
Eric Schmidt: CNET gets it right on the NSA/Google issue - moultano
https://plus.google.com/+EricSchmidt/posts/XfgQ1PXzM5g
======
lazyjones
Eric Schmidt would be the last person I'd believe on matters related to
privacy.

He's well-known for basically claiming that we're not entitled to any privacy
("if you don't want anyone to know blah blah ... ") and for later being a
vindictive fool when CNET published some of his personal details found through
Google.

Besides, he's not even CEO anymore, why would he know anything about highly
confidential dealings with the NSA?

~~~
kordless
Whether you trust Eric or not has zero to do with if you trust CNet's claim
that "The National Security Agency has not obtained direct access to the
systems of Apple, Google, Facebook, and other major Internet companies, CNET
has learned."

Inferring he is no longer CEO and _might_ not know about these matters is just
an informal fallacy and has zero to do with whether or not Google, Facebook,
etc. is telling the truth on the matter. FWIW, I believe them when they say
they aren't giving direct access to their servers to the government. That
doesn't mean they aren't, and I'm willing to listen to any substantial claims
that they are.

I don't trust the government to always do the right thing when poking around
in our business, but I'm also not going to run around like a chicken with my
head cut off when everyone gets their underwear in a knot over leaks like
these.

~~~
smokeyj
Could a possible explanation be that the feds have unauthorized access?

~~~
mpyne
I think it's as simple as a misinterpretation of the technical intel-community
jargon being used by NSA.

They're saying PRISM gets them access to Google/Facebook/etc.'s data with no
other middleman. That's not always the case; when working with international
partners NSA might obtain intel from other (foreign) intelligence agencies, or
their HUMINT might report data that is itself hearsay.

So the source/provenance of data is very important for an intelligence agency.
NSA is saying this (with PRISM) is the best case as far as the source of intel
goes, there is no better primary source.

That still doesn't mean NSA has embedded backdoors or that the company doesn't
control _access_ to the data though. Data Access is a separate concept from
Data Source in intel.

We can still say that having this kind of access to data is above the
capabilities NSA needs to have (it certainly seems ripe for abuse) but it's
sounding like the reality is not _quite_ as sinister as Greenwald or WaPo had
been led to believe.

------
guelo
From Glenn Greenwald's twitter,
[https://twitter.com/ggreenwald](https://twitter.com/ggreenwald):

    
    
      Allow me to quote from the NSA document we just
      published defining PRISM: "COLLECTION DIRECTLY 
      FROM THE SERVERS"
    
      Our story was written *from the start* to say NSA
      claimed this, telecoms deny-we wanted them to have
      to work it out *in public* what they do
    
      We reported - accurately - what the NSA claims. We 
      reported - accurately - what the companies claim. It 
      conflicts. That's why we reported it
    
      Just one more time: NSA on PRISM: "Collection directly 
      from the servers of these US service providers: 
      Microsoft, Yahoo, Google, Facebook.."

~~~
danso
edit: doh, I misread the tweet. Looking over the new slides at that story just
posted [http://www.guardian.co.uk/world/2013/jun/08/nsa-
surveillance...](http://www.guardian.co.uk/world/2013/jun/08/nsa-surveillance-
prism-obama-live?guni=Network%20front:network-front%20full-width-1%20bento-
box:Bento%20box:Position2#block-51b36893e4b0cc6424372292)

edit: It's just one new slide ([http://static.guim.co.uk/sys-
images/Guardian/Pix/pictures/20...](http://static.guim.co.uk/sys-
images/Guardian/Pix/pictures/2013/6/8/1370711209084/b444b0a8-4436-4802-921e-5c3177bfc0eb-460x276.jpeg))
which says "directly from the servers"...but since Google is ostensibly
arguing that the slides are poorly worded, hopefully the Guardian believes the
other unreleased slides elaborate? The blog post ends with _" A far fuller
picture of the exact operation of Prism, and the other surveillance operations
brought to light, is expected to emerge in the coming weeks and months..."_,
which means that they will be releasing bombshell by bombshell, or that they
think other revelations will be independently reported?

(original comment below:)

I immensely respect Greenwald, but he's setting up presumptions for his
reporting that make it unassailable, no matter what the facts are.

1\. Our reporting is accurate.

2\. The fact that the companies involved deny it is proof that our reporting
is accurate, because our reporting said that they would deny the report.

3\. Therefore, our reporting is accurate.

It's possible that the reporting is accurate on its face, but the most
relevant details (i.e. the ones that would separate this from, egregiously and
surprisingly evil to, well, just more of the same) were not reported
correctly. Has either the Guardian or the WaPo released the entire slide set?

~~~
aspensmonster
>which means that they will be releasing bombshell by bombshell, or that they
think other revelations will be independently reported?

Presumably, the Guardian is in possession of the full 41 page powerpoint.
They'll likely release pieces of it at a time. Nice to see they're waiting for
everyone to trip all over themselves first. I can't wait to see how this plays
out in the coming weeks.

Funny. When Wikileaks did the same thing people said it was inappropriate and
editorializing and dishonest. It seems that the Guardian and Wikileaks
strategies for maximizing impact are on the same frequency.

~~~
danso
That doesn't explain why the Washington Post hasn't released their copy of the
slides, though...those two outlets are competing on this story (it's nice to
have two independent established outlets compete on a story of such national
and specific importance, fwiw) and the WaPo could have the scoop. Maybe
they're waiting for the Sunday edition?

My guess was that the source feared that one or all of the slides have some
kind of identifying tag, if not as a meta-watermark but as something tell-tale
in the content...and so had requested the Guardian and the Post to release as
little as possible.

------
jjguy
The referenced story: [http://news.cnet.com/8301-13578_3-57588337-38/no-
evidence-of...](http://news.cnet.com/8301-13578_3-57588337-38/no-evidence-of-
nsas-direct-access-to-tech-companies&#x2F);

declan submitted his story
[https://news.ycombinator.com/item?id=5844091](https://news.ycombinator.com/item?id=5844091)
but it languished.

It's a shame, because it's the first responsible piece of reporting I've seen
on this mess. The media has been trolled by a Powerpoint brief from self-
important USG bureaucrats.

~~~
eksith
Yes, but it's still using the term "direct access", which we've seen is the
antithesis of forthrightness.

Surveillance is tricky business and technology makes the boundaries of what's
acceptable to reveal even trickier. It's true that the muddling of the
Verizon/AT&T stories is being interwoven with this, which may not have helped.
And the scope of the information requested falls well within acceptable
procedure for "traditional" investigations I.E. who contacted whom at what
hour on which day. But this isn't a traditional investigation anymore.

In essence, they tried to automate police footwork, which still doesn't fly
with a lot of us.

[https://www.eff.org/deeplinks/2013/06/why-metadata-
matters](https://www.eff.org/deeplinks/2013/06/why-metadata-matters)

~~~
rasterizer
Google Chief Legal Officer:

"the government does not have access to Google servers—not directly, or via a
back door, or a so-called drop box"
[https://plus.google.com/+google/posts/TMh6gUVrwMq](https://plus.google.com/+google/posts/TMh6gUVrwMq)

~~~
eksith
Yes, I read your previous excerpt and I've read this very post here before.
Repeating it over and over (this is your 3rd post so far posting this link)
doesn't make me believe it any more strongly.

~~~
stanleydrew
The point of posting it multiple times is to make an attempt at unwinding some
of the damage done by countless misreports.

~~~
revscat
Assuming you are qualified at making such a judgement, or even more qualified
than any who have differing interpretations.

------
cromwellian
"Collection directly from the servers" doesn't actually have to mean real time
interception of data. It could mean "we send a National Security Letter, and
when they comply, they send us the user's data in a TARBALL." That's
application level data "directly from the servers" instead of upstream fiber
packet traffic.

Greenwald pisses me off and I don't trust him. We know there are 41 slides.
They are putting out 1 new slide per day it seems. Just release all of it and
get it over with. This seems designed to maximize the Guardian's traffic by
doling out the information piecemeal.

Today they released a slide ([http://www.guardian.co.uk/world/2013/jun/08/nsa-
surveillance...](http://www.guardian.co.uk/world/2013/jun/08/nsa-surveillance-
prism-obama-live)) that shows NSA upstream fiber-interception (outside company
datacenters) + PRISM, but again, it is vague as to what PRISM is.

If the slide definitely said "Data from internal datacenter taps or backdoors"
it would be clear and inarguable. All that would need to be discussed is
whether they did this with HUMINT moles, or whether the companies knowingly
cooperated.

As it stands now, PRISM could be anything from "Google Takeout NSA Edition"
that lets the NSA get a ZIP file of account data after it's been requested via
a warrant/NSA, or it could be a hack into Google's servers that somehow allows
them to slurp up and intercept data and it flows around the data center.

We don't know, but if Greenwald has other slides that clarify this, just
release them, the speculation right now is irresponsible and based on lack of
knowledge.

------
itg
Nope, according to a new tweet today by Glenn Greenwald (who broke the story):
Allow me to quote from the NSA document we just published defining PRISM:
"COLLECTION DIRECTLY FROM THE SERVERS"

[https://twitter.com/ggreenwald/status/343421926057861121](https://twitter.com/ggreenwald/status/343421926057861121)

~~~
waterlesscloud
The interesting thing here is that Greenwald is sending a signal that he has
more information than he has released.

Which puts everyone on all sides on notice that they should step carefully
with their statements.

------
grappler
There are two axis that seem to matter, by my way of thinking, whether this
business is conducted via carrier pigeons or fiber optic cables.

1\. What is the process.

What requests come from the government. What government entities make those
requests. What entities within the internet companies process those requests.
What parts of the request handling are done by humans with decision-making
authority vs what parts are handled by machines or by humans following a rigid
script. In either case, what policy drives those decisions. What proportion of
the requested information is given or denied.

2\. What is the speed and scale of the process

How quickly are these requests fulfilled. How much data comes back from a
request. What proportion of this data is relevant to the target and the
investigation vs “incidental”. How many requests are there per month or per
year. How much data is gathered per month or per year.

Side-issues not covered above:

Is the access “direct”. Is there a “back door”. Is access given to “servers”.
Is access given to a “network”. Is there a “beam splitter”. Is the government
provided with a private or secret “key”.

There are many ways to construct such a system, and there are many ways to
describe it (nevermind flat-out lie about it) by carefully parsing these side-
issues. What matters is not the implementation details but the effect.

------
tptacek
Any of you who have been reading Declan McCullagh's reporting regarding online
privacy and civil liberties know he's the last person you'd expect to find
writing a takedown of the WaPo NSA story. He's also a frequent commenter on
HN.

------
nir
I don't understand - was it not obvious from the get go?

The PPS lists various types of data the NSA gets from various companies. For
some reason most commenters here chose to interpret this to mean the NSA has a
direct pipe feeding it all of these companies data. The fact the PPS mentions
it's a $20m program should inform that this is _obviously_ not the case. Is it
just a matter of wanting to believe the more outrageous version?

------
robomartin
The real question clamoring for a clear statement is far more complex:

Does any government, US or otherwise, their agents, representatives,
contractors or NGO's have access, directly or indirectly, through any means,
to <insert company name here> DATA, FILES, COMMUNICATIONS, LOGS or any other
information having any relationship whatsoever to <insert company name here>
users?

This could be, and probably should be, refined, IANAL.

The point is simple: We don't care about "direct access to servers". We care
about access to data. And this can be provided through many channels, direct
and indirect. It can even be provided via daily tape backup dumps. Of course,
it can be provided to organizations peripherally working for or with a
government yet not directly to a government agency. And, finally, it could be
provided to another government that, in turn, can pipe it back to US
governnment agencies or collaborators.

Anyone can say "The US government does not have direct access to our servers"
while still feeding them a firehose of information through alternative means.

~~~
magicalist
"have access, directly or indirectly, through any means" is a not a useful
basis for the question, because a regular search warrant certainly qualifies
as that.

~~~
robomartin
Criticism accepted.

Now, could you suggest better language?

------
shill
Hey Eric! How's the Bilderberg conference going? Is the food good? Have you
guys picked the next president yet?

~~~
gasull
[http://www.news.com.au/business/world-leaders-in-secret-
soci...](http://www.news.com.au/business/world-leaders-in-secret-society-
bilderberg-meeting/story-e6frfm1i-1226659654991)

------
pvnick
I don't know who to believe anymore...

~~~
eksith
Believe in yourself and take reasonable steps (use your judgment to discern
what's reasonable, including my post) and take adequate steps to ensure your
privacy by investigating as much as you can.

Provided you're of sound mind, you're the only person who can't let you down.

------
leoc
So, what's new news in the CNET story?

 _The order has to be for account information or an intercept directed at a
specific foreign person, and "you can't say everyone in Pakistan who searched
for 'X'... It still has to be particularized."_

This seems to contradict the NYT's claim
[http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html) that

 _FISA orders can range from inquiries about specific people to a broad sweep
for intelligence, like logs of certain search terms, lawyers who work with the
orders said._

. Maybe it's specifically there to contradict the NYT claim.

------
gasull
How can you misread "COLLECTION DIRECTLY FROM THE SERVERS" (sic)?

[https://twitter.com/ggreenwald/status/343421926057861121](https://twitter.com/ggreenwald/status/343421926057861121)

And what about the FISA requests Google cannot legally talk about?

[http://uncrunched.com/2013/06/07/cowards/﻿](http://uncrunched.com/2013/06/07/cowards/﻿)

------
neya
I don't buy it, There is every single possibility that CNET was forced to
write this article by someone from the top.

I'm not angry about my details leaking to governments, what I'm angry about is
how manipulative the media is and how much stupid they assume we are.

I rather trust Mark Zuckerberg than CNET. Their tech reviews are mostly biased
sponsored ads, why would I trust them with something serious like this?

~~~
monkeyspaw
I don't buy it either. There is every single possibility that the person who
leaked the document has a financial stake in CNET and the Guardian and made
the whole thing up for pageviews. </s>

I'm not sure what you mean by "every single possibility." Do you just mean
"it's possible"?

------
denzil_correa

        "It's not as described in the histrionics in the Washington Post or the     
        Guardian," the person said. "None of it's true. It's a very formalized 
        legal process that companies are obliged to do."
    

Please, please can we know about this "formalized legal process"?

------
lifeguard
This is evil because if Schmidt knew anything he would be sworn to secrecy
under penalty of prison and fine.

------
MiguelHudnandez
The NSA does not need direct access to the servers to monitor activity.

Strategically placed traffic monitoring at major ISPs is enough to build a
pretty complete picture. I can imagine SSL traffic doesn't even pose much of a
hurdle to a well funded project. You don't need the data in real time.

------
denzil_correa
The problem is "access to private data" as and when required. The problem is
NOT "back door access" or any other such term whatever the hell it means. I
see carefully worded statements by Internet firms without any evidence.

------
cinquemb
An echo chamber of debate as the ship continues to sail into the flames…
godspeed everyone.

------
nextstep
Apparently neither Eric Schmidt nor the Cheif Legal counsel for Google have
sufficient security clearance to know whether or not they're involved in
Prism.

------
alan_cx
Interesting watching these guys react. Kinda tells us how serious this really
is.

------
rasterizer
Drummond adds:

 _We cannot say this more clearly—the government does not have access to
Google servers—not directly, or via a back door, or a so-called drop box. Nor
have we received blanket orders of the kind being discussed in the media. It
is quite wrong to insinuate otherwise. We provide user data to governments
only in accordance with the law. Our legal team reviews each and every
request, and frequently pushes back when requests are overly broad or don’t
follow the correct process. And we have taken the lead in being as transparent
as possible about government requests for user information._

[https://plus.google.com/+google/posts/TMh6gUVrwMq](https://plus.google.com/+google/posts/TMh6gUVrwMq)

~~~
lifeguard
THEY SAY THESE THINGS BECAUSE THEIR CO-WORKERS HIDE THE TRUTH FROM THEM, BY
LAW

------
edwardunknown
Well done guys! Quite an achievement turning a site for so-called smart people
into one dumber than the Drudge Report in only two days.

~~~
nappshack
This place turned into r/conspiracy.

