They're getting the info directly from Google et al., but they don't have root on Google's servers. Google is required by law (CALEA, the Communications Assistance for Law Enforcement Act) to provide the ability for law enforcement to get information from them. This includes - required by law - the ability both to get stored data and to make real-time intercepts of new communications. Google is paid a fee to provide these services as well.
Google et al. have fully complied with this law. The FBI manages the government-end of the CALEA tapping capabilities. The NSA makes requests to the FBI, which passes them on to Google, which flips a switch and enables the tapping of user "xyzzy123". From then on, xyzzy123's stored data and new communications get sent to the FBI through the CALEA connection, which forwards them to the NSA. CALEA also requires the service provider to provide all sorts of metadata about the user.
This IS "direct access" to Google's servers. The denials about this have been carefully worded things that all access is supported by some sort of legal process, etc. The denials are non-denial denials. Yes, GOOGLE (et al.), not the NSA, flips the final switch which sends the data. But Google is required by law to do so, so....... And once the switch is flipped, all of the data is flowing automatically to the NSA.
This is close but wrong in some very important ways.
CALEA does not apply to Google (except Google fiber and perhaps Google Voice). Google does have to comply with FBI requests for emails and stored data, but they do not have to comply with CALEA (which mandates technical standards for the wiretapping of the phone network and most internet networks). Google does NOT have to build real-time domestic spying tools for the government, though it is arguable whether the 702 program (which PRISM is part of) does.
The FBI would LOVE to extend CALEA to Facebook and Google, etc, but this has not happened yet.
That said, it is likely that the FBI's backbone spying network (DCSNET), which was built for CALEA, is being used for PRISM.
Even without CALEA, if I'm reading the press coverage right, the FISA orders to which Google comply once they check that they were issued by FISC can be very broad, including "give me ALL the metadata you have" in a single order. Because "taking all metadata an storing it indefinitely is nothing to be worried about" in NSA interpretations.
Well all metadata wouldn't work as that could be used to intercept U.S. persons' data. The warrant/NSL would have to list by name/UID at the very least, but once it's established that the UID in question is foreign and a part of an investigation then you are right that the warrant/NSL can be very broad.
Actually, yes, the feds are using Section 215 of the Patriot Act to get FISC orders on all metadata of Americans' domestic phone and internet communications from ISPs and phone companies. The feds are leveraging a theory that you have no privacy interest in your metadata, thus no 4th Amendment violation.
It's not clear at all that this is legal, especially given the Supreme Court's recent ruling in Jones, requiring warrants for GPS tracking of automobiles.
CALEA does not apply to Google, so this isn't correct. The reason they are required "by law" is that they get FISAs, which can be served on anyone and is unrelated to those specific laws.
Correct me if I'm wrong, but you left out the step where a judge reviews the request to make sure it's not overly broad or based on flimsy reasoning.
Aside from that I'd say it's a very clear, and it's sad that there seems to be a pervasive inference that these companies are something something beyond what our elected law makers have forced them to do. Why isn't more angst directed at the politicians responsible for this?
A judge does review the request. Whether that judge "makes sure it's not overly broad or based on flimsy reasoning" is far from clear. The judge has been hand-picked by John Roberts and only hears the government's side of the case. The FISA court has rejected 0.03 percent of the government's requests. Now, maybe that's just an indication that 99.97% of the government's requests are reasonable, but here's the problem: we have no way of knowing, because it's all secret. THAT is the problem IMHO, more than the surveillance itself.
No, a judge does not see an individual request in a 702 order. This is the entire point of the 702 and PRISM -- NSA analysts no longer have to fill out paperwork to get data from Google/Facebook/Etc, so long as they are 51% sure the target is a foreigner. There is one court order per company per year. After that, it's "direct access" - e.g. analyst sends request directly to the company.
I see where it says in the caption "The supervisor must endorse the analyst's "reasonable belief," defined as 51 percent confidence, that the specified target is a foreign national who is overseas at the time of collection." But that's a caption written by the Post. What I don't see is any support for that statement in the actual slide itself, nor any of the other slides on that page.
But these companies do more than what is required by law. They do not by law have to provide API access, only to provide the data in some form. None of the smaller webmail hosts cooperate in PRISM.
And as for warrants, no they do not always need a warrant. They only need that if both parties in the communication are US citizens. If none of them are no warrant is needed at all and if just one party is US then they (according to the Wikipedia article on PRISM) can wiretap for up to a week without getting a warrant.
Google et al. have fully complied with this law. The FBI manages the government-end of the CALEA tapping capabilities. The NSA makes requests to the FBI, which passes them on to Google, which flips a switch and enables the tapping of user "xyzzy123". From then on, xyzzy123's stored data and new communications get sent to the FBI through the CALEA connection, which forwards them to the NSA. CALEA also requires the service provider to provide all sorts of metadata about the user.
This IS "direct access" to Google's servers. The denials about this have been carefully worded things that all access is supported by some sort of legal process, etc. The denials are non-denial denials. Yes, GOOGLE (et al.), not the NSA, flips the final switch which sends the data. But Google is required by law to do so, so....... And once the switch is flipped, all of the data is flowing automatically to the NSA.
I hope this is clear.