The Guardian has published part 2 of its June 6 interview with NSA whistleblower/leaker Edward Snowden, during which he matter-of-factly states that U.S. tech giants provide the National Security Agency (NSA) with "direct access" to their servers for purposes of bulk collection of data.
The Guardian and Washington Post, to whom Snowden gave 41 NSA PRISM slides, both published articles and several slides that quote the presentation's statement regarding“collection directly from the servers” of nine Internet companies including Google, Facebook, Apple, and Microsoft.
The companies vociferously denied the claims, and the Washington Post subsequently qualified its story by adding "according to a top-secret document obtained by The Washington Post" to the first sentence.
Tech companies then detailed how they respond to NSA requests, which led Business Insider CEO Henry Blodget to proclaim that "we can finally put this 'direct access' claim to bed" unless "you believe that all of these companies are still flat-out lying and/or that the government is illegally breaking into their systems."
In part two of the interview, the former CIA technician and elite hacker places his word against the denials of the tech company when he claims how and why "direct access" works (emphasis ours):
We've got PRISM, which is a demonstration how the U.S. government co-ops U.S. corporate power to its own ends. Companies like Google, Facebook, Apple, Microsoft — they all get together with the NSA and provide the NSA with direct access to the backends to all of the systems you use to communicate, to store your data, to put things in the cloud, and even just to send birthday wishes and keep a record of your life.
And they give the NSA direct access so that they don't need to oversee so they can't be held liable for it. I think that's a dangerous capability for anybody to have, but particularly an organization that's demonstrated time and time against that they'll work to shield themselves from oversight.
Snowden is not saying, as some have argued, that “collection directly from the servers” does not translate to "direct access." In fact, he is saying that's exactly what it means.
While this still sounds far-fetched, it's not altogether unthinkable. The Guardian's original PRISM article states that the program "facilitates extensive, in-depth surveillance on live communications and stored information."
There are at least indications that it is at least plausible that the NSA would want to have access to all of that data, and that tech companies would do what they need to do to comply while also being protected from laws prohibiting them from providing customer data.
"They're in the business of collecting as much information as they can — that's what they do," cyber security expert Mark Wuergler told Business Insider. "They're job is to protect the nation — they want to know everything going on in that nation. They need to know the secrets and it just so happens that people are giving up those secrets in their communications."
In March the CIA's chief technology officer said this to a GigaOm conference in March (emphasis ours):
"Since you can't connect dots you don't have, it drives us into a mode of, we fundamentally try to collect everything and hang on to it forever," CIA CTO Ira "Gus" Hunt said. "It is really very nearly within our grasp to be able to compute on all human generated information."
As for the liability question, the 2008 FISA amendmentprovided "retroactive immunity to the telecom companies that assisted the Bush administration in its warrantless wiretapping program."
And Section 702 of the amendment, which grants the authority for the PRISM program, also releases "any electronic communication service provider for providing any information" under the act.
So it seems, given this interview, that the 30-year-old ex-Booz Allen employee and the CEOs for America's tech giants can't both be right.
SEE ALSO: The Best Explanation Yet Of How The NSA's PRISM Surveillance Program Works