A huge difference

In their most recent article on the fallout from their Edward Snowden reporting, the Guardian dials back their initial claims.

Here’s what they alleged in their first PRISM article, nearly a week ago:

Guardian: NSA Prism program taps in to user data of Apple, Google and others

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian. The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says. The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation - classified as top secret with no distribution to foreign allies - which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers. … The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US. It also opens the possibility of communications made entirely within the US being collected without warrants. … Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers. The NSA document notes the operations have “assistance of communications providers in the US”. … When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers. … The Prism program allows the NSA, the world’s largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders. With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

Now here’s how they described the program in their most recent write-up:

Guardian: Microsoft and Twitter join rivals in seeking to disclose NSA requests

The Guardian revealed last week that seven technology companies - Google, Facebook, Skype, PalTalk, Microsoft, Apple and Yahoo - were involved in the Prism surveillance scheme run by the NSA. The Guardian understands that the NSA approached those companies and asked them to enable a “dropbox” system whereby legally requested data could be copied from their own server out to an NSA-owned system. That has allowed the companies to deny that there is “direct or indirect” NSA access, to deny that there is a “back door” to their systems, and that they only comply with “legal” requests - while not explaining the scope of that access.

It’s worth noting the Guardian’s new take on the program broadly meshes with how Google has described their FISA court order compliance:

LGF: Google Transfers Data to the NSA via Secure FTP