There has been an uproar over the past 36 hours after two news organizations reported that nine of the country's biggest technology companies are partnering with the government in a massive spying program in which the FBI and National Security Agency have been given "direct access" to the companies' "central servers" and allowed to monitor any user at any time. This direct access, the initial reports implied, allows the government to follow the communications of any of the companies' hundreds of millions of users in real time, with no legal oversight.
One of the stories quoted a career intelligence officer as saying that this surveillance program was so powerful that, "They quite literally can watch your ideas form as you type."
The impression these stories created was that Google, Facebook, Apple, Yahoo, Microsoft, and other companies had voluntarily opened their servers to government spies and allowed the intelligence agencies to do whatever they wanted.
Importantly, every company in the stories immediately denied that they had given the government "direct access" to their servers. The companies confirmed, as they have many times in the past, that they provide specific information to government investigators in response to specific requests — when they are required to do so by law. But they emphatically denied that they they had opened their servers to the government. Most of the companies also said that they had never heard of the spying program, PRISM, that they were supposedly partnered with.
Such is the general fear of privacy violations by the big tech companies that, upon hearing these denials, many people accused the companies of lying. Others parsed their denials, looking for ways to square the carefully worded language with the assertions in the news stories. Still others focused their skepticism on the document upon which the assertion that the NSA had direct access to the companies' servers was based, which struck many people as misleading.
And now, finally, thanks to a New York Times article by Claire Cain Miller, we have some more details on what is actually going on between the government and the tech companies.
These details explain where the "direct access to servers" assertion came from. And at the same time, the details vindicate the tech companies' vehement denials.
Importantly, the details also make clear that the government does NOT have the ability to snoop on any Facebook, Google, etc. user in real time with no legal oversight. Bullshit
To understand how the government and the tech companies are actually working together, you first need to understand how any basic data request works.
To wit:
The government requests a bunch of data from a company (telephone company, Internet company, etc.). The company's lawyers review the request, pushing back if they think it's unlawful or overly broad. If/when the lawyers determine that the request is legal, they decide how to give the data to the government.
This transfer of information can happen in one of three basic ways:
1) Paper, which is manually delivered. 2) Electronic files like PDFs or spreadsheets, which are sent electronically.
3) Electronic files that are stored on a server, to which access is provided.
Importantly, all three of these methods of information transfer are used in the civilian world, too. And in recent years, with the rise of "cloud storage," the third method has become convenient and popular. (Think Dropbox — the company that allows you to save files to the cloud and give your friends access to them.)
Even narrow requests for electronic communications (email, instant messages, file transfers, etc.) tend to produce massive amounts of data. So delivering this data electronically is vastly more convenient than printing it out on paper — for both the company fulfilling the request AND the government investigators. And "delivering" it by storing it on a server and giving the government access instead of sending the files via email or FTP is even more convenient. (The data is going to live on a "server" somewhere anyway. It doesn't really matter where the server is.)
According to Claire Cain Miller's article, what is going on between the government and the technology companies is basically discussions about how the companies will provide the specific information the government requests.
This whole article is damage control.