NSA PRISM Story Overhyped
Not only do we not know the whole story of the NSA data mining operation, key details of what thought we knew are wrong.
A central point I’ve come back to time and again as the NSA data mining story has unfolded is how little we actually know. It’s increasingly clear that key details of what thought we knew are wrong.
In “NSA Bombshell Story Falling Apart Under Scrutiny; Key Facts Turning Out to Be Inaccurate,” The Daily Banter‘s Bob Cesca notes that many facts reported by The Guardian‘s Glenn Greenwald and The Washington Post, who broke most of the initial story, were at best exaggerated.
Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL and Apple all announced in separate statements that not only were they unaware of any PRISM program, but they also confirmed that there’s no way the government had infiltrated the privately-owned servers maintained by these companies. Furthermore, Google wrote, “Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.” Google also described how it will occasionally and voluntarily hand over user data to the government, but only after it’s been vetted and scrutinized by Google’s legal team.
Glenn Greenwald used the phrase “direct access,” as in unobstructed direct server access, four times in his article, most prominently in his lede, “The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.” Unless the tech companies were collectively lying, Greenwald’s use of “direct access” is inaccurate. And if it’s inaccurate, the most alarming aspect of this NSA story is untrue.
On Twitter, Greenwald defended his reporting by reiterating that the NSA said within the PRISM document that there has been “collection directly from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook…” But this could mean that the data was drawn from the servers, vetted and handed over to the NSA per Google’s stated process of legal vetting. And if the data was made available, it’s possible that the tech companies posted it on a server for the NSA analysts to download, just as you might download a file from work or a friend via Dropbox or an FTP server. Regardless, it seems as if Greenwald’s entire story hinges on a semantic interpretation of the PRISM language. And his mistake was to leap from “collection directly from servers” to “direct access.”
Additionally, the NSA whistleblower who provided the information to the Washington Postwas quoted as saying, “They quite literally can watch your ideas form as you type.” Without direct access to the servers this would be impossible — that is, unless the NSA was intercepting user data in transit. But that’s not what Greenwald reported, which was direct server access. This was the bombshell — that the NSA could grab information at will — and, as of this writing, it’s inaccurate.
To summarize, yes, the NSA routinely requests information from the tech giants. But the NSA doesn’t have “direct access” to servers nor is it randomly collecting information about you personally. Yet rending of garments and general apoplexy has ruled the day, complete with predictable invective about the president being “worse than Bush” and that anyone who reported on the new information debunking the initial report was and is an Obamabot apologist.
In “The real story in the NSA scandal is the collapse of journalism,” ZDNet’s Ed Bott documents the degree to which WaPo changed its original reporting without acknowledging that it had done so:
On Thursday, June 6, the Washington Post published a bombshell of a story, alleging that nine giants of the tech industry had “knowingly participated” in a widespread program by the United States National Security Agency (NSA).
One day later, with no acknowledgment except for a change in the timestamp, the Post revised the story, backing down from sensational claims it made originally. But the damage was already done.
The primary author of the story, Barton Gellman, is a Pulitzer Prize winner, and the Washington Post has a history in investigative journalism that goes back to Watergate and All the President’s Men. On a roster of journalistic failures, this one has to rank near the very top.
Within hours after the story broke, it had been amplified by other news agencies and tech websites and had inspired expressions of outrage over this invasion of privacy. And seven of the nine companies named issued categorical denials that they knew of or participated in any such program.
And then a funny thing happened the next morning. If you followed the link to that story, you found a completely different story, nearly twice as long, with a slightly different headline. The new story wasn’t just expanded; it had been stripped of key details, with no acknowledgment of the changes. That updated version, time-stamped at 8:51 AM on June 7, backed off from key details in the original story.
Crucially, the Post removed the “knowingly participated” language and also scrubbed a reference to the program as being “highly classified.” In addition, a detail in the opening graf that claimed the NSA could “track a person’s movements and contacts over time” was changed to read simply “track foreign targets.”
While this phenomenon has been considered malpractice in the blogosphere for more than a decade, it has been commonplace in mainstream journalism for at least as long. The Associated Press is infamous for this, treating its online reports as rough drafts, changing them as they go, including correcting facts, without the slightest acknowledgement. In the political blogosphere, at least, this is a no-no. While most of us will correct typos and the like without acknowledgment (I’ll sometimes do that on a years-old post), the standard practice for correcting substantive errors is to append a prominent update to the post and/or publish a new post updating the reader. Greenwald himself is a leading exponent of this practice, not only adding frequent updates to his postings but typically doing it at the top of the posts.
While I’m no fan of the buried correction, especially once a story has been widely quoted, it’s so customary as to be banal. This, however, is more problematic:
The real story appears to be much less controversial than the original alarming accusations. All of the companies involved have established legal procedures to respond to warrants from a law enforcement agency or a court. None of them appear to be participating with widespread surveillance.
So what went wrong with the Post?
The biggest problem was that the Post took a leaked PowerPoint presentation from a single anonymous source and leaped to conclusions without supporting evidence.
Normally, an investigative piece like this would be reported thoroughly before being published. Instead, it looks like the Post rushed to publish, perhaps fearing that the slide deck had been leaked to another publication that would beat them to the punch.
Almost no one who reacted to the story initially did so with any skepticism about the Post’s sources or its conclusions. Indeed, a common thread among reactions to the denials by those big tech companies was that they were using careful wording and common talking points to avoid responding to the specific allegations. In fact, the wording of those statements was similar because each company was responding to the specific language in the Post story.
That rush to publication set off the Internet echo chamber and the cable news networks at a full-throated roar. The story and its key, now apparently discredited arguments have been spread far and wide.
The Post compounded its error by quietly correcting its story and not publicly acknowledging that there were errors in the original story. In fact, the revised story still claims the NSA and the FBI are “tapping directly into the central servers” of those companies when that allegation no longer appears to be true.
In short, one of the great journalistic institutions of the 20th Century is now engaged in outright click-baiting, following the same “publish first, fact-check later” rules as its newer online competitors.
While I agree with Bolt that this is extremely worrisome, I’m more sympathetic to the Post than he is. While we may be wistful for the fabled journalistic standards of 1974, we live in a Twitter world. Newspapers simply have to speed up their publication cycles to meet that new reality. As it was, Greenwald got out ahead of the Post on the story and was driving the coverage.
My problem isn’t that the Post got the story wrong but that they didn’t more prominently update their readers on their new understanding of the facts as it evolved. It’s unreasonable to expect papers to sit on breaking news for days until they’ve tripled-checked the facts. But if we’re going to accept that instant reporting means frequently getting it wrong, then it stands to reason that we should also expect instant updating so that the ongoing reporting is as right as it can be.
Compounding the problem are the complexities of this particular episode. First, as I’ve been noting all along, the Top Secret subject matter means that there’s an incredibly sophisticated apparatus working to hide the truth from the public. Second, the highly complex nature of the technical enterprise means that most of the people reporting and commenting on the story—yours truly absolutely included—don’t fully understand what they’re talking about even within the true facts at their disposal.
Third, while Greenwald is both a dogged reporter and scrupulously honest in his reporting, he’s also an unabashed activist with a not-at-all-hidden agenda. He fundamentally opposes the national security state, the war on terror, and even the notion of classified information. While he would never knowingly publish false information, he’s eager to run with credible-seeming information that shows the national security state run amok.
Additionally, it’s worth noting here that, while some very key details of what has been reported are wrong, the updated story is hardly uninteresting. The federal government is still collecting massive amounts of information on its citizens with no probable cause, bypassing the 4th Amendment’s protections, through use of a special system designed to govern the collection of foreign intelligence. That it’s apparently not doing it in real time and that the private companies are apparently applying at least some scrutiny to what they hand over doesn’t change that.