NSA spying scandal: Waiting for the next shoe to drop by Ryan Bradley @FortuneMagazine June 7, 2013, 3:51 PM EDT E-mail Tweet Facebook Google Plus Linkedin Share icons FORTUNE — Thursday night, after the Guardian broke news of Verizon’s involvement in a massive domestic spying operation by the National Security Agency, the Washington Post and the Guardian both revealed the existence of a program called PRISM — a means by which the government gained access to the servers of big technology companies. How big? Microsoft, Facebook, Apple, Yahoo, Google, AOL, and PalTalk (a chat service popular in the Arab world) were all listed, and Dropbox, a popular cloud-storage service, was noted to be coming on board the PRISM program “soon.” The companies have all, in turn, professed shock, confusion, and denial at the implication that they knowingly aided the NSA in its efforts to collect an astonishing array of our data, from emails, audio, video, photos, documents attached to emails, and even the connection logs that leave a trail of breadcrumbs analysts can piece together to track an individual’s movements. (Tapping into this “metadata” may prove to be the most disturbing aspect.) This is the very definition of Orwellian, and it shatters the “Don’t be evil” ethos that still resonates around the tech world. So who is to blame here? The government, certainly, but are the companies telling the truth? Are they victims here too? Here’s what they’re saying in response: Apple YHOO , the company that apparently joined the PRISM program most recently (notably, after Steve Jobs died) told the Wall Street Journal that they “do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.” Microsoft MSFT told the Verge that, “if the government has a broader voluntary national security program to gather customer data we don’t participate in it.” Facebook FB provided TechCrunch with the following statement “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.” Yahoo YHOO issued a similar statement, reading, in part, “We do not provide the government with direct access to our servers … ” MORE: This is the suburb of the future They may well all be telling some version of the same truth, while still participating in PRISM. Representatives from The Electronic Freedom Foundation have told the press that the companies denying the existence of such a program by name alone isn’t all that surprising. Code names, they told ArsTechnica, are “routinely shared outside the agency. Saying they’ve never heard of PRISM doesn’t mean much.” But the full-on denial of participation might. Another theory, consistent with the all-out denial, is that the NSA could have been collecting data not directly from any of the companies’ servers, but from a major internet backbone — an interchange where much of the data is moved and routed. The NSA would grab this data, cheaply, using a traffic splitter, also known as a prism. The question is, again, whether they could do this without any of these companies knowing about where their data was going, and why. It’s easy — and legally important — to turn a blind eye to such government meddling in the upper ranks of an organization. But what about the lower level employees who are intimately familiar with where the data goes? It’s very likely that someone at all of these companies was at least aware that the NSA was scrubbing so much of their data. Just who does know, and when and where they will blow the whistle on this, is the next chapter in the unfolding scandal. The Internet is the greatest, most democratic means of communication in history. It’s also the most powerful means of state control ever created. At some point we will need to determine just what kind of Internet is more important, what kind we will protect and use. People who work at tech companies to actively build the future of what the web will be — the engineers and data scientists who would be familiar with the level of participation in PRISM — tend to lean toward the former idea. They are, in general, idealists. Or at least started out that way. Several people I know, who work at several of the companies listed above, have at one point or another been involved in the EFF or an organization like it and truly believe in the power of the Internet to be a force for good and freedom, not state control. So when will someone get brave and speak up? The world is waiting.