This started as a Facebook post I made a couple days ago. But on reflection, I think this topic is going to be with us a while. So I’m moving it over here, where it may be a little more permanent.
Late last week – on Thursday June 6, 2013 – the Washington Post and UK newspaper The Guardian simultaneously broke stories about the leak of information about the US government’s PRISM program. Among other things, the leaked PowerPoint document says PRISM allows the NSA the ability of “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
Here’s a link to that Washington Post article: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
And here’s a link to the PowerPoint slides (presented in a single HTML page): http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
Later, the tech companies all came out and made statements that were all essentially variations of “we have no idea what you’re talking about and the NSA doesn’t have such a thing.” Here’s what Google said (from http://googleblog.blogspot.com/2013/06/what.html):
First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.
Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
And so here’s what I wrote on Facebook on Saturday June 8:
Given the Washington Post’s PRISM news, Beth and I are debating which of the following possibilities is most likely:
1) The government is lying. There is no PRISM. The media has been fooled. Some counter-intelligence officer in Washington is giggling to himself right now. And Google et al are telling the truth.
2) Google, Microsoft, Apple, and Facebook are all lying. There is PRISM, and it’s active in their network, and they know it. But they can’t – or won’t – admit it.
3) There is a PRISM and somehow the feds got it integrated into the server infrastructure of all these internet companies without their knowledge. So Google’s telling the truth that it didn’t know, and the feds are telling the truth that it does exist. But if Google didn’t notice an NSA tech sneaking into the server room and tampering with their network gear, how are we supposed to trust that the Chinese or Al Qaeda haven’t done the same? This scenario invalidates everything Google has ever said about “your data is safe with us”.
4) The Washington Post made the whole thing up. It’s just a story fabricated out of thin air that the Obama administration refuses to debunk.
Since then, the federal government has already declassified and released some information about PRISM, apparently to correct the misperceptions that the media had. First, I’ve never heard of the feds declassifying anything this fast. It took less than 24 hours. Amazing how fast the process works when you’re an insider, when Freedom of Information Act requests take months or years to get processed. But more importantly, the Obama and his administration have admitted, “Yup, PRISM exists, it’s totally legal, your elected officials have known about it for years, and – trust us! – we won’t use it for anything evil.” So that eliminates possibilities 1 and 4 from my list.
Now we’re down to only two possibilities, and I’m really interested to see how this plays out. One possibility is that the tech companies did know about this all along, and are all (except Twitter) lying to their customers about it. The other possibility is that the feds did all this without the knowledge of the tech companies.
In the first case, could I ever trust Google (and again if I know they’re willing to lie about something so big? In the second case, could I ever trust Google again if I know they’re so incompetent that the NSA snuck in some system to gather data from their network without their knowledge?
That’s the question I posed on Google’s blog article about this: https://apis.google.com/105675675947442118947/posts/CzoVVJb8Kgz
What do you think is going to happen next?