I had some hesitancy writing this blog since so many of the writers at the Post are acquaintances. But it really must be said. By now, readers are familiar with the Post's story on the NSA Prism program from last week. It turns out that the story is wrong -- wrong on the facts and wrong on the technology. That's not my conclusion---that's the conclusion of the inestimable Declan McCullagh of CNET. His conclusion is notable precisely because McCullagh is never thought of as a government apologist. Quite to the contrary he is a frequent, but fair, critic. So when he says:
Recent reports in The Washington Post and The Guardian claimed a classified program called PRISM grants "intelligence services direct access to the companies' servers" and that "from inside a company's data stream the NSA is capable of pulling out anything it likes."
Those reports are incorrect and appear to be based on a misreading of a leaked Powerpoint document, according to a former government official who is intimately familiar with this process of data acquisition and spoke today on condition of anonymity.
Folks should listen. Perhaps accepting that it might have rushed the story a bit the Post has amended its original story and, today, written a follow on story justifying the disclosure of Prism on the ground that it has renewed debate on surveillance. Of course it has---but the challenge now will be that the Post's initial erroneous reports on Prism will likely also tarnish the factual reporting on the NSA call meta-data database. And that's a shame. I think the NSA meta-data program is far more problematic. As Christopher Soghoian put it: "The FISA Amendments Act explicitly permits something like PRISM. The domestic metadata program requires that the law be twisted/broken." Or if not broken then, at least in my view, unwisely used.