Privacy Security

There is No “Direct Access”

If it looks like a duck and quacks like a duck…

The Director of National Intelligence and the president himself have indicated that the Prism story published by the Washington Post included inaccuracies, but now Larry Page, the co-founder of Google, has said in explicit terms that there is no secret, clandestine “back-door” into their servers. There is no “direct access.”

Dear Google users—

You may be aware of press reports alleging that Internet companies have joined a secret U.S. government program called PRISM to give the National Security Agency direct access to our servers. As Google’s CEO and Chief Legal Officer, we wanted you to have the facts.

First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period.

Compliance with legally-binding requests for specific information approved by the FISA court is an entirely different thing than providing sweeping, direct access to a database. The latter carries with it gross implications that may not be accurate.

From the beginning the notion that the government has been provided “direct access” to the servers of tech giants such as Microsoft, Google, and Apple has seemed suspect to me and something written by a person who doesn’t understand what that would entail.

At this point, I haven’t seen proof that such a route into the databases of the tech world exists. If there is one, it’s not something the likes of Google and Apple are aware of or voluntarily participating in. And, call me crazy, but I think their engineers would probably have a better understanding of that than reporters at the Washington Post or their inside source.

It seems more likely to me that what their source is referring to is the practice of mining publicly-available information, that is information you’re already sharing across social networks and public domains, to look for key words and patterns. A technique already employed by your favorite retailers, marketing agencies, publishers, and even political campaigns.

The alternative is that the Director of National Intelligence, President Obama, and each tech company named by the Washington Post (who have all issued denials) are lying. And I’m simply not inclined to believe that at this time. I’ve been given no reason to. And I would invite those who do believe they’re all lying to say so explicitly.

I’m sure it won’t be very long until their inside source is discovered and we know more about the situation.

Update… The Washington Post has changed their story. via Business Insider

First, the Post has eliminated the assertion that the technology companies “knowingly” participated in the government spying program.

Second, and more importantly, the Post has hedged its assertion that the companies have granted the government direct access to their servers.

The latter change is subtle, but important. In the first version of its story, the Post stated as a fact that the government had been given direct access to the companies’ servers.

Now, the Post no longer states this claim as a verified fact. Instead, it attributes the claim to a top-secret government presentation–a document that has been subjected to significant scrutiny and skepticism over the past day and that, in this respect, seems inaccurate.

In other words, the Post appears to have essentially retracted the most startling and important part of its story: That the country’s largest technology companies have voluntarily given the government direct access to their central servers so the government can spy on the tech companies’ users in real time.

Update… Facebook’s Mark Zuckerberg has also issued a statement.

I want to respond personally to the outrageous press reports about PRISM:

Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.

When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.