I'm not aware of a good reason to think that Google sends all user data for everyone (or even all non-US-citizens) pre-emptively (or at all) to the NSA. The Takeout system is doubtless used to comply with FISA requests targeted at specific individuals, but it's not at all news that Google receives and accedes to such requests fairly routinely.
The three questions which remain open are 1) just how many individuals are getting FISAed - and has it gone up sharply thanks to the shiny new infrastructure for streamlining the request process? 2) do the FISA requests being acceded to now also include "broad sweep[s] for intelligence" in addition to those "specific orders about individuals" which the Internet companies have acknowledged (and which everyone knew about already) and 3) to what extent are the CEOs still fully aware of the nature and extent of the FISA inquiries now that the nice semi-automated processes are in place?
PRISM means that internet companies like Google will be free from future FISA and NSL headaches, and so they can even truthfully say that they haven't received any requests.
Not unless the NYT report is completely wrong, and the Internet companies are lying very blatantly. By all accounts PRISM is a conduit for FISA requests and responses, each of which is still approved by Internet-company lawyers. If they were servicing extremely-broad FISAs like Verizon's "send us all your phone metadata" then the distinction would be academic, but both Google and the NYT seem clear that Google hasn't accepted anything on close to that scale.
"If they were servicing extremely-broad FISAs like Verizon's "send us all your phone metadata" then the distinction would be academic, but both Google and the NYT seem clear that Google hasn't accepted anything on close to that scale."
Maybe I read it wrong but Verizon was ordered by the court to do just that and to shut up about it. I doubt they were asked to accept, just the court ordered it and it is so because it became a 'legal request.' I have to wonder what Google, Microsoft and Facebook were asked to provide to NSA in large scale. If they can have all calls to see if anyone calls certain "terrorists," why not get a log of all Skype calls, FB likes, messages, Google searches etc to see if anyone is linked to "terrorists" or searching for related materials?
Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
Now that could conceivably be a bald lie - or I suppose they could just conceivably have lost awareness of what their FISA/NSL/warrant-handling lawyers were approving, to a spectacular extent - but otherwise they aren't handling any Verizon-scale FISA warrants. However, you're right: there's a big grey area between Verizon-scale "megawarrants" and the "specific orders about individuals" the tech companies say they process. NYT said "FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms" while the tech companies largely reasserted that they only process "specific orders about individuals". It seems that only one source can be accurate here.
BTW I assume that Verizon wasn't really just forced into handing over all its metadata: there was probably a bit of a gentleman's agreement in the government producing an omnibus FISA order and Verizon agreeing not to contest its legality. Everyone spends less time processing FISA orders, the government gets all the metadata it wants, and Verizon gets a sicknote to cover it legally.
But Google said it denies taking part in PRISM...that denial could be a lie, but nothing so far has substantiated that.
The NYT article that so incensed Michael Arrington, for example, exclusively refers to the FISA procedure, which Google has more or less already admitted that they comply with (lawyered requests for specific individual/groups data).
The only part of the NYT article that sounds like the alarming scenario outlined in the PowerPoint slides is this:
> In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop
There's no mention that the company here is Google and there's really no reason to believe that it is Google (in this instance)...I mean, because if it was, then the procedure described here has vast implications about Google's software stack that would seem untenable for a company with Google's kind of infrastructure
(It's possible that the procedure described here is inaccurate, as it is third hand, but that only underscores the vagueness of this whole thing)
Did it really? It seems that PRISM is the software support etc. to semi-automate the FISA procedure at the Internet companies. Google claimed never to have heard the term 'PRISM' but that could easily be true-but-insignificant.
(It's possible that the "PRISM" name is also being used by the NSA to cover old-fashioned wiretapping of emails etc., but that wouldn't involve the Internet companies as opposed to ISPs.)
Well, yes, really, insomuch as can be expressed in typical human language:
> > First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.
That's a broad flat out denial. And in my opinion, it includes such options as reserving an omni-admin account for the government, and if such an arrangement exists, then Larry Page should be pilloried for issuing a lie. But until such an arrangement can be shown (and why couldn't it? If there's a NSA official who can leak about it successfully, why is it impossible to imagine that google has at least one such conscientious objector?), it seems a little unfair and counter productive to judge Google with inescapable circular logic.
But that's perfectly compatible with them being in PRISM. It seems PRISM is indeed not a backdoor or a means of direct access for the US Government, but is a conduit for FISA requests to be approved by Google's (and other firms') lawyers. They hadn't heard the term "PRISM" but that's because the US "intelligence community" hadn't used it to them when discussing the system.
They could be regularly piping filtered information to serve the US's Government's interests, as part of project they know by another name but happens to have the code name "PRISM".
There; no "back door", no "direct access", no "PRISM", not "broad", as said elsewhere in the release.
The three questions which remain open are 1) just how many individuals are getting FISAed - and has it gone up sharply thanks to the shiny new infrastructure for streamlining the request process? 2) do the FISA requests being acceded to now also include "broad sweep[s] for intelligence" in addition to those "specific orders about individuals" which the Internet companies have acknowledged (and which everyone knew about already) and 3) to what extent are the CEOs still fully aware of the nature and extent of the FISA inquiries now that the nice semi-automated processes are in place?