on NSA's activities, but that doesn't mean he gets a pass on tough questioning. I'd like to hear some answers about this stuff.
UPDATE: Several commenters have pointed out that NSA's own PowerPoint presentation claims that PRISM provides data "directly from the servers" of Microsoft etc. That's true, and it's precisely the problem: Greenwald and Gellman apparently read that and simply passed it along without understanding what it implied. That can lead you badly astray, as it seems to have done here.
This is not a pedantic point. It's absolutely critical. "Direct access" implies that NSA can just root around in Google's servers whenever they want. That's big news. Conversely, a story about how companies transfer information to NSA after they get a court order is a complete nothing. Who cares what technical means are used to transfer data to NSA? What we care about is what kind of information NSA is getting, and nothing in the PRISM story has given us any insight into that.
If Snowden really has the technical chops he claims to have, he should have cleared this up. But Greenwald and Gellman apparently didn't ask about it, and Snowden apparently didn't volunteer anything. (I say "apparently" because I don't know for sure who said what to whom.) This suggests either that Snowden didn't know what this phrase meant or else chose not to explain it properly. Either one raises some red flags.