The PRISM spin war has begun

The war over how to spin revelations of the National Security Agency’s latest spying program has officially begun.

On the heels of media reports that the NSA has gained access to the servers of nine leading tech companies — enabling the spy agency to examine emails, video, photographs, and other digital communications — Google has issued a strongly worded statement denying that the company granted the government "direct access" to its servers. That statement goes so far as to say that the company hasn’t even heard of "a program called PRISM until yesterday."

At first glance, Google’s statement is difficult to believe. Senior intelligence officials have confirmed the program’s existence, and Google’s logo is prominently listed on internal NSA documents describing participating companies. But Google may be engaging in a far more subtle public relations strategy than outright denial.

Google’s statement hinges on three key points: that it did not provide the government with "direct access" to its servers, that it did not set up a "back door" for the NSA, and that it provides "user data to governments only in accordance with the law."

According to Chris Soghoian, a tech expert and privacy researcher at the American Civil Liberties Union, the phrase "direct access" connotes a very specific form of access in the IT-world: unrestricted, unfettered access to information stored on Google servers. In order to run a system such as PRISM, Soghoian explains, such access would not be required, and Google’s denial that it provided "direct access" does not necessarily imply that the company is denying having participated in the program. Typically, the only people having "direct access" to the servers of a company like Google would be its engineers. (Facebook’s Mark Zuckerberg has issued a similarly worded denial in which he says his company has not granted the government "direct access" to its servers," but his language mirrors Google’s denial about direct access.)

A similar logic applies to Google’s denial that it set up a "back door." According to Soghoian, the phrase "back door" is a term of art that describes a way to access a system that is neither known by the system’s owner nor documented. By denying that it set up a back door, Google is not denying that it worked with the NSA to set up a system through which the agency could access the company’s data.

According to Soghoian, the NSA could have gained access to tech company servers by working with the companies to set up something similar to an API — a tool these firms use to give developers limited access to company data. Google has denied that an API was used, but that denial doesn’t exclude the possibility that a similar tool was used.

To protect itself against allegations that it inappropriately compromised user data, Google further notes in its statement that the company provides "user data to governments only in accordance with the law." Despite the outrage directed at the NSA and the Obama administration, PRISM — as currently described — is in all likelihood within the bounds of the law. In the aftermath of the 2005 disclosure that the Bush administration had carried out a warrantless wiretapping program, Congress passed the FISA Amendments Act of 2008 and the Protect America Act of 2007. But those laws did not outlaw the kinds of actions carried out by PRISM.

As for Google’s claim to have never heard of PRISM, would the intelligence officials who reportedly collaborated with Google have used the program’s actual codename?

The tech companies alleged to have participated in PRISM aren’t the only ones who appear to be spinning PRISM to their advantage.

On Friday, U.S. government sources told Reuters that PRISM was used to foil a 2009 plot to bomb the New York City subway. In all likelihood, such counter-leaks will continue in the days ahead as intelligence officials try to portray the program as essential to national security.

Welcome to the PRISM spin war.