Prism and Plausible Deniability
The leaders of several huge corporations have issued statements saying that their companies do not allow the US Government to illegally spy on their users.
I'm sure they believe that. I'd even go so far as to say that I'm sure the entire board and top management genuinely have no knowledge of any malfeasance.
Why would they? We're talking about spies - experts in the art of subterfuge and espionage. Why would a spy agency do anything as crude as ask permission?
Consider the Greek wiretapping scandal. Apparently, no one in the senior corporate structure at Vodafone Greece had authorised the tapping of hundreds of politicians' phones. Despite the high profile nature of the victims and the apparent suicide of Vodafone Greece's Network Planning Manager, there has never been a conclusive answer to how such interception took place and who - if anyone - authorised it.
Someone - an employee, a vendor, an intern, a janitor, a remote hacker - under the direction of someone else - terrorists, spies, rivals - flicked a switch which enabled wholesale surveillance of the Greek political establishment.
That doesn't require a CEO to know anything about it.
Let's examine another possibility.
Silicon Valley companies are well known for recruiting the best and the brightest from top flight American universities. The same students who would often be asked to work for the security services.
Is it beyond belief that such "patriotic" students have recruited into Google, Facebook, Yahoo, etc? And, from there, have found ways to provide direct access to the Government?
It doesn't matter what a CEO or PR department says. I'm not accusing them of lying - I'm saying that it's possible that they've been completely bypassed. Just as the French engaged in industrial espionage against American electronics companies, and the Chinese apparently bypassed Google's security, I don't think it is unreasonable that the American Military Industrial Complex would compel employees to engage in internal espionage.
Plausible deniability - it's not just for Presidents any more.
Ben Smith (@bensmithuk) says:
You're confusing 'spying' and signals intelligence (SIGINT). I can't offer any proof but the volume of material being produced from SIGINT (in this case, allegedly) is far too large to be extracted without dedicated infrastructure, even if you could reliably co-opt hundreds of administrators around the world and keep them quiet.
To me it looks like confusion between 'legal intercept' and 'direct access'. There are already security-checked compliance staff responding to requests from police / intelligence services (there's even one for the 3 network in the UK advertised on LinkedIn right now) and PRISM - if it is as it seems (and that's a massive if) - is probably the automation of that process. The 'direct access' is to the dedicated systems the operators already run to meet their legal obligations.