As you’ve probably heard by now, The Guardian and The Washington Post both released leaked PowerPoint slides that show a massive data-mining project executed by the NSA, with cooperation from nine U.S. tech giants — Microsoft, Yahoo!, Google, Facebook, Paltalk, YouTube, Skype, AOL, and Apple. Dropbox is listed in the documents as “coming soon.”
Microsoft, the first company to join the program, did so in September of 2007. The documents show Apple was the last, joining in October of last year. But as more details trickle forth, question are exploding — such as why the government is confirming the program as real, while the companies in question are scrambling to deny their involvement:
“We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”
“Google cares deeply about the security of our users’ data. We disclose user data to governments in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a backdoor for the government to access user data.”
“We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
“We have not heard of PRISM. Paltalk exercises extreme care to protect and secure users’ data, only responding to court orders as required by law. Paltalk does not provide any government agency with direct access to its servers.”
“We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers.”
“We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting consumer data must get a court order."
“We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”
YouTube, named on the report, is owned by Google. Skype is owned by Microsoft. Twitter, as many have been quick to point out, is conspicuously absent altogether.
So, what’s going on? Government officials are reluctantly confirming the program, just as tech reps deny it. Mark Rumold, staff attorney at the Electronics Frontier Foundation, told reporters at ABC that these companies might not have much choice: “If these companies receive an order under the FISA amendments act, they are forbidden by law from disclosing having received the order and disclosing any information about the order at all,” he said.
Barton Gellman, the reporter who first wrote the Post story, noted that many companies pointed out that they had never heard of a program called “PRISM,” and may be playing word games. “Maybe they haven’t [heard of it],” Gellman said in an interview, “they know there was some guy in a tie who came from the FBI and the NSA to talk to them, and didn’t necessarily tell them the codename. Google says there’s no ‘backdoor’…well we don’t say there’s a ‘backdoor’ into the server.” Many of the companies were quick to defend their records on privacy — which has been a long and continual battle for many of them — and expressed an attempt to defend user data against the government to the full extent of the law. (See full interview below.)
James Clapper, director of national intelligence, has stated that media reports of the internet programs “contained numerous inaccuracies,” though he has not specified what those inaccuracies might be. It could be that the government was never given direct access to servers — only mountainous piles of data. Though as many have noted, it’s highly unlikely that federal employees would have the technical skill to facilitate such a widespread program without internal cooperation from the firms.
Clapper noted that key details would soon be declassified, in an attempt to better explain the program. It remains to be seen whether any further details of these companies‘ participation — or lack thereof — will be included in future reports.