In its original report on a PowerPoint presentation revealing the existence of the NSA’s PRISM surveillance program, the Washington Post noted:
Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that the companies would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.
The Post yesterday reported:
[I]f the NSA asked for data from a company, it is likely only a few officials would know of the request — and those employees would be barred from disclosing that information.
Other technology experts said the government could be scooping up the data after it leaves a company’s servers and travels across Internet networks.
When traveling across those pipes, the data is often encrypted, and a company could fulfill a government request by handing over the encryption keys to that data, said Peter Eckersley, the technology projects director at the privacy advocacy group Electronic Frontier Foundation.
“The companies’ denials are all deniable denials because each one of them contains loopholes of various cleverness that don’t address how they might have a transform mechanism for large amounts of user data to the NSA,” he said.