The war over how to spin revelations of the National Security Agency's latest spying program has officially begun.
On the heels of media reports that the NSA has gained accessto the servers of nine leading tech companies -- enabling the spy agency toexamine emails, video, photographs, and other digital communications -- Google has issued astrongly worded statement denying that the company granted the government "directaccess" to its servers. That statement goes so far as to say that the companyhasn't even heard of "a program called PRISM until yesterday."
At first glance, Google's statement is difficult to believe.Senior intelligence officials have confirmed the program's existence, andGoogle's logo is prominently listed on internal NSA documents describing participating companies. But Google may be engaging in a far more subtle publicrelations strategy than outright denial.
Google's statement hinges on three key points: that it didnot provide the government with "direct access" to its servers, that it did notset up a "back door" for the NSA, and that it provides "user data togovernments only in accordance with the law."
According to Chris Soghoian, a tech expert and privacyresearcher at the American Civil Liberties Union, the phrase "direct access" connotes a very specificform of access in the IT-world: unrestricted, unfettered access to informationstored on Google servers. In order to run a system such as PRISM, Soghoian explains, such accesswould not be required, and Google's denial that it provided "direct access" does not necessarily imply that the company is denying having participated in the program.Typically, the only people having "direct access" to the servers of a companylike Google would be its engineers. (Facebook's Mark Zuckerberg has issued asimilarly worded denial in which he says his company has not granted thegovernment "direct access" to its servers," but his language mirrors Google's denial about direct access.)
A similar logic applies to Google's denial that it set up a "backdoor." According to Soghoian, the phrase "back door" is a term of art that describesa way to access a system that is neither known by the system's owner nor documented. Bydenying that it set up a back door, Google is not denying that it worked with theNSA to set up a system through which the agency could access the company'sdata.
According to Soghoian, the NSA could have gained access totech company servers by working with the companies to set upsomething similar to an API -- a tool these firms use to give developerslimited access to company data. Google hasdenied that an API was used, but that denial doesn't exclude thepossibility that a similar tool was used.
To protect itself against allegations that itinappropriately compromised user data, Google further notes in its statementthat the company provides "user data to governments only in accordance withthe law." Despite the outrage directed at the NSA and the Obama administration,PRISM -- as currently described -- is in all likelihood withinthe bounds of the law. In the aftermath of the 2005 disclosure that theBush administration had carried out a warrantless wiretapping program, Congresspassed the FISA Amendments Act of 2008 and the Protect America Act of 2007. Butthose laws did not outlaw the kinds of actions carried out by PRISM.
As for Google's claim to have never heard of PRISM, would theintelligence officials who reportedly collaborated with Google have used the program's actual codename?
The tech companies alleged to have participated in PRISMaren't the only ones who appear to be spinning PRISM to their advantage.
On Friday, U.S. government sources toldReuters that PRISM was used to foil a 2009 plot to bomb the New YorkCity subway. In all likelihood, such counter-leaks will continue in the days aheadas intelligence officials try to portray the program as essential to nationalsecurity.
Welcome to the PRISM spin war.