What, precisely, does the PRISM program do? The Guardian described it as providing “direct access” to corporate servers owned by the likes of Google and Microsoft, and I was puzzled about exactly what that meant. From a technical perspective, I didn’t understand what this entailed. Some kind of remote superuser access? Taps on incoming and outgoing communications links? Software agents installed on company servers? Or what? It’s especially peculiar because most of the companies involved have now issued seemingly unequivocal denials that they allow NSA any kind of access at all without a firm legal basis.
Well, the Washington Post updated its story this morning and added this paragraph:
It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
Does this help? It doesn’t help me much, but maybe it means something to someone with the right background. Anyone care to weigh in?
Also: Britain apparently has access to the PRISM program too, which allows their spy agency “to circumvent the formal legal process required in Britain to seek personal material such as emails, photos and videos from an internet company based outside of the country.”