Right, that mostly paraphrases his arguments. But it doesn't convincingly eliminate a few possibilities for how this works.
One possibility: Google obviously has some capacity to honor search warrants and NSLs. And presumably that involves some technical artifacts somewhere: admin-level API access to data and some sort of external endpoint through which the government can actually make those requests. So that's all stuff we can confidently say is already there humming along happily, whether used for nefarious purposes or not.
OK, so given that those exist, how much volume do they support? How hard would it be to modify them to bypass the scrutiny process? Or give the NSA access to those endpoints instead of just domestic law enforcement? In other words, these are just changes to the process, totally invisible to anyone without explicit access to it. It might not involve any weird hardware at all, and could operate with very few people in the know.
Another possibility: Google handed over its TLS keys and just let the taps happen upstream.
That's why the confidence of a senior person that there isn't fishy hardware running around makes the question of how PRISM works more interesting. But it certainly doesn't make the project impossible.
I don't think I can guess about how well whatever the search warrant APIs are scale to "look at everyone" without speculating overly much about the design of the system. I would argue that, regardless of the access method, if someone is looking at the terabytes or petabytes or yottabytes or however many bytes of emails there are, you're once again back to a huge amount of network or CPU or whatever utilization. Eg, even if the database access is allowed and off the record, the database admin should still be wondering why the load is so high, as if everyone in the world were reading all of their email simultaneously. And then you're back to gossip and everyone internally knowing about it.
The TLS keys are an interesting angle. Are TLS keys typically one (small set) per site, or would each server typically generate its own unique keys? Even with the latter the surface area might be small enough within Google that no one would accidentally stumble upon it.
One possibility: Google obviously has some capacity to honor search warrants and NSLs. And presumably that involves some technical artifacts somewhere: admin-level API access to data and some sort of external endpoint through which the government can actually make those requests. So that's all stuff we can confidently say is already there humming along happily, whether used for nefarious purposes or not.
OK, so given that those exist, how much volume do they support? How hard would it be to modify them to bypass the scrutiny process? Or give the NSA access to those endpoints instead of just domestic law enforcement? In other words, these are just changes to the process, totally invisible to anyone without explicit access to it. It might not involve any weird hardware at all, and could operate with very few people in the know.
Another possibility: Google handed over its TLS keys and just let the taps happen upstream.
That's why the confidence of a senior person that there isn't fishy hardware running around makes the question of how PRISM works more interesting. But it certainly doesn't make the project impossible.
Edit: removing distracting aside