You think it's possible that NSA got direct access to Google's servers in a way that was invisible to Google's CEO, it's general counsel, its Chief Architect, Justin Schuh of their security team, and any of their thousands of employees, most of whom would immediately report such a thing if they discovered it?

Moreover, having obtained this illicit access, in direct defiance of the corporation that owns and controls those servers, their use of that access is so routinized that it appeared in a "USE BOTH!" Powerpoint deck for NSA analysts?

Not invisible, no. (Please don't strawman.)

I think that some of those people have knowledge of a secret program that enables access to the data (maybe without direct access to the servers that house it). That would make it easier to manage without having to bring all the SREs and such into the conspiracy.

I think that most of those people would not allow their lives to be destroyed with federal charges (or maybe even extralegal harassment, who knows - they do run secret prisons) in the process of reporting such a thing.

Tens of thousands of others have chosen to keep quiet about NSA's extralegal collection practices (from the contractors at the IXes installing beam splitters, to the mechanics who welded the fiber grabber arm onto the nuclear sub). Why is it such a stretch to think that 3 or 5 or 10 at Google wouldn't?

It's not even a stretch to think that NSA would have done their homework to know _which_ people inside of Google would be both able to participate and could be coerced into keeping quiet.

I don't have to build a straw man. I'd just say people should read your comment, work out its narrative in their heads, and ask which is more likely: that PRISM is an elaborate scheme by which NSA gained illicit access to Google's servers, or that it is what other reporters have now reported that it is: a unified collection system for documents manually provided by Internet companies in response to FISA directives.

People that think the "manual" part in that last sentence doesn't matter should read the court order in the Yahoo case the NYT reported, where Yahoo went several rounds with NSA and the FISC to try to fight a specific FISA directive.

Note that Google, Facebook, and Yahoo have all taken pains to point out that they've pushed back on FISA directives. Which is something you can't do if the system isn't manual.

I never claimed it was illicit. I just said it was secret, and that disclosure of such secrets carries an incredibly harsh penalty. You're doing the strawman thing again, despite claiming otherwise. :/

Just because they've pushed back doesn't mean the system isn't automated. It could have been a matter of "implement the automated system now, per the FISA order, and then we can have a go-round in front of the FISA court with your objections after".

Where by illicit I mean "is occurring without the knowledge of Google's CEO or General Counsel, despite their publicly voiced opposition to any such program."

I'm not sure. It could be that they know about it and are gag-ordered (can't fight city hall!), or that they were intentionally left out of the loop for purposes of plausible deniability.

This is military intelligence we're talking about here, they take their mission very, very seriously. I wouldn't be surprised if there were multiple, independent, redundant programs for monitoring this data.

As 'DannyBee, himself a lawyer, pointed out a few days ago: no provision of any Federal law requires anyone to issue false statements. There are times you're prevented from saying things†, but there aren't times when NSA gets to put words in your mouth.

† ... we think; the ultimate Constitutionality of this is up in the air.

I'm sure the lying part comes automatically when you want to keep your job and you can't tell your boss that you just broke every rule the company has.

If you're saying some lower-level employee of Google was "turned" by NSA and then lied about it to their manager, we're back into "illicit access" territory.

How can you rule out:

1. Google is lying. 2. Prism (or the backend thereof) is genuinely unknown to most Google employees. Those few employees who do know of it are lying. The others (i.e. legal) are ignorant because they have no need to know, and because it provides plausible deniability. 3. There exist NSA agents capable of passing a Google interview and installing backdoors, perhaps with the collusion of other agents.

Companies the size of Google are, in software terms, Borg cubes of interacting systems. No one comprehends the whole thing, and some degree of secrecy between services is normal. Who would notice if, say, Gmail traffic was being replicated onto NSA-controlled hardware? A small part of a small part of the Gmail team. No one else would likely notice even if it was done in an obvious way.

Is it possible that through some elaborate conspiracy with specific unidentified Google employees unknown to Larry Page or Google's General Counsel that NSA has obtained access to the servers that operate Google Mail? Yes.

Is it plausible that having gained that access, their use of it is so routine that it has an official name ("PRISM") and a logo and appears in slide decks targeted at NSA analysts and is used a program whose existence is known outside NSA (there are DOD manuals that refer to the same PRISM program)? No. That is not plausible.

What about specific unidentified Google employees known to Larry Page, albeit not Google's General Counsel? (In the paraphrased, immortal words of Al Gore: of course it's illegal, that's why it's a covert operation.)

We don't know the intended audience of the slides, either, though with a data source as rich as all of Gmail, presumably there'd be tons of analysts capable of accessing it or else it would just be a waste.

I don't follow. Larry Page and Google's General Counsel jointly signed the denial.

Hypothesis: Page was lying; the General Counsel was in the dark for plausible deniability and genuinely believes to this day that PRISM doesn't exist, at least not in a way that involves Google.

I don't see this hypothesis as being anywhere outside the wheelhouse of the NSA. Even outright infiltration (i.e. the hypothesis that not even Page is in the know) is, well, kind of the point of intelligence services, but it's not necessary.

This is just innuendo.

You're overcommitted to the hypothesis that Google is completely uninvolved based on their own denials which carry close to zero informational value.

Given that your hypothesis is rather outlandish even by the NSA's own slides (which explicitly mention 702 compliance) and would require more Google employees than Page to know and willingly lie about it, I don't see why it should take priority over a hypothesis that actually meets all the Occam wickets.

Note that I am not taking sides in this argument in this particular reply, but the PRISM referred to in the leaked manuals appears to be an entirely separate program, for managing responses to emergency events.

I understood there to be references to both; to other DOD programs called "PRISM", and to programs called "PRISM" that probably are the NSA program. Other DoD agencies are clients of NSA.

Just to pick a nit, I assume by "Chief Architect" you mean Yonatan Zunger. He's the chief architect of Google Plus, not of Google at large. While I do value his public statements, he doesn't really have responsibility for the great majority of the systems where we-the-public care about surveillance.

Your point, though, absolutely stands.

china seemingly managed it. why wouldn't the nsa have an easier time at it?