Few stories have broken as quickly or as confusingly as this week’s multiple revelations about US government spying. Initial, widely quoted, reports from the Guardian and from the Washington Post painted a dark picture of government “direct access” to the servers of nine major US internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Separately, it was also reported and confirmed that Verizon has been routinely handing over all of its customers call logs to the government — with the Wall Street Journal reporting that the same is true of AT&T and Sprint. While the call logging story has been widely verified, claims about the Prism program are far murkier. As quickly as details of the program emerged they were contradicted by the NSA and the companies implicated, as well as by some other leakers. Digging into the details of what is actually known helps shed some more light on the story and how concerned we should be.

The direct access red herring

Nothing in the Washington Post article based on the leaked NSA PowerPoint presentation has generated more heat than the lightning rod phrase “direct access.” The Post story claimed that the leaked document revealed that the NSA is “tapping directly into the central servers of nine leading U.S. Internet companies.” The blogosphere keyed in on the words directly and central to light up with horror scenarios of every chat and email being funneled directly to some massive NSA data warehouse. All this was at complete odds with the increasingly strong denials issued repeatedly by the companies involved.

Bloggers reacted with disbelief, many claiming that the internet CEOs must have been complicit, or perhaps were plausibly deniable. I for one think that’s highly unlikely. I don’t see the likes of Larry Page and Mark Zuckerberg either telling direct lies that could be found out later, or even being willing to look stupid by not knowing what is going on in their own server rooms. The similar claim that they might be denying knowledge of the program because they are bound to by law also doesn’t ring true. A simple “I can’t talk about it” would hardly have landed either of them in jail. So how do we reconcile these two differing realities?

Going back to a more direct quote from the NSA leak helps resolve this apparent paradox. In the same Post article we read “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” This begins to make sense. Clearly all nine companies provide scads of information to the US government. Google’s own transparency report lists over 68,000 requests for 2012 alone — about half filed by the US and UK governments and almost always filled by Google. Given the volume of data, and its potential time sensitivity, it makes perfect sense that some type of automated, digital delivery system would be put in place to facilitate the transfer of data. Presumably legitimately approved requests for information could be sent to these staging servers and filled, perhaps automatically, by the company’s own data mining software.

What’s missing from the equation is the context of the five explosive slides from the 41-slide presentation that have been made public. Gellman, the Washington Post, and The Guardian have all declined to release any further information from the presentation, presumably worried that the other 36 slides all contain information that is better off not public. Unfortunately, the excerpt they have released doesn’t really tell us much about what Prism is — we need to rely on the article’s commentary for that. That leaves the door open for the possibility that all these CEOs are denying that their companies are involved in a top-secret Prism project because they aren’t — although data gathered from their servers clearly does ultimately make its way into the Prism system.

Prism: Hiding in plain sight

Rather than being the most secret of programs — so secure that none of the affected companies appear to know they are participating — it is entirely possible that Prism is actually just the reverse. Prism is also the name of a web data management tool that is so boring that no one had ever bothered to report on its existence before now. It appears that the public Prism tool is simply a way to view and manage collected data, as well as correlate it with the source. Clearly it is an important piece of the “toolchain” for intelligence analysis — which would explain why the leaked presentation says Prism was referred to more often than any other system in national intelligence briefings. But if the Prism tool is the same one referred to in the leak, it isn’t actually the source of any information (although it does have its own source designation), nor is it particularly nefarious. It is only a tool — which is more or less what Director of National Intelligence James Clapper said in response to the leak. What is much more important is to pay attention to what data is being collected, and how.

Trying to dampen some of the rampant speculation that has resulted from its initial coverage, The Guardian has just released a fifth slide from the leaked presentation. It shows that, according to the presentation at least, Prism was not a direct intercept of communications from cables (although other programs are), and reiterates that it does get data from internet companies. Unfortunately, I suspect all this latest release will do is make everyone more curious about the rest of the context for these slides. Gellman has said that his source at the NSA expects to be made public eventually — and may have just been identified as a contractor and self-proclaimed whistleblower, Edward Snowden — so perhaps it is just a matter of time until we learn more about his involvement and motivations.

Next page: How the government (legally) obtains data about us