

“The government does not have access to Google servers” - captn3m0
https://plus.google.com/+google/posts/TMh6gUVrwMq

======
cromwellian
The government has done irreparable harm to these companies, because even if
they are telling the truth, they will never be able to prove it (like Obama
could never prove he wasn't born in Kenya) Each new bit of evidence supporting
their position will be met with just more questions. That's the problem with
government spooks, their capabilities are boundless, anything the mind can
imagine, and there's simply not way to erase doubt. Can the NSA break public
key encryption? No? Are you 100% sure? Does the NSA have a fibre-tap on all
cables? Are they running continuous keyword searches on transcribed
conversations of every American, in real time? Can you prove they don't have
some secret new $30 billion data center, paid for by the $60 billion in Iraq
money that went "missing"?

10 years from now, people will still be talking about this.

We need to roll back the Patriot Act, period.

~~~
hannibal5
They can prove it. Comprehensive independent security audits managed by well
known privacy and human rights organizations. Considering the scale of Google
they should have number of people auditing them all the time.

------
KaiserPro
People are merging two different mechanisms here, and its important to
distinguish between the two.

1) Access to users when provided with a "warrant" or someother legal
instrument. This is where for example a divorce court orders the message
history of a person from facebook to confirm/deny infidelity. This is your
"Facebook secure room/portal" business. You don't want any tom dick and harry
having access to this as its a massive security hole. 2) Snooping. This is
where apparatus is placed between the public and a company which allows the
interception of all data.

These are two very different mechanisms, 1) is a precision tool for getting
information on a small amount of users. 2) is a blunt tool that allow people
to stuff themselves full of information, it is also inherently very
expensive(both in time, resources and analysis).

both method 1 & 2 have been going on for many years. Its also been fairly well
known for many years (schneier and crytptome have been saying this for a very
very long time)

So why did the NSA ask verizon (and most likley all the big players) for this
list of who phoned whom, if they have all this information kicking around? two
reasons: Its dirt cheap, and accurate.

Instead of having to infer who was on what IP at what time, you have the
canonical proof.

------
downandout
The President himself acknowledged existence of the program, so that is no
longer in dispute. I am, however, starting to think that perhaps the
leadership of these companies truly didn't know that this has been going on.

I'm curious if these orders can be served directly to mere employees that have
access to install the monitoring software/hardware, with confidentiality
obligations barring them from telling their employer. Another explanation may
be that NSA agents simply obtained jobs at each company, and those agents
installed the monitoring software/hardware without the knowledge of the
companies. This would explain the dismay, and the clear embarrassment of the
NSA.

------
signed0
The problem with all the denials is that journalists say "Google is doing X"
and Google responds "We aren't doing Y" and everyone debates whether Y = X, Y
is a subset of X, or Y is something completely different.

I feel as if so much could be cleared up if they would simply respond line by
line to the stories by the NYTimes and Washington Post.

~~~
jmillikin
[http://www.theonion.com/articles/the-onion-urges-barack-
obam...](http://www.theonion.com/articles/the-onion-urges-barack-obama-to-
come-clean-about-t,32466)

~~~
signed0
Weird, somehow extra characters are being added to the end of that url.
Removing the trailing / fixes it.

[http://www.theonion.com/articles/the-onion-urges-barack-
obam...](http://www.theonion.com/articles/the-onion-urges-barack-obama-to-
come-clean-about-t,32466)

~~~
jmillikin
a'a

Thanks, fixed. Looks like HN is over-escaping some values -- click the 'link'
link to this post and see how the first line is over-escaped in the title bar?

------
arjie
This denial is fairly categorical. Any objection that centres on the idea that
they're only saying this because they have to is in conspiracy theory
territory. Nothing that Google says could possibly disprove that claim.

~~~
gasull
"According to the law" actually means "yes, we give the Government all
access". Read this:

[http://techcrunch.com/2013/06/07/doublespeak-denials-and-
bro...](http://techcrunch.com/2013/06/07/doublespeak-denials-and-broken-
hearts&#x2F);

~~~
magicalist
how can you possibly think that a terrible techcrunch post poorly hashing
together parts of this story is a good argument here? ugh.

If you're actually interested: the only source of facts on that whole page is
the NYTimes piece they link to:
[http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html)

------
dylangs1030
I will go on record as standing with Google and its denials, even if that's an
unpopular position right now.

Here are a few facts:

1\. The New York Times article did not specifically cite PRISM, it only cited
FISA, which was already largely known by the public. It is true that this
could be because PRISM is allegedly _justified_ under Section 702 of FISA, but
they _are not the same thing._ [1] It would be most appropriate to say that
one encompasses the other, but they have two separate protocols, and as of
right now, only one was discussed by the Times.

2\. Let's say the NYTimes article _is_ about PRISM, and they simply didn't
mention that acronym for whatever reason. If that is the case, the information
leaked therein also makes it very clear that it is _entirely possible for
CEOs, chief officers, and other high ranking employees to be completely in the
dark about it._ The only people allowed to know about the requests for
information are those who receive and analyze the requests. That's not a
conspiracy theory - it's leaked right along with the rest of the
information.[2] Mark Zuckerberg, Larry Page, Dave Drummond, Yonaton Zunger,
etc. might literally _not know_ the extent of how far the government reaches
in their companies.

3\. It is unreasonable and unrealistic to expect the leaders of these named
companies to stand together in righteous technological might against The Man.
Nothing practical would be achieved by having Mark Zuckerberg or Larry Page
penalized for what they said on record, in public against a government agency.
Nothing would benefit the American people by having them put on trial or their
companies sued for violating national security. The NSA designed a Catch-22
gag order that prevents those involved from even acknowledging the existence
of government involvement or letter agencies, let alone detailing specific
protocols or history.

I've said it before and I'll say it again. _Stop_ getting distracted from the
real problem here. The threat to privacy is the NSA. The threat is _our_
government(s). We have the power to fight it _if_ we consolidate our focus
with precision. We may feel wronged by the apparent lies of public figures but
they had no choice, if they were even in the wrong. We cannot know what
pressures were put upon them at this point in time.

Lay down your pitchforks and direct your anger and incredulity to your
government, who ordered this - the public entity that made this legal and
hidden and nearly impossible to speak out against. That is your real enemy.

[1]: [http://www.theverge.com/2013/6/7/4407782/phone-spying-and-
pr...](http://www.theverge.com/2013/6/7/4407782/phone-spying-and-prism-
internet-surveillance-whats-the-difference)

[2]: [http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html)

~~~
gasull
> _Lay down your pitchforks and direct your anger and incredulity to your
> government, who ordered this_

It's also important to raise the awareness that our data isn't safe in
Google's hands.

~~~
smtddr
If you're going to say your data not safe in Google's hands, then your data
just isn't safe on the internet which I think is a needlessly extreme position
to take. The OP is right, just focus your dissatisfaction on the government.
It's not about is your data safe with Google; it's about your data safe with
the government. If you can't trust your government, it doesn't matter
where/who/what has your data. Yesterday it was Yahoo & myspace, today Google &
Facebook, tomorrow who knows... the only constant is an abusive government.
Fix that, then it won't matter what currently trendy company has your data.

~~~
fianchetto
> If you're going to say your data not safe in Google's hands, then your data
> just isn't safe on the internet which I think is a needlessly extreme
> position to take.

Google isn't the internet.

Dump gmail, FB and other spy holes. Use public key crypto. Take your own
network back.

Or continue on as usual. Our choice.

~~~
smtddr
So basically communicating online only with people that will use pubkey-
crypto? I think that's a needless extreme. Also, what happens when everyone
does that and the government makes crypto illegal? You're back to the original
problem, the abusive government. That being said, I did just suggest
encryption in an earlier post today... but that was before I started getting
the feeling this problem goes deeper into the government than just a small
gov-agency & some cellphone companies.

~~~
gasull
The problem with PGP is that friction is in every message you send. For every
email you have to make the decision about encrypting the message and entering
your passphrase. It's a hassle.

The reason I recommend Bitmessage is because after overcoming the friction of
installing it, it's frictionless. You don't have to remember passphrases or
anything. It also has advantages over PGP-encrypted email like deniability,
built-in spam minimization, broadcast messages (like Twitter), chan boards,
etc.

------
rachelbythebay
I'd love to see someone check the Takeout logs and look for anything which
seems out of place. Requests for user data which aren't correlated with normal
user activity would seem mighty suspicious to me.

Go on, someone, make it so. Then leak it. Let's do this thing.

------
salimmadjd
There is a big issue with as-need-bases systems. It requires security
clearance on their google counterpart side.

Every time NSA, FBI requests user's private info from google they'll [the
government] be divulging the identity of a suspect or a potential suspect.
This leads to potential leaks or potential reputation damage. Imagine if a
congressman or famous CEO is under investigation. So the person/people inside
google ought to have the same clearance OR google would need to give a back
door access to the government. Which is why I don't believe google.

If google is sincere about their position, they should setup their systems so
that no one but the user(owner) would ever be able to access their private
data.

------
wrath
If we assume that everyone is telling the truth and that there is no back door
or drop box, couldn't they simply get the data with man-in-the-middle type
software? Getting data from Google, Facebook, Yahoo, and co is nice because it
comes to you in a structure way but that wouldn't stop me from trying to get
information in many others way, including working with the internet providers
to put servers that copy data and direct them to my data center.

------
csomar
I missed the article/story behind PRISM and who unveiled it. Too much noise
right now to find it.

But what makes the person who unveiled the PRISM more credible than all of the
Tech companies?

Also, I don't think they are playing with words or intending to do so. They
are making it quite clear in my opinion.

------
IvyMike
Wild speculation, but what about TLS key misappropriation? In other words, NSA
has access not through official channels but somehow got private keys through
hook and crook?

(I have to admit I do not fully understand PFS and the implications here.)

------
bloaf
According to the NY Times

>employees whose job it is to comply with FISA requests are not allowed to
discuss the details even with others at the company

So it is possible that executives are not allowed to know what data their
companies are supplying to the government.

------
pavs
So I checked out some of the user profile of people who are flat out proposing
that google is colluding with the government and is lying right now to the
users and they don't believe any official word coming out from google.

Not only are their google+ profile very active, I am going to assume they are
still using and most likely will be using google products (or products from
other companies who has been implicated) months from now even if nothing
changes.

The question is, lets say you are absolutely sure beyond any doubt that all
these companies willfully (or unwillingly but now lying to you) shared data
with the government. What do you do now?

Do you accept it as it is and carry on? Do you stop using their service? Or do
you campaign to stop these companies and government from doing this (seems
highly unlikely to be effective or verify)?

~~~
waterphone
I'm likely going to use their services in a reduced capacity whether they were
complicit or not, simply because this incident has highlighted the risk of
companies who store massive amounts of personal information consolidated
together in one place. Even if their only reason for doing so is advertising,
I'm less interested in participating in systems that collect and store so much
information on me. This probably should've been obvious before (people have
certainly been saying similar things for a while), but recent revelations have
made me more prone to agree.

The problem, of course, is that some Google services are nearly irreplaceable,
especially search. There are alternative search engines, but they simply
aren't as good for the technical type searches that a programmer needs. Duck
Duck Go is better than some older alternatives have been, but when using it I
frequently find myself having to return to Google to actually find what I'm
looking for. I wish them luck and hope very much they keep improving, as I'd
like to use them, but so far I can't really.

------
lifeguard
"and if the government DID have access to Google servers, we would be sworn to
secrecy under penalty of prison and fine"

------
mtgx
Even if it did, imagine how awfully damaging that would be for Google's image
_worldwide_. So I could see why their immediate knee jerk reaction about it is
to hide it as much as possible.

If he is telling the truth, at least about this _very specific thing_ (not
having access to "Google's servers"), then it's still possible they are giving
them easy access in some other way, such as copying the data to other servers
that are "not Google's servers".

So worse case scenario, he's blatantly lying about it. Probably best case
scenario, they're still giving them the data wholesale in some way, and he's
playing word games and semantics.

I have a very hard time believing none of this is happening, at this point. I
hope I'm wrong though, but even then, the NSA probably has direct pipes into
the carriers and ISP's, and at the very least have access to all the data
going through US pipes that is unencrypted (and the encrypted data is stored
for later - i.e. the 5 billion terrabyte Utah data center).

~~~
kahirsch
> Probably best case scenario, they're still giving them the data wholesale in
> some way, and he's playing word games and semantics.

No, the best case scenario is he's telling the truth and Google only gives
specific data in response to specific court orders that have been reviewed by
their lawyers.

Normally I love reading the comments on HN, but I've just despaired over the
last couple of days. People are assuming that out-of-context fragments from a
Powerpoint presentation are 100% correct and when every single company gives a
_flat-out denial_ , then the companies must be lying or misleading or
slippery.

The law does _not_ require these companies to issue denials.

~~~
anon1385
Just a reminder: we are not all US citizens. There is no American court order
or warrant that makes it legal for Google Ireland to hand over data about EU
customers to the US government. They have admitted to doing this already[1]
years ago. It's likely illegal under data protection laws for EU businesses to
use Google services (or any other US based web service) to store customer
data.

 _Google has sent us a statement that reads: "As a law abiding company, we
comply with valid legal process, and that - as for any US based company -
means the data stored outside of the U.S. may be subject to lawful access by
the U.S. government."_

[1] [http://news.softpedia.com/news/Google-Admits-Handing-over-
Eu...](http://news.softpedia.com/news/Google-Admits-Handing-over-European-
User-Data-to-US-Intelligence-Agencies-215740.shtml)

------
voidlogic
"The government does not have access to Google servers"

No they just have Google's SSL private keys- perhaps...

------
puivert
It's getting to the point that there is no the business case for Google to
stay in the US.

------
robomartin
The real question clamoring for a clear statement is far more complex:

Does any government, US or otherwise, their agents, representatives,
contractors or NGO's have access, directly or indirectly, through any means,
to <insert company name here> DATA, FILES, COMMUNICATIONS, LOGS or any other
information having any relationship whatsoever to <insert company name here>
users?

This could be, and probably should be, refined, IANAL.

The point is simple: We don't care about "direct access to servers". We care
about access to data. And this can be provided through many channels, direct
and indirect. It can even be provided via daily tape backup dumps. Of course,
it can be provided to organizations peripherally working for or with a
government yet not directly to a government agency. And, finally, it could be
provided to another government that, in turn, can pipe it back to US
governnment agencies or collaborators.

The rabbit hole can be very deep.

------
zobzu
"cause the servers belong to the NSA,not Google!" ;)

~~~
TheCondor
It's possible. No mention of access to collected data.

------
adventured
The government would never need access to Google's servers; it would never
need a back door. A front door API would work just fine.

Some people have correctly pointed out that if Prism is considered 'law'
(falling under any number of national security laws), then all Google is doing
is complying with the law.

And in that case, what Drummond just said in no way actually denies
participation in Prism or a similar program.

~~~
invisible
Except that he straight out said that they have received no bulk requests at
all? Seriously...

~~~
adventured
Are you qualifying a real time feed as a bulk request?

~~~
invisible
I'd consider "give us every piece of data you ever get" a bulk/blanket request
- yep.

------
taktix
This is modern doublespeak in action, the actual inversion of meanings.
Translation: "Government has all access to our servers."

The message is loud and clear from Google that we need to know doublespeak
when we hear it. Class is in session!

