A day after The Washington Post and Guardian published bombshell revelations that America's biggest tech companies are allowing the U.S. government to constantly monitor highly personal data contained in their servers, the facts remain fuzzy and somewhat fluid--and the statements of the parties involved don't add up.
All the tech companies have issued denials, saying they haven't given the government "direct" access or a "back door" to their servers under a surveillance program called PRISM, as the Post and Guardian stories claim.
Google's Larry Page repeated his company's denials in a blog post today: "First, we have not joined any program that would give the U.S. government--or any other government--direct access to our servers. Indeed, the U.S. government does not have direct access or a 'back door' to the information stored in our data centers."
The National Security Administration is saying the news stories are "full of inaccuracies," but isn't saying what the inaccuracies are. However, the NSA isn't denying the claims made in the stories. It hasn't said it's not working with Google, Facebook, Apple and all the other companies who've denied PRISM cooperation. If anything, the NSA is stressing that the PRISM program was never meant to spy on Americans.
So how do we square this disconnect? On one side, we have Silicon Valley saying it's not working with government spooks. On the other side, we have an NSA slide that lists exactly which big tech companies are working with PRISM, even noting their start dates.
For its part, The Washington Post, which first broke the story yesterday, is making a slight modification today. This might explain some of the disconnect between its story and the staunch denials of the tech companies:
"It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,' rather than directly to company servers."
Is it possible that everyone's telling the truth? Possibly, yes. But only if you allow for a wide breadth of interpretation and license in how you parse the words from everyone involved.
"If you read the denials coming from the tech companies, they are carefully worded and really amount to non-denials," EFF staff attorney Nate Cardozo told TechHive Thursday afternoon. "They all are saying that they didn't provide direct access to the servers, but what they are probably doing is providing access to the data via an API, which would be indirect."
Sign up for CIO Asia eNewsletters.