Earlier this afternoon, The New Republic's Lydia DePillis posed a great question: When it comes to protecting your user data, phone companies fold but tech companies fight. Why?
The idea is that because of the network operators' status as a legacy industry with a long history of experience tangling with Washington, they're more susceptible to co-optation by the government. Tech firms, meanwhile, are nothing without their users, who can all decide to abandon a service and effectively kill it off. The libertarian culture of the Web also helps to foster norms about privacy and respect.
But now it seems as though there isn't the bright line separating Silicon Valley from the telcoms like we thought. The Washington Post and The Guardian crack open the White House surveillance scandal even wider by uncovering a secret program called PRISM—a six-year-old classified intelligence program that "[taps] directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs."
Microsoft was the first to participate in the program, reports The Guardian:
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
PRISM allegedly involves data collection by the FBI, the fruits of which are then relayed to the NSA. If the report is true, the surveillance scandal will have crossed from simple metadata and envelope surveillance into the realm of wiretapping, which by definition involves the collection of actual content.
Update, 20:33 Eastern: A handful of the major tech firms have denied their involvement.
Update, 21:19 Eastern: A senior administration official emails:
The program [PRISM] is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
It's worth noting the distinction being drawn between "targeting" and "acquisition." While PRISM permits targeting only of foreign nationals outside the United States, it doesn't preclude the incidental gathering of information about U.S. citizens.