Journalism through the Prism, darkly
The Guardian and Washington Post got a lot wrong in their NSA spying reports, because their urge to tell a scary story overrode fact-checking.
On Thursday 6 June, the Guardian newspaper led with what was a troubling story. Citing a top-secret court order, ‘leaked’ into its reporter Glenn Greenwald’s hands by NSA contractor Edward Snowden, it asserted that the US National Security Agency (NSA) is ‘collecting the telephone records of millions of US customers of Verizon’.
This evidence of the American state trawling through millions of phone records, routinely treating US citizens as suspect, was certainly shocking. Unfortunately, it wasn’t actually groundbreaking. In fact, back in May 2006, Leslie Cauley of USA Today had also reported that the NSA was ‘secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth’.
But the Guardian, alongside the Washington Post, which was also in receipt of Snowden’s whistleblowing ditties, had what seemed a far sexier, far more revelatory story up its sleeve. And within 24 hours of the Verizon story, out it came: the story of Prism, the NSA’s clandestine way in to our private online worlds. Citing a secret NSA PowerPoint description of Prism, courtesy of the leaky Snowden, the Guardian’s Glenn Greenwald let rip. Since 2007, he reported, the NSA had signed up nine major internet companies to a mass surveillance programme: first Microsoft in 2007, then Yahoo in 2008, Google, Facebook and PalTalk in 2009, YouTube in 2010, Skype and AOL in 2011, and finally Apple in 2012. ‘Companies are legally obliged to comply with requests for users’ communications under US law’, wrote Greenwald, ‘but the Prism program allows the intelligence services direct access to the companies’ servers’ [my emphasis].
The Washington Post likewise ran with the PowerPoint revelations about the Prism programme. ‘The National Security Agency and the FBI’, it reported, ‘are tapping directly into the central servers of nine leading US internet companies’. Further on in the article, the Post made the following startling claim: ‘From inside a company’s data stream the NSA is capable of pulling out anything it likes.’
These initial reports were certainly possessed of a certain dystopian lustre. They conjured up an image of a malevolent state capable of tapping ‘directly’ into the servers of the biggest internet companies in the world and, well, watching us, monitoring our behaviour, looking at what we say and to whom. And it was doing this at will ‘from inside a company’s data stream’. That, it seemed, was the point of Prism – it allowed the security services to use Google, Facebook et al, to watch us. Nowhere, not even in the deepest, darkest recesses of PalTalk, was free of the state’s prying eyes. In response, references to Orwell’s Nineteen Eighty-Four fell almost too easily on to commentators’ keyboards. Big Brother is watching you – through gmail.
Such was the perceived nature of the revelation – ‘there has not been in American history a more important leak than Edward Snowden’s release of NSA material’, wrote one commentator – that the Guardian has since nearly drowned in its own self-congratulatory juices. ‘The breaking of the Snowden revelations story must surely put the Guardian in line for a Pulitzer, making it the first British newspaper to win the award’, wrote one pundit – for the Guardian.
The only problem with the gratuitous high-fiving of this exposure of the nefarious surveillance activities of the US state (and its spooky cohorts in the British state) is that neither the Post nor the Guardian had the scoop they thought they had. As tech-news website ZDNet revealed, the Post admitted as much when it redacted the online version of its original story about Prism the day after publication. Gone was the assertion that the internet companies had ‘knowingly participated’ in this surveillance, and gone, too, was the claim that the state had ‘direct access’ to the servers of Google et al.
In the days following the initial reports about Prism, a different, far less sensational story started to emerge. Another tech website, CNET, spoke to a former government official who, under condition of anonymity, offered a different description of Prism. ‘It’s not as described in the histrionics in the Washington Post or the Guardian… It’s a very formalised legal process that companies are obliged to do.’
Indeed. It now seems that Prism was not an indiscriminate trawling programme, with the NSA plugged into the internet’s fibre-optic cables, ‘pulling out anything it likes’. It was, rather, as Wired put it, ‘a programme for making it easier for [internet] companies to comply with court orders for data, including by creating special government dropboxes for requested data’. So, far from designating the method by which data is arbitrarily grabbed through some sort of ‘back door’ into the internet, Prism was merely the process by which data was requested, in compliance with court orders or national security letters, from certain internet companies. It is better understood as a project-management tool, right down to the naff ‘Prism’ branding, not a mass surveillance technology. As CNET glosses: ‘The system described in the PRISM [Powerpoint] presentation appears to be an automated way to process those FBI and NSA requests.’ This was backed up by a New York Times investigation into the claims: ‘Each of the nine companies… drew a bright line between giving the government wholesale access to its servers to collect user data and giving them specific data in response to individual court orders.’
That Prism was in fact little more than the NSA’s own, internal name for the formalised process of requesting records from service providers and internet companies should have been clear from something else that the Register picked up from the leaked PowerPoint slides: it cost a mere $20million a year to run. That would certainly not cover the technical and administrative edifice required for ‘direct access’ into the tubes of the internet. As the Register calculated, there were 24,005 Prism-generated reports in 2012, which works out at $830 per report. ‘This average amount could be little more than agreed payments on agreed scales for the US companies to hand over agreed types of information in response to law enforcement requests, plus a contribution to maintaining specialised interface facilities.’
So, while the NSA is definitely looking at particular individuals’ online records, by requesting permission to do so from internet companies using the Prism process, it does not, as far as Prism reveals, have unmediated and immediate access to our gmail or Facebook accounts. So why did the original Guardian and Post scoops suggest that it did? Why was this particular blown whistle listened to so uncritically?
The numerous commentaries that have cast doubt on the claims made on the basis of Snowden’s leaks blame two factors: a lack of technical knowledge, and editorial expedience. Both of these no doubt played a role in the raft of inaccuracies in the reports. The Post’s Barton Gellman even acknowledged that he would have liked another day or two to work over the story, but the prospect of the Guardian running with Snowden’s leak pushed the Post into pre-emptive action.
But there’s something else going on here that neither an army of tech experts poring over the rather vapid PowerPoint presentation or another 24 hours preparing the story would have mitigated. For the real precondition for the inaccuracies and hyperbole which crept into the reports was not a technical or procedural failure; rather, it was a willingness on the part of the reporters and their editors to believe that this is what the state, be it American or British, is really like. Snowden’s leaked PowerPoint slides fitted the pre-existing narrative. That is, the state is intent on abolishing our privacy, it does want to know everything about us, it is Big Brother. The wilful credulity of the likes of Greenwald, their unshakeable belief that Western governments are involved in a conspiracy against the people, meant that they were never going to ask the right questions of a bunch of top secret slides which implied that, yes, the state is conspiring against you from inside your inbox. The Prism story was just too good not to be true.
This is not to downplay the wrongs of state surveillance, even when it comes with the stamp of legal approval – the state’s near routine intervention in the lives its citizens, from the omnipresence of CCTV to parenting advice, is a huge problem. But it is not problem that arises from the existence of a powerful ruling clique hellbent on oppressing its citizens in order to realise some totalitarian, Nineteen Eighty-Four-style dystopia. It is not, in short, a conspiracy of the powerful that is driving the expansion of the state today; it is a vacuum in society, created by the collapse of all sorts of informal, non-state institutions, which is almost inviting the state to expand. Hence state agents really do believe that they are helping us, in the case of the NSA, by keeping us safe from an apparently unprecedented threat. So, as incompetent, lumbering and liberty-squashing as the state is, as the real story of Prism shows, the state, pace Google, is not being evil.
Tim Black is senior writer at spiked.