< The Ever Changing Story of the PRISM Program


Friday, June 14, 2013

BROOKE GLADSTONE:  And I'm Brooke Gladstone.

And here’s Senator Tom Udall.

SENATOR TOM UDALL:  It's very, very difficult to have a transparent debate about secret programs approved by a secret court, issuing secret court orders based on secret interpretations of the law.

BROOKE GLADSTONE:  Udall was talking to General Keith Alexander, head of the National Security Agency who was on Capitol Hill Wednesday defending the government's wide-ranging surveillance programs. What Udall didn’t say was that the mendacity of the nation's intelligence chiefs made a difficult situation worse. For instance, back in 2005 General Alexander's congressional testimony on warrantless wiretapping was singularly unenlightening.

When the New York Times exposed the program, Representative Rush Holt fired off a note slamming General Alexander for making, quote, “a mockery of congressional oversight.” And here is Senator Ron Wyden in a hearing last March asking Director of National Intelligence James Clapper a simple question.

SEN. RON WYDEN:  Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

NSA DIR. JAMES CLAPPER:   No, sir, not wittingly.

BROOKE GLADSTONE:  Another flat out lie.

BOB GARFIELD:  Now, to briefly summarize the two big leaks that ignited the current blaze of controversy, the first was the revelation in Britain's Guardian newspaper that the US government routinely requests millions of Americans’ phone records.

The second revelation was about program called PRISM, depicted by the Washington Post’s Barton Gellman as an intrusive enormity. PRISM, he wrote, gave the government direct access to the servers of Google, Microsoft, Yahoo, Apple, Skype and others, quote, “enabling analysts to track a person's movements over time.” But within hours, almost every company he cited denied giving the feds direct access. In later reports, Gellman walked back some of his claims, including the one about direct access, and went on to specify that PRISM is intended only for foreign targets, intended but how many Americans are swept up in the net?
BROOKE GLADSTONE:  We don't know that, or much of anything else about the program. Kim Zetter covers civil liberty, privacy and security for Wired. So Kim, how outraged should we be?

KIM ZETTER:  You know, we’ve sort of had a long-standing outrage over this program for about a decade. But what we know about the PRISM program doesn't seem as damaging on the face of it, based on those initial allocations. And those initial allegations were saying that that the government had direct access to reach into the servers of nine Internet companies and were doing bulk collection. The Internet companies have denied it.

What Google is saying is that they use secure FTP to upload these documents and then the government downloads them.

BROOKE GLADSTONE:  FTP servers, like any one of us can use to send a large document, only these were encrypted.

KIM ZETTER:  Right. This isn’t secret technology that’s coming out of some skunk work projects of the NSA. This is something that everyone uses. Yes, you – you know, you trade documents this way. And in some cases, they said that they give them to the NSA in person. It’s the Sneakernet, essentially, hand walking them over.

BROOKE GLADSTONE:   So will you explain to me why that makes it better?

KIM ZETTER:  First of all, it’s not direct access to anything. The government isn't reaching into the server and grabbing whatever data it wants. Google is looking at the court order, deciding if it’s legal, deciding if it's targeted enough or too broad.

BROOKE GLADSTONE:  But you make it sound like the court orders are like you’d have to go through for say a wiretap; you need to identify a suspect, you need to have probable cause. That’s not  the case in these orders, is it?

KIM ZETTER:  No, it's not. And that is a problem. We don't know what the FBI is saying when it goes to the court and makes a claim for records. All we have right now is Google saying that they will only respond to orders that are targeted. But no one has defined what “targeted” means.

BROOKE GLADSTONE:  Nobody is suggesting that those slides that appeared in the Washington Post and in the Guardian about the PRISM program were invented. It makes it appear a lot more expansive than Google and some of those other companies are saying it is.

KIM ZETTER:  This is the frustration of the companies, is that they’ve been caught in this because, you know, the blame goes to them; why are you allowing the government to do this? And so, they want to be more transparent and they want to explain, and the government is saying we can't explain because it will give away our, our methods.

I don't fully trust those slides. I don't know who made those slides. I don't know who the audience was. It’s been suggested that it was a marketing tool. But when you’ve got something that’s out of context, and I think that this is the problem with the Post stories and the Guardian stories, is that they were counting on Edward Snowden, the leaker, to interpret it, and he didn't have direct information about it either. So everyone is sort of interpreting these slides out of context.

BROOKE GLADSTONE:  One reason why we called you is because you have expertise and a cool head. But you wouldn’t claim this is a nonstory, would you?

KIM ZETTER:  It’s simply not the story we thought it was in the beginning. I think the onus is on the government to tell us what the nature of these collections are, and also on the companies. They want to be able to publish at least a broad range of figures of the number of accounts that have been affected by FISA. So that would give us some idea. If we get a figure from Google that says the range is between zero and a million, that’s going to give us an idea that this is really broad. If Google comes back and says the number of accounts affected are between zero and a hundred, then I think we can kind of rest easy.

BROOKE GLADSTONE:  Did you have a problem with the way this story was initially reported? And, if you did, [LAUGHS] was that problem something you see a lot in national security reporting?

KIM ZETTER:  I think that national security reporting is really hard to do. It’s very hard to get people to talk with you. It's very hard to pull the various pieces together on a national security program. You’re often getting a piece here from one person and another piece here from another.

In this particular case, I don't want to criticize the reporters. I think that their intentions were good. I think they may have moved too quickly. I think that if they had slowed down, spoken more with technical people, rather than officials – when it’s a technical story, you really should get down into the weeds and talk with the people who understand the technology. So I think that that was a problem here.

BROOKE GLADSTONE:  So is it fair to suggest that when reporters tried to report on PRISM, it was like the blind man feeling the elephant? They could only identify the tail or the trunk?

KIM ZETTER:  Yes, that's exactly what was happening here. And they don't have all the pieces. And so, what they did was they reported when they had a few of the pieces of the puzzle together. Even the sources that they’re speaking with about the documents that they received may not know the whole picture. A lawmaker said, after getting a briefing from the intelligence agencies, what we know right now publicly is just a tip of the iceberg of what the intelligence agencies are doing. So even if the PRISM story didn't turn out to be what we wanted or hoped it would be, which was, you know, a real look at what the government was doing, what it did do is spark this conversation. More people know what FISA is now than ever before. More people know that there is such a thing of a FISA Court, and we’re having this dialogue, and this is extremely important.

BROOKE GLADSTONE:  Kim, thank you very much.

KIM ZETTER:  You’re welcome.

BROOKE GLADSTONE:  Kim Zetter is a senior writer for Wired.


Kim Zetter

Hosted by:

Brooke Gladstone