The NSA slide that tech experts say Glenn Greenwald misinterpreted. (The Guardian/NSA, US Federal Government.)
Bloggers and experts in the tech world have been raising an important caveat to a key aspect of Glenn Greenwald’s world-shaking scoop about the NSA’s PRISM story—an aspect my friend Karl Fogel, an open-source software guru, blogger and the proprietor of QuestionCopyright.org, calls an “epic botch” by Greenwald. People outside of the tech world absolutely need to know about this debate too, which is why, though I’m no expert, I’m sharing it with this wider audience. I deeply admire what Greenwald and his team at The Guardian are doing. I write in the interest of helping them do it better.
The “crucial question,” as Fogel frames it in a blog post, is this: “Are online service companies giving the government fully automated access to their data,” as Greenwald says they are, “without any opportunity for review or intervention by company lawyers?” This is what the companies have been denying—in statements that critics have been interpreting as non-denial denials. (Apple: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.” So what if Apple et al. knew the formal name of the program? And what about indirect access? Or government contractors? And how are they defining “customer data”? Etc.)
Fogel points out that a widely read post to this effect called “Cowards” from the blog Uncrunched—“What has these people, among the wealthiest on the planet, so scared that they find themselves engaging in these verbal gymnastics to avoid telling a simple truth?”—is “mostly wrong.” He says, “It looks like Greenwald and company simply misunderstood an NSA slide [see image at the top of this post for the slide] because they don’t have the technical background to know that ‘servers’ is a generic word and doesn’t necessarily mean the same thing as ‘the main servers on which a company’s customer-facing services run.’ The ‘servers’ mentioned in the slide are just lockboxes used for secure data transfer. They have nothing to do with the process of deciding which requests to comply with—they’re just means of securely and efficiently delivering information once a company has decided to do so.”