NYT: Tech companies cooperated "a bit" in NSA surveillance

Mystery solved?  Last night, Allahpundit started to poke holes in the denials coming from a couple of the Internet service providers found to be cooperating with NSA on their PRISM program, which sniffs the content as well as the connection records of all traffic going through their servers, hoping to find data that prevents a terrorist attack.  (Mary Katharine and BuzzFeed poked holes in one claim that they had successfully done so.)  With providers insisting that they had granted NSA no access to their servers and yet internal documents at NSA showing they had that kind of access, one claim or the other had to eventually collapse.

To no one’s surprise, it’s not the NSA claim.  The New York Times shows that reports of backbone within the corporate offices of Internet giants has been at least somewhat exaggerated:

When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit.

Well, heck, at least they bristled. One did more than just bristle, which answers another question Allahpundit posed yesterday:

Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so.

I imagine this makes the CEOs of Google, Microsoft, AOL, and Facebook a little embarrassed.  Twitter, as AP noted, would have been a pretty critical platform to penetrate, given the ability to message privately through the firm’s systems (DMs).  Apparently, all it took was a refusal to make the NSA go away.  On the other hand, perhaps the NSA could find at least some of that traffic routing through some of the servers they did access.

How did the NSA access those data streams?  Contrary to the denials last night from Google and others, the NYT’s Claire Cain Miller reports that the firms set up systems to allow the NSA to gain access to their content — as the companies themselves dumped it into secure “rooms” for NSA perusal:

The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; FacebookAOLApple; and Paltalk, according to one of the people briefed on the discussions. The companies were legally required to share the data under the Foreign Intelligence Surveillance Act. People briefed on the discussions spoke on the condition of anonymity because they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence.

In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said. …

While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not, which is why Twitter could decline to do so.

But, Miller reports, the NSA didn’t get access to as much as first thought:

But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.

The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.

But what data goes into the secured rooms?  Who gets selected for surveillance?  That depends on the order from the FISA court, and we don’t get to see those.  Theoretically, this would mean that the NSA could avoid searching through everyone’s records … but then, how do they find the targets in the first place?  Data mining, especially through content, only works with the widest possible trawl of data.  If this program is vital because it finds needles in haystacks, it’s not because we already know the location of the needles and have to locate the haystack.

This report raises as many questions as it answers.  Looks like the “debate” will continue.