After an exposé today in The New York Times placed several large tech companies as having set up secret ‘drop box’ type data stores for the NSA, Google’s chief legal officer David Drummond has fired back a missive. The statement says that the government has no access at all to its servers, through either a back door, directly or via such a drop box.
The Times piece detailed efforts by several tech companies including Google, Microsoft, Facebook, Apple and more to ease the collection of user data from its servers to fulfill requests from the NSA. It wasn’t clear whether this program was the now infamous PRISM or some other initiative related to FISA (Foreign Intelligence Surveillance Act) requests, which all organizations are required to obey, but are not required to facilitate with data gathering tools or assistance.
The story specifically called out Twitter as a company which refused this facilitation, thereby not really making it easy on the agencies to tap into user data.
Here’s Drummond’s statement:
We cannot say this more clearly—the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media. It is quite wrong to insinuate otherwise.
We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. And we have taken the lead in being as transparent as possible about government requests for user information.
“We didn’t fight the Cold War just so we could rebuild the Stasi ourselves”
This statement from Drummond follows one from earlier today by Google Chief Architect Yonatan Zunger, which echoed an earlier denial from Google CEO Larry Page:
I’m not sure what the details of this PRISM program are, but I can tell you that the only way in which Google reveals information about users are when we receive lawful, specific orders about individuals — things like search warrants. And we continue to stand firm against any attempts to do so broadly or without genuine, individualized suspicion, and publicize the results as much as possible in our Transparency Report. Having seen much of the internals of how we do this, I can tell you that it is a point of pride, both for the company and for many of us, personally, that we stand up to governments that demand people’s information.
I can also tell you that the suggestion that PRISM involved anything happening directly inside our datacenters surprised me a great deal; owing to the nature of my work at Google over the past decade, it would have been challenging — not impossible, but definitely a major surprise — if something like this could have been done without my ever hearing of it. And I can categorically state that nothingresembling the mass surveillance of individuals by governments within our systems has ever crossed my plate.
If it had, even if I couldn’t talk about it, in all likelihood I would no longer be working at Google: the fact that we do stand up for individual users’ privacy and protection, for their right to have a personal life which is not ever shared with other people without their consent, even when governments come knocking at our door with guns, is one of the two most important reasons that I am at this company: the other being a chance to build systems which fundamentally change and improve the lives of billions of people by turning the abstract power of computing into something which amplifies and expands their individual, mental life.
Whatever the NSA was doing involving the mass harvesting of information, it did not involve being on the inside of Google. And I, personally, am by now disgusted with their conduct: the national security apparatus has convinced itself and the rest of the government that the only way it can do its job is to know everything about everyone. That’s not how you protect a country. We didn’t fight the Cold War just so we could rebuild the Stasi ourselves.
Obviously these are strong statements, and they seem to oppose the findings of the NYT in the matter. There’s still a lot of grey area here when it comes to PRISM and the tech giants that have been implicated. Drummond’s reply seems to rule out both ‘direct’ access, which is what the PRISM program would require, as well as a ‘drop box’ that facilitated FISA requests, as the NYT states.
Underneath all of this foam, however, seems to be a simple answer to the question about how companies can deny that the government has ‘direct access’ to information and yet the originating reports be so adamant about them having just that. If the NSA chose to set up a standard ‘man in the middle’ attack on the physical layer of a Tier 1 network. This could be enacted by installing devices at the ISP level, for instance, giving access to all of the data traveling along those lines but without company consent. Of course, then there is the question of encryption, but the NSA’s job is basically to crack encryption.
So there are some interesting possibilities for both parties to be telling some version of the truth, but whatever the real version is, it doesn’t seem we’ve seen the end of the debate yet.
You can keep up with our coverage of Prism here as the story evolves, but here are some links to get you started:
- Apple, Google, Microsoft and 6 other companies reportedly feeding NSA, FBI info
- The leaked slide which contains the dates when Apple, Microsoft, Google, and others joined PRISM
- Facebook, Apple, Google, Microsoft, AOL, PalTalk, Dropbox and Yahoo deny participation
- President Obama’s response to PRISM reports
- Google CEO Larry Page issues further PRISM denial
- Facebook’s Zuckerberg calls PRISM reports ‘outrageous’
- Prism: What you need to know
More to follow
Image Credit: Justin Sullivan/Getty Images
Get the TNW newsletter
Get the most important tech news in your inbox each week.