It's not often that a government scandal sees a run-time like the NSA's "PRISM" program - but then again, it's not often that every major technology company is suggested to be taking part in a spy program such as this. Today's updates to this situation comes from the Office of the Director of National Intelligence who suggests, this June 8th, that media outlets have rushed to report information about PRISM, rushed in such a way as can damage the American public through "reckless" reporting.
As suggested by James R. Clapper, Director of National Intelligence, the surveillance activities published on PRISM and UK-based involvement in PRISM were lawful and not at all a secret from Congress, and are "conducted under authorities widely known and discussed." Clapper goes on to note that: "their purpose is to obtain foreign intelligence information, including information necessary to thwart terrorist and cyber attacks against the United States and its allies."
"Our ability to discuss these activities is limited by our need to protect intelligence sources and methods. Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a “playbook” of how to avoid detection. Nonetheless, Section 702 has proven vital to keeping the nation and our allies safe. It continues to be one of our most important tools for the protection of the nation’s security.
However, there are significant misimpressions that have resulted from the recent articles. Not all the inaccuracies can be corrected without further revealing classified information. I have, however, declassified for release the attached details about the recent unauthorized disclosures in hope that it will help dispel some of the myths and add necessary context to what has been published." - James R. Clapper, Director of National Intelligence
The "attached" mentioned by Clapper is a document called "Facts on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act" which can be accessed at DNI.gov as a PDF. Two key passages are noted here:
"PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision.
The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States."
Meanwhile several groups have come out to speak agains the idea that PRISM had "direct access" to their servers. While government access to user data on each of these networks remains a reality through "careful review" as they mention, it's not quite clear the full extent to which this exchange takes place.
"Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure." - Mark Zuckerberg
Meanwhile, Google's Chief Legal Officer David Drummond has spoken up once again, noting how the government does not have access to Google servers. This is a message similar to what was delivered earlier this week by Google CEO Larry Page and Drummond together, where they, like Zuckerberg, note how they'd never heard of PRISM before this week.
"We cannot say this more clearly—the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media. It is quite wrong to insinuate otherwise. We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. And we have taken the lead in being as transparent as possible about government requests for user information." - Google Chief Legal Officer David Drummond
This is certainly not the end of this affair - though we may never know the full extent to which PRISM or on a more broad level, the NSA, has access to the public's personal information. It's clear that the NSA will continue to make clear their intent to serve and protect the public, while the technology community will continue to speak against the idea that they're giving their servers over to the government.