
Larry Page addresses PRISM - raldi
http://googleblog.blogspot.com/2013/06/what.html
======
chrisacky
I can't understand the repeated use of "direct access". It's the kind of
language a lawyer would use to qualify a patent clause.

\- We do not provide direct access to our servers.

\- We do not provide direct access nor is there a backdoor.

\- O, but we do still pipe all of your data to external NSA servers. </sarc>

Every company named (I'm not just picking on Google here) has come out with
the same overarching statement. "We do not provide direct access". It just
smells of being rehearsed, and carefully coordinated to select such language.

~~~
Dove

        Until this week’s reports, we had never heard of the 
        broad type of order that Verizon received—an order that 
        appears to have required them to hand over millions of 
        users’ call records. We were very surprised to learn 
        that such broad orders exist. Any suggestion that Google 
        is disclosing information about our users’ Internet 
        activity on such a scale is completely false.
    

I'm not sure how much more strongly you'd like that worded. It seems pretty
complete to me.

~~~
mullingitover
It's exactly the kind of denial you'd expect them to issue if they were
legally required to deny any involvement.

~~~
Matt_Cutts
Really? You don't see any difference between the denial posted by Google's CEO
vs. the way that (say) Verizon responded? Here's Verizon's response:
[http://www.businessinsider.com/verizons-memo-to-workers-
abou...](http://www.businessinsider.com/verizons-memo-to-workers-about-
nsa-2013-6)

~~~
ashleyblackmore
Thought twice about posting this, but am I the only one who feels really
queasy about someone like Matt Cutts jumping directly into conversations about
their own company on HN (especially when it could be connoted as being part of
damage control)? He's hardly rank-and-file. I think it is plain old creepy,
YMMV.

~~~
tptacek
Yes, you might be the only person here to suggest Matt Cutts is ever unwelcome
on any HN thread.

~~~
ashleyblackmore
Heh, did you get out of the wrong side of bed today? I don't spend all day
reading HN comments - sorry if my knowledge of responses to Matt Cutts' posts
isn't as comprehensive and magnificent as your own. When I posted this, nobody
else had said anything.

------
necubi
For all those complaining about the language of this and other denials, what
could possibly satisfy you? This seems as blanket as possible.

"Second, we provide user data to governments only in accordance with the law.
Our legal team reviews each and every request, and frequently pushes back when
requests are overly broad or don’t follow the correct process."

"We were very surprised to learn that such broad orders exist. Any suggestion
that Google is disclosing information about our users’ Internet activity on
such a scale [as of the Verizon order] is completely false."

Finally, NSLs cannot compel an organization to lie like this, and doing so
would be very legally dangerous for Google.

It's amazing how little critical thinking HN does when we see something that
confirms our beliefs.

~~~
themgt
Obama confirmed in a press conference that PRISM exists, so concluding the
program is imaginary would seem to require a fair lack of critical thinking.

~~~
andreyf
Could you quote/link to Obama's confirmation that Prism exists, and also the
claim that it is imaginary?

~~~
drsintoma
> Could you quote/link to Obama's confirmation that Prism exists

I'll give you gizmodo because it has specifically the quotes
[http://gizmodo.com/president-obamas-prism-response-wont-
make...](http://gizmodo.com/president-obamas-prism-response-wont-make-you-
feel-on-511912648)

~~~
necubi
None of those seem to have anything to do with PRISM. This is a confusing
situation, because two secret surveillance programs were leaked on subsequent
days. These seem to be related to the first leaked program, which involves
collection of Verizon's call metadata. That seems pretty clear-cut. Verizon
has issued a non-denial, it's in line with what we've known about the NSA's
conduct since 9/11, and various members of congress and the executive branch
have commented on it.

PRISM is a completely separate issue and one I'm much more skeptical about. I
also haven't seen anybody specifically admit to PRISM's existence, so I'd be
interested if you can find a better source.

~~~
drsintoma
I stand corrected

------
tsunamifury
When I worked IT for a medium sized university we were asked by the DOJ to
install switches that copied all internet traffic directly to an unspecified
government server. We were told all ISPs (anyone providing internet to more
than 100 persons) were told to do this as well.

We refused to comply obviously as the request was absurd, but in the small
print of the request we were told we were not allowed to speak of the request
and were to deny any involvement if asked under some unknown penalty.

I wouldn't be surprised if special terms of Google's interaction with any
government agencies has a similar clause.

~~~
thrownaway2424
Please throw out an estimate of how big you think a mirror of all Google's
network traffic might be.

~~~
rosser
The NSA's Utah data center was designed to host more storage _than existed on
the entire planet_ at the time. Sheer volume of data is among the least of
their concerns.

~~~
thrownaway2424
OK, so you can read wikipedia, but does it make any sense? A single 65MW
datacenter with only 100ksqft of machine room space can hold all of the data
in the world? That's not even as much power as one of Facebook's facilities in
Oregon.

Remember when IBM announced they'd built the largest filesystem in history?
That was only 120PB. A YB is 10 million times bigger than that.

Consider also that a YB is 1000x the entire storage industry output from 2012.
So under your theory there is a parallel hard disk drive industry consisting
of at least 99% of all hard disk production on Earth.

~~~
mullingitover
>" A single 65MW datacenter with only 100ksqft of machine room space can hold
all of the data in the world? That's not even as much power as one of
Facebook's facilities in Oregon."

You're off by a factor of 10-15 on the square footage. Per the wiki page, "The
planned structure is 1 million or 1.5 million square feet."

~~~
thrownaway2424
"According to USACE, the center will have 100,000 square feet of raised-floor
data center space and more than 900,000 square feet of technical support and
administrative space."

Typical government installation. 90% overhead.

[http://defensesystems.com/Articles/2011/01/07/NSA-spy-
cyber-...](http://defensesystems.com/Articles/2011/01/07/NSA-spy-cyber-
intelligence-data-center-Utah.aspx)

------
chime
I don't want any more fluff "no direct access" emails. I just want these
questions to be answered with a YES/NO:

1\. Is there any way that someone outside of Google, can get a copy of an
email I sent from my gmail to my own gmail, without a warrant that specifies
my exact gmail address?

2\. If I delete my Google search history, is there any way for anyone to
access this history, with or without a warrant?

3\. If I make a Google search from an incognito window, is there any way for
Google to connect it to my Google account via my IP address? I know I've done
this in the past to prevent spambots from creating fake accounts. Can Google
connect these dots if someone sends them an NSL?

If the answer to any of this is YES, I am going to have to rethink my entire
online life.

~~~
zmmmmm
You're asking very broad questions with only negative (ie: unprovable)
answers. I don't think any company could ever say there is "no" way anybody
can every get your search history after you delete it.They don't immediately
run out and shred all the hard drives storing your data every time you delete
something. Data would always be recoverable with some extreme amount of
effort.

~~~
chime
What about Q1?

------
Matt_Cutts
Personally, I'm really glad that Google published such a clear, plain-spoken
post to tackle this issue head on.

This whole issue makes me want to donate a bunch of money to the EFF. If
anyone else feels the same way, you can donate to the EFF here:
[https://supporters.eff.org/donate](https://supporters.eff.org/donate) and I
believe a lot of employers will match contributions.

~~~
chime
EFF is certainly doing a great job right now, so donations are definitely
going to help.

Let me ask you this - do you feel 100% comfortable that nobody outside of
Google can read your personal gmail?

~~~
Matt_Cutts
Me personally? I do. I still want Google to up the number of key bits on our
SSL connections, plus explore how to make the connection even more secure
though. But yes, I'm quite confident.

~~~
abraham
It looks like the security team is currently working on upping the SSL bits.

[http://googleonlinesecurity.blogspot.com/2013/05/changes-
to-...](http://googleonlinesecurity.blogspot.com/2013/05/changes-to-our-ssl-
certificates.html)

~~~
Matt_Cutts
2048 bits! Woohoo!

------
rollo_tommasi
General Clapper point-blank lied - or provided a legally-truthful answer so
contorted it may as well have been a lie - to Representative Wyden when
questioned about NSA phone-data collection just a few months ago. You can't
take any statement by any authority figure on these types of programs at face
value.

Obviously this opens the door to all kinds of unfalsifiable, paranoid
conspiracy madness, but that is a _direct consequence_ of the government's
unrelenting commitment to maximum secrecy.

------
danielpal
What a lot of people haven't considered is that it's likely that the NSA had a
big breakthrough on Integer Factorization and their capable of breaking RSA
public key crypto (used everywhere you see HTTPS)

Then they can just save all your encrypted traffic and break it on demand.

We all need to start considering moving to Elliptic Curve Cryptography.

~~~
rthomas6
Why is this at all likely?

------
kahirsch
I am going to guess that PRISM is a system which receives and parses the data
files from those companies that are produced as a result of
warrants/subpoenas/national security letters. So the excerpt from the NSA
document that the Washington Post gave—"Collection directly from the servers
of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk,
AOL, Skype, YouTube, Apple" — may refer only to some kind of secure file
transfer (private circuit with NSA hardware encryption, maybe).

It's just a guess, but it could fit with the relatively low cost figure given
($20 Million).

------
hga
Aren't these the same words we've been hearing from the others, ones that
ignore the concept of a front door, push mechanism to satisfy government
demands that cannot be revealed without committing a felony?*

I'd be a _bit_ happier if we were to hear from Soviet refugee Sergey Brin....

* That's one of the terrible things about doing _everything_ in secret; we know that _if_ Google is subject to a broad demand from a National Security Letter they _can 't_ tell us that without suffering terrible penalties. The government has set up a situation where we literally are not able to trust the words of Google et. al.---at least prior to a major figure deciding to pay that penalty for the greater good. Which history tells us requires a rare courage.

------
cromwellian
There's a new kind of Birther or Truther, let's call them PRISMers. No amount
of denials or evidence to the contrary, no matter how they are worded or
exposed, will satisfy PRISMers that Google is not uploading all user activity
to the NSA. It's just impossible to repair the harm that's been done to the
brand by the government.

For some people, I doubt trust can ever be regained. Companies affected by
this PRISM program should sue the US Government for damages, or at least sue
them until it is completely declassified.

------
aniket_ray
Disclaimer: I don't know the truth about anything that's going on.

First, I'm not a US citizen. So, it seems I just have to assume that NSA is
certainly tracking me.

Now to the topic of spying on US citizens, considering how no one seems to
have ever heard about PRISM, the breaking of this story based on flimsy
evidence seems to me like an attempt to side track from the real and confirmed
story of NSA accessing Call Data Records from Verizon of millions of citizens
(The industry calls it CDRs, why have we started calling it "Metadata" since
yesterday).

I wouldn't be surprised (though I have no evidence at all) that the PRISM
story was planted to change the public discourse.

------
agentultra
> _Second, we provide user data to governments only in accordance with the
> law._

Which is what is in question, no? If being in accordance with the law means
keeping secret the requests you do serve, even if broad, means you're still
handing out the information. You just don't have to put it in your,
"transparency report."

Can't really say any of this is even remotely surprising given what we, in the
industry of software development, know about what kind of information can be
gathered and how vast volumes of it can be processed and analyzed.

------
guelo
In his remarks today Obama said "Now, with respect to the Internet and emails,
this does not apply to U.S. citizens, and it does not apply to people living
in the United States."

He's clearly stating that they do read non-American's emails. So how do they
do it if they don't have access to Google's servers?

BTW, if you run a company outside of America you'd be crazy to rely on Google
since the US could be reading your emails for corporate espionage purposes. I
think in the long run these revelations are very threatening to Silicon
Valley.

~~~
dragonwriter
> BTW, if you run a company outside of America you'd be crazy to rely on
> Google since the US could be reading your emails for corporate espionage
> purposes.

The US _could be_ spying on activities, including email transmissions, that
happen wholly outside of the US, as well.

The only reason PRISM, et al., are newsworthy is that there are expectations
and widely-perceived legal/constitutional limitations of US government
_domestic_ surveillance that don't exist for foreign surveillance.

~~~
guelo
If my company is outside the US I can try to use infrastructure that at least
makes it harder for the US to gain access. If, for example, the US is spying
on European allies' infrastructure it would be a diplomatically damaging
revelation and the European governments would try to fight it off. If I use a
Silicon Valley service I know for a fact that the US can read my data at will
without any recourse on my part.

It makes no sense to use Google which is why I'm saying this is threatening to
Silicon Valley. Think of it this way, do you think a Chinese email service
could become trusted enough to become globally competitive?

~~~
dragonwriter
> If my company is outside the US I can try to use infrastructure that at
> least makes it harder for the US to gain access.

Which is great, if you have a decent idea of the NSA's (and the US
intelligence establishment in general) capabilities. If not, you're
essentially fumbling around in the dark trying to make that kind of
infrastructure selection. (And, of course, the US intelligence community isn't
the only threat, China -- through whom much traffic that neither originates in
nor terminates in China is routed -- has to be a consideration, particularly,
but they aren't the only other threat, either.)

If you don't have a system where you have strong theoretical guarantees of
end-to-end security and integrity with the data sent over untrusted
infrastructure, its security against any of the major threats really relies
more than anything on them just not caring about it, and if you think that you
are meaningfully buying security by choosing between Google or one of their
competitors for basic services, you are probably deluding yourself.

~~~
guelo
Hey look, I'm already being proven right
[http://www.reuters.com/article/2013/06/07/europe-
surveillanc...](http://www.reuters.com/article/2013/06/07/europe-surveillance-
prism-idUSL5N0EJ31S20130607)

------
joering2
This was a TOP SECRET document that leaked out. Page may be well in position
not only to deny any knowledge of PRISM, but even further publicly deny Google
worked or works with PRISM/NSA.

The way the government bends the law for some years now just to punish
everyone they feel like, either through imprisonment, scrutiny or simply by
wasting years of their lives, savings of their lives and leaving them with a
huge lawyer's bill, I wouldn't be surprised if Page had no choice than to lie
on the record. And guess what; if, arguendo, he did, he will be pardoned later
on. What would you choose? Admit to a secret program ran by secret agency and
face brutal consequences (fines, imprisonment, charge with espionage or maybe
capital punishment? (why not? why wouldn't government go after Page "proving"
that by admitting US sees everything everyone types to Google, it tipped over
some terrorist somewhere that stopped using Google and because of that
government lost a track of him until he blew himself up in the middle of
crowded street. You get the drift)), or perhaps come up as a good patriot and
tell the truth. We already have one that told the truth. He spent 3 years in
solitary confinement and may be facing life sentence or capital punishment.

People need to understand. This is too big of a secret even for someone like
Page to come up and admit.

------
ISL
Okay, HN, how can Google provide a compelling denial that they're not
participating in PRISM as described in the leak?

If we're to be a country where innocence is presumed and guilt is proven, we
must consider what Larry Page would write in the case that Google is _not_
supplying any sort of un-warranted feed to NSA. Would it be any different?

------
chime
If this entire PRISM thing is fabrication, then it is the best thing to have
happened to personal liberties and Internet privacy since encryption. Until
the recent shooting in CA, all the major networks were going on and on about
PRISM. No amount of money could have bought the kind of attention PRISM is
getting.

------
dannyr
Some of the comments here just shows that people will believe what they want
to believe.

There's nothing Google, Apple, Facebook, etc can say that some people won't
poke holes into.

~~~
ceejayoz
That's the frustrating state of the law. Gag orders make it very difficult to
trust public communications like this. With secret, fairly unaccountable
courts that statistically appear to rubber-stamp government requests, it's
hard to discount the possibility of the NSA having, say, the authority to say
"Google, you will post the following PR release now" as part of one of these
orders.

------
deelowe
Why is everyone so suspicious of Google to begin with? Is there a shred of
evidence to lend any credibility to the accusations thus far? Given how
Google's technology works, I imagine it would be quite an expense to provide
the kind of access the govt. would want and Google hasn't been exactly overly
enthused with having to comply with BS government requests(e.g. see how they
deal with requests to scrub search results).

~~~
mullingitover
The President getting on national television and acknowledging that the
program exists is a pretty big shred of evidence.

~~~
deelowe
He said nothing about Google, which is the topic of the OP.

~~~
mullingitover
In case you missed it, this is the program he acknowledged - Note the three
Google products whose logos feature prominently in the leaked doc:
[http://www.guardian.co.uk/world/2013/jun/06/us-tech-
giants-n...](http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-
data)

~~~
deelowe
I missed the pictures of the slides. That said, there are ways to target these
services without involving the companies directly. Up to and including
espionage itself.

~~~
mullingitover
One of the earlier articles discussed the government's concerns about keeping
the program secret, lest they lose the cooperation of their private sector
partners. That isn't a concern that they'd have if they were implementing the
program through espionage.

------
ajdecon
Regardless of the wording, no statement from Google (or Facebook, Apple, etc)
is really going to be believed. A denial from innocence is indistinguishable
from a denial which is legally compelled by the language of an order form the
government.

But to be honest, I don't bear any ill will toward Google on this. Based on
their behavior in the past, I'm willing to believe that if this program
existed, they pushed back to the extent they felt they could... but if they
eventually complied, it's difficult to blame them, given the threats the
government is capable of making.

Unfortunately, the only place to resolve this is at the government level, if
it can be resolved at all.

------
hammerzeit
One thing I'd think about: If Google is lying or misrepresenting the truth
here, then it would be phenomenally foolish to put out a denial under Larry's
name as it just did.

Specifically, the personal integrity of the founders -- especially vis-a-vis
these kinds of issues -- is one of the bedrocks of Google's culture. If a
statement like this was proven out to be a deliberate misrepresentation (even
if not an outright lie) it would cause IMO severe harm to Google morale.

------
newobj
Here's an idea. Instead of telling us what you DON'T do, tell us what you DO
do.

~~~
ceejayoz
They're legally barred from doing so.

------
uptown
Watch this: [http://youtu.be/oYNXVgYhPOc](http://youtu.be/oYNXVgYhPOc)

The key phrase is "in the United States" so they just replicate the data
outside the United States and you've got yourself a data 'black site' outside
the jurisdiction of US law. No direct access. No laws broken. Open access to
the NSA.

~~~
chris_mahan
Ireland?

~~~
hrbrtglm
The dark side of the moon.

------
kjackson2012
\- What indirect access does Google provide to the government?

\- What lawful data does Google automatically provide to the government
without any requests?

\- Can the government can ask Google for data once, and then Google is
required to constantly supply data, periodically? If so, what is that data?

\- What data does Google provide to the government upon request?

~~~
zaphar
[http://www.google.com/transparencyreport&#x2F](http://www.google.com/transparencyreport&#x2F);

------
icambron
This is absolutely crammed with weasel wording. With notes:

First, we have not joined [Maybe you didn't "join", but instead merely
participated in?] any program that would give the U.S. government—or any other
government—direct access [How about indirect access? What is "direct access",
anyway?] to our servers [The reporting suggests the NSA provided some
hardware. So I guess it's not your servers, huh?]. Indeed, the U.S. government
does not have direct access [There's that weird term again] or a “back door”
[With quotes. Nice.] to the information stored in our data centers. We had not
heard of a program called PRISM until yesterday [This one is especially bad.
Apparently the NSA didn't tell them the program was called 'PRISM'?]

Second, we provide user data to governments only in accordance with the law
[Note that the government also claims this program is in accordance with the
law]. Our legal team reviews each and every request [What's the scope of a
request?], and frequently pushes back when requests are overly broad or don’t
follow the correct process. Press reports that suggest that Google is
providing open-ended access to our users’ data [Not what the reports are
suggesting] are false, period. Until this week’s reports, we had never heard
of the broad type of order that Verizon received—an order that appears to have
required them to hand over millions of users’ call records [Which is wholly
unrelated to PRISM and Google.]. We were very surprised to learn that such
broad orders exist. Any suggestion that Google is disclosing information about
our users’ Internet activity on such a scale is completely false [Such a scale
being what, exactly? All of your users' data?].

Note what it doesn't answer:

Does Google provide data to the NSA?

Does the NSA have resources in Google data centers?

Does Google know what these reports about the NSA spying on our Google
accounts are all about?

It really doesn't answer those. Lame.

------
adventured
With Clapper's admission that Prism is real, I don't understand why it's still
a debate as to whether Google / Facebook / Microsoft / Apple are involved.

What Internet companies are they getting information from, such that they
wouldn't target the top dozen companies that account for the radical majority
of anything you'd want to bother tapping into? Who do people think they're
talking about? Excite? Some small local ISP?

They got Verizon and AT&T to sign on to massive scale spying. If they can do
that, they can get Google and Facebook and so on. These companies simply have
no choice in the matter. You'll recall that Google's anti-trust inquiry
recently, conveniently, went away with barely a slap on the wrist.

------
rosser
There's that "direct access to our servers" verbiage again. I love how these
people apparently think that denying doing something that's not the thing that
everyone is talking about is going to distract and mollify the public...

------
chris_mahan
I think the US government can put enough pressure on any CEO of any company in
the United States to lie about information collection efforts that such denial
is meaningless.

------
Steko
Just because the government has access to Google's servers doesn't mean Google
gave them that access.

We're all big kids, if you read that the Chinese/Russian/whatever government
had access to information straight from Facebook's servers most people
wouldn't doubt it for a second and most people would assume they took it
through hacking.

So how can you be surprised that NSA is listening to your Skype calls? Maybe
they're using a backdoor made for them, maybe they're using a backdoor MS put
in for synergy, maybe they threw a million gpus at it for a few years... And
maybe they got permissions from MS, or maybe they social hacked it[1], maybe
they take it before it gets to MS's servers. Some of those might be illegal
and some not but anyone who's surprised or suddenly outraged has been living
under a rock since forever.

[1] _" It is generally done via secret arrangements not with the company, but
with the employees. The company does not provide back-door access, but the
people do. The trick is to place people with excellent tech skills and dual
loyalties into strategic locations in the company. These 'assets' will then
execute the work required in secret, and spare the company and most all of
their workmates the embarrassment"_

[http://financialcryptography.com/mt/archives/001431.html](http://financialcryptography.com/mt/archives/001431.html)

I don't see any citation or evidence given for this so this persons claim
could just be idle speculation but it's along the lines of what I'd assume.
The NSA treats your privacy as a math problem and routes around it.

------
cpeterso
Could the NSA have recruited Google employees as moles? The company might not
be providing "direct access", but an individual employee might be able to.

What kind of security do companies like Google and Facebook have to protect
private user data from employees? I remember reading that Facebook used to (?)
allow unfettered access to all private user data until (surprise!) some creepy
employees began stalking people.

------
mcintyre1994
The obvious issue here is that if the order was similar to Verizon's, Google
wouldn't be allowed to admit its existence anyway.

------
CoryG89
Everyone please also go read Mark Zuckerberg's response:

[https://www.facebook.com/zuck/posts/10100828955847631](https://www.facebook.com/zuck/posts/10100828955847631)

Now look at it side-by-side with Larry Page's response. Anyone with half a
brain should be scared by this. It really scares me as well. I put more of my
trust in Google, and perhaps even Facebook then I place in the Government, or
the phone companies, or others. However, these definitely look like they are
created from the same template. Very worrying coming from Page and Zuckerberg
like this at the exact same time. I just hope there really isn't a man behind
the curtain pulling the strings of such powerful figures in technology today.

Does anyone know if there could have been a meeting between these CEOs to
decide how they were going to respond. Perhaps they all decided to make their
responses uniform together, instead of some external source telling them what
to do.

------
IanDrake
>Second, we provide user data to governments only in accordance with the law.

This is problematic when the government decides the law means you have to give
them your data, you can't say no, you can't say anything about it, and if
asked you must deny it.

In this day and age, who knows who's telling the truth. When lying becomes
law, truth no longer exists.

------
stevewillows
While I enjoy my tinfoil hat, it seems that they're being open about the
access given. This being said, if I didn't trust Google I wouldn't use them. I
accept that I am trading certain information about me (interests, usage etc)
for the bevvy of free services they provide.

What sort of information about me would the NSA be interested in?

------
Udo
I think they are probably replicating their content in realtime onto
government servers, so _technically_ Google et al don't give the NSA any
"direct" server access. In practice it's way more convenient to house all that
data directly under the NSA/DHS/whatever umbrella than to connect to Google
every time they need something.

Using piecemeal "direct access" would also hurt the government's data mining
ambitions, so there are a lot of factors that suggest internet companies are
simply obligated to stream all their data into a gov black box. This way,
everybody wins: the government gets warrant-less, hassle-free access to
absolutely everything, the internet companies get freedom from search warrants
and NSLs, and they get to use the canned "direct access" denial line which is
technically true but is still actually a huge lie.

------
gridmaths
Missing from this cynical legal response, is the outrage towards the
government for spying on all our private communications [ both legally and
illegally ]

Google could have used their platform to campaign for better laws : a 'free
speech + question mark' logo on their home page outlining their concerns would
have been consistent with 'Dont be Evil'.. but they didn't even do that.

A not-just-non-evil-but-actively-good Google should have said to the
Government : "No, you may not have any access to our customers data - you need
to physically raid our buildings with a warrant to prise that from our
stewardship. You need to hold us as a company in contempt of court."

How much better is the US than China ? : how can there be a democracy without
both free speech and a right to private conversation ?

------
esja
Very carefully worded & not a denial of the allegations.

------
danbruc
(At least) one party did not tell the truth - opinions?

~~~
danso
There's two middlemen layers in this game of telephone:

1\. What the leaker communicated to news outlets 2\. What the news outlets
communicated to us

It seems likely that exact terms and technical capabilities have been
misunderstood or misinterpreted. Already, there are common misconceptions
arising from the public's interpretation of the news...for example, conflating
the NSA's deal with Verizon to the PRISM program. And there's also the natural
confusion that generally arises in any discussion of government surveillance
programs...some people seem to be surprised that the NSA is spying on foreign
communications, when that is pretty much NSA's _raison d 'etre_.

I think we should take Page as a clear denial, that is, that he's not
weaseling out on a technicality. That doesn't mean he couldn't be flat out
lying, of course. I think it's also a believable that if Google were to
participate in a program like PRISM, that Page would be one of the people in
the know.

------
lifeguard
"Tech companies might have also denied knowledge of the full scope of
cooperation with national security officials because employees whose job it is
to comply with FISA requests are not allowed to discuss the details even with
others at the company, and in some cases have national security clearance,
according to both a former senior government official and a lawyer
representing a technology company. "

[http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html?_r=0)

------
mgiiu1
Several of the largest telephone carriers in the United States knowingly and
voluntarily assisted the National Security Agency in illegally spying, the
online companies I feel have more too lose if they took that kind of mindless
attitude. Online companies monetize user data so consumers may lose faith in
the companies ability to protect their data from government if they have
"direct access". Online firms adopted a aggressive, pro-privacy legal
theories. The problem isn't about direct access, the friendly benefits the
intelligence community gets with current structuring of federal law is what
needs to be changed for more respect to privacy in our society.

------
svdad
Ok, let's read this closely. It doesn't seem to me like Larry and David are
_really_ denying much of anything.

"Indeed, the U.S. government does not have direct access or a “back door” to
the information stored in our data centers."

Sure, that's fine. But the fact that the initial PPT gives a specific date on
which Google cooperation began already suggests that Google may be handing
over data, not that the gov't is sucking it all down automatically.

Also, they say "data centers" in particular. Data travels over lots of other
pipes.

"We had not heard of a program called PRISM until yesterday."

Not surprising the NSA wouldn't tell them the secret code name of the project
in their discussions.

"we provide user data to governments only in accordance with the law. Our
legal team reviews each and every request, and frequently pushes back when
requests are overly broad or don’t follow the correct process."

This is an enormous loophole. "in accordance to the law" could mean anything,
and with automated review systems the volume of data passing through could be
massive.

"Press reports that suggest that Google is providing open-ended access to our
users’ data are false, period."

Not providing "open-ended acces" does not mean not providing _any_ access.

"We were very surprised to learn that such broad orders exist."

But not surprised to learn that other not-so-broad orders exist. How broad is
too broad?

"Any suggestion that Google is disclosing information about our users’
Internet activity on such a scale is completely false."

Not "on such a scale", but on a slightly smaller scale, sure.

"there needs to be a more transparent approach"

In other words, we wish we could tell you about everything we're doing with
the NSA, but we aren't allowed to.

Really this doesn't read like any sort of denial at all.

------
piyush_soni
"We put that in our transparency report " _whenever possible_ ". :)

------
Steer
I'm sure many people have said the same thing much more eloquently than I can,
but what I find extra depressing in all this is that we all obviously want to
take advantage of the possibilities that the Internet gives us, but while
people are prosecuted right and left for sharing a song the government (any
government) can do things on a scale which we can only dream of. We're all
connected, but has it empowered us or has it made us into a bunch of sheep?

What happened to the government working for us, the people? Yes, I'm sure I'm
naive, but still.

I don't see this getting better before it gets worse. Sorry.

------
jmomo
This from the same guy who once gave away access to anyone's data to impress
friends.

His quote:

Zuck: They "trust me" Zuck: Dumb fucks.

He has no credibility.

[http://www.theatlanticwire.com/technology/2010/05/report-
zuc...](http://www.theatlanticwire.com/technology/2010/05/report-zuckerberg-
called-facebook-users-who-trust-him-dumb/24459&#x2F);

[http://www.newser.com/story/88716/zuckerberg-once-mocked-
dum...](http://www.newser.com/story/88716/zuckerberg-once-mocked-dumb-users-
over-trust.html)

~~~
paramsingh
Not the same guy at all...

------
jmomo
Zuckerberg would never give away private info just to impress friends:

[http://www.theatlanticwire.com/technology/2010/05/report-
zuc...](http://www.theatlanticwire.com/technology/2010/05/report-zuckerberg-
called-facebook-users-who-trust-him-dumb/24459&#x2F);

[http://www.newser.com/story/88716/zuckerberg-once-mocked-
dum...](http://www.newser.com/story/88716/zuckerberg-once-mocked-dumb-users-
over-trust.html)

------
zmmmmm
It's disturbing how similar the language of the different denials is. While
individually they are quite convincing (to me, anyway), when you read them one
after the other they all have the same "voice". It starts to sound like
Orwellian newspeak, exactly how it would sound if all these statements were
coordinated by a shadowy background figure.

It may be just an unfortunate coincidence of timing and nature of lawyer laden
executive language - but together these statements almost become
counterproductive.

------
monkmartinez
Google doesn't know what the program is called inside the NSA, that is not
earth shattering news. The problem is they don't need to "know" any of this.
Hypothetically; If I was approached by the NSA for access to my users data...
I would ask or come up with, at a minimum, some kind of Plausible
Deniability... its the only sane option given the nature of these requests.

Ie. "Never heard of it... We push back as much as we can... See these push-
backs in our transparency report. Feel Better?"

------
lazyjones
So the gmail access given to government agencies, that allegedly enabled the
Chinese to hack it in 2010 - as reported by CNN
([http://edition.cnn.com/2010/OPINION/01/23/schneier.google.ha...](http://edition.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html))
was just a figment of Bruce Schneier's imagination?

Or was it just "indirect access", as in via some other company?

------
coherentpony
> First, we have not joined any program that would give the U.S. government—or
> any other government—direct access to our servers. Indeed, the U.S.
> government does not have direct access or a “back door” to the information
> stored in our data centers. We had not heard of a program called PRISM until
> yesterday.

Right, but government-hired contractors are not 'the government'. So while
this could be true, users' data could still be being intercepted.

------
natch
Wow, so many weasel words.

So what would satisfy me?

"We minimize intrusions into our users' privacy by encrypting their data on
the client side with good crypto algorithms and secure keys that assuming a
secure client system are under the full control of our users."

Followed by a list of types of data, and which types are or are not encrypted
in this way.

That comes close. It's not exactly PR-speak, but captures the spirit I would
hope for.

Google could at least try harder to be proactive about protecting privacy.

------
rachelbythebay
It just occurred to me: the "data liberation" thing they have which lets you
download your own data... would be terribly useful for such requests. What
better way to scrape the entirety of the various storage systems than to have
a team who does nothing but that?

The team itself wouldn't even need to know about it. Just keep them funded and
let them stay current on supporting the latest doodad, and it stays useful to
the nefarious spy work as well.

------
jlebar
We should really read what the Times has to say about this before we engage in
armchair investigation.

[http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html)

------
weinzierl
The last paragraph sound to me like: "Oh guys, we'd love to tell you what they
force us to do, but we can't because we're under gag order.".

Especially the final sentence is explicit:

    
    
         But the level of secrecy around the current legal    
         procedures undermines the freedoms we all cherish.
    

Am I reading this wrong?

------
CoryG89
This just looks like it was crafted from the same template as Mark
Zuckerberg's response! Very worrying coming from Page and Zuckerberg, (and I
hear other CEOs) like this at the exact same time. I just hope there really
isn't a man behind the curtain pulling the strings of such powerful figures in
technology today.

------
jmadsen
At some point, I think - perhaps this is only wishful thinking, but I do think
it nonetheless - someone from one of these companies will simply come out in a
TV interview and spill the beans.

Just make a big enough stir, be explicit about what threats were levied, and
tell us all. It would be impossible to prosecute them after that shitstorm.

------
bcRIPster
IDK, if the gov't has core network switch access and is sniffing all of the
packets, that's "back door" enough for my mind.

I'm wouldn't be surprised if none of these companies was involved, and it's
just a case that the NSA is simply harvesting and processing all of their
traffic for a net same result.

------
jtormey
The denials sound like a politician denying he had an affair...and in the end
it turns out to be true. PRISM at least expresses the intent of the
government, which trashes our right to privacy, probable cause,etc. The only
right to privacy these days is if you're having an abortion.

------
feverishaaron
There's some undertone about having Drummond listed as the co-author.

When the chief legal officer co-authors a post with a ceo, it means that each
word has been carefully chosen, because each of these statements carries
serious consequences if they get it wrong.

------
7952
Couldn't a huge amount of metadata be gleaned by just monitoring the size,
disposition, and timing of encrypted traffic. That sort of information would
only be useful to government and would give them the ability to deny
everything.

------
anonymousab
Sure thing, Larry. So you won't be afraid to swear as such under oath nor sign
a contract stipulating multibillion dollar penalties should this in any way
prove to be a lie or deception, right?

------
kineticfocus
Hopefully all this spurs more transparency like Larry suggests. We're
certainly on the wrong side of a slippery slope right now. -(says a Canuck who
has to deal with this stuff to)

------
glesica
I assume the government would require them to deny involvement, just like
companies aren't (weren't?) allowed to discuss NSLs. Consequently, I view the
denials as meaningless.

~~~
bskap
So then what could these companies do to convince you, short of giving you
physical access to all of their datacenters and shell access to all of their
servers?

~~~
glesica
Nothing, that's the problem. What needs to happen is for these programs to be
brought in to the sunlight and for Congress to make it explicitly legal for
people to discuss them, regardless of any previous prohibition. Then I might
be able to believe a denial, or at least accept it as meaningful.

------
TheOsiris
"Second, we provide user data to governments only in accordance with the law"

Well, now I feel better. Oh wait, PRISM is technically legal since it's
supposedly authorized by the senate?

------
cLeEOGPw
If these companies truly were innocent they would immediately sue press for
slander. The fact that they all posted a denial that are all exactly same
worded says everything imo.

------
pgrote
If Google is forced to turn over data to the government, but precluded from
discussing it due to national security laws then the denial really doesn't
mean anything. Right?

------
mattbarrie
Qualified statement "direct". Of course they are not providing "direct" access
to production servers. What about "copies"?

------
pkfrank
I trust Google more than the U.S. Gov't.

Who's lying? Confused?

~~~
cdash
If you don't trust the government how can you trust google in a situation like
this?

------
grandalf
[https://news.ycombinator.com/item?id=5838921](https://news.ycombinator.com/item?id=5838921)

------
randomfool
"Second, we provide user data to governments only in accordance with the law."

Would be much better if this were "only when required to by law".

------
vijayr
Does anyone care, outside of tech circles? Most people don't seem to care,
even though they understand what's happening

------
Fuzzwah
I had to chuckle at Mr Page using the "royal we":

"As Google’s CEO and Chief Legal Officer, we wanted you to have the facts."

------
EGreg
Is it just me or did the personal statements by Larry Page and Mark Zuckerberg
have similar format and language?

~~~
aayala
indeed, very similar like a government script ...

------
dude3
Google gave the Chinese gov direct access that's how they got hacked.

------
washedup
It is very possible that Google is lying or, at best, bending the truth.

------
jchimney
Maybe the larger point is that they don't need permission

------
cloudwizard
A nice $10M donation to the EFF would help me believe him.

------
achalkley
Drafted at Bilderberg 2013

------
akilism
yeah but what about Google's Irish branch?

------
yarou
principiis obsta et respice finem

------
dontbelieveit
I have a completely different take on this.

While something along the general lines of 'Prism' probably exists, in
aggregate, across different NSA programs, I believe the presentation slides
are fake and were created / leaked by the executive branch.

Here's my reasoning:

The Slides \----------

Who is the audience????

Who were these slides prepared for? Who is the target audience? If real, the
information is obviously very, very sensitive- so it follows that the original
audience would have been very, very high level.

But who at that high of a level needs this type of explanation for a project
that started years ago?? It reads more like something you would create for
someone that has never heard of it. Doesn't make sense.

Slide Design

Gee- nice of the creator to put the logos of each of the companies at the top
of the slide- of every slide. Which leads me to ask...

Where are the rest of the slides?

Was it only a 4 slide presentation? Who gives super-high level presentations
with only 4 slides? If there were more than 4 slides, were the company logos
across the top of EVERY page? Does that even make sense?

It's also interesting that the 4 slides present such a simple, easy to
understand story line- it reads like the target audience is a school tour -
not super-secret-high-level-officials-(hearing about it for the first time).

Prism Logo

Who made the logo? The NSA graphic design office? Seriously, why would a
program like that have a logo? For marketing purposes??

Prism has a web page!

From the bottom of slide 3- "Complete list and details on Prism web page: Go
PRISMFAA" A web page? Even if it's private to the NSA it's absurd.

The Political Angle (motive) \----------------------------

IRS - Big Government Story

The IRS / Tea Party story was looking very, very bad for the administration.
It's one thing for Republicans / Libertarians to say big government is bad -
you play that off as partisan politics. The average person goes about their
day.

The IRS is different- EVERYONE deals with the IRS. The narrative was a simple
one - IRS abuses power to attack political enemies. That scares people- pretty
much everyone.

The Obama administration is all about big government - they don't see it as a
bad thing. They believe government is in a unique position to help people. If
the electorate turns against 'big government', whatever agenda Obama has for
the next 3 year would be finished. The IRS story is a very big deal.

Incredibly Savvy Political Operators

The Obama political team is a force to be reckoned with. Between incredible
political savvy and incredible data analysis, they have taken the political
game to an entirely new level. They are very, very good.

How does one 'fix' this problem? A tried and true solution is for a bigger
story to come along and eclipse the 'problem' story. In the Wag The Dog world,
you would start a war. But that's just a movie.

What would be a perfect story? How about a story that simultaneously eclipses
the IRS story, while blurring the big government issue?

That's just what happened. The NSA story is at an abstract level the same as
the IRS story- it's about big government run amok. However, by rolling the two
together Obama can claim 'security' as a trump card. It only really applies to
the NSA part of the story - but the press isn't big on subtle distinctions, so
no worries there.

Timing

Is it a coincidence the Washington Post broke the story just as the evening
news was starting on the West Coast? IE - the end of the day's news cycle?
That gives a full day for the press to roll the IRS stories up and for the
President to make a presidential statement about security. Sum it all up on
the evening news and gee - look at that - it's Friday. Time for a summer
weekend.

Denials \-------

All the firms listed in the slide presentation header have denied the story.
Yes the language they used is very similar but at the same time it is the same
language used by the press ("direct access"). The denials sound pretty
believable to me. Even if Larry Page were under some gag order, I doubt he'd
say something along the lines of 'I've never heard of it.' I think he'd follow
the letter of the law (gag order), but not the spirit.

This is a long post - and my first post (long time lurker though).

In a nutshell:

The slide presentation looks very 'Made for TV' The timing is SUPER
convenient.

Thoughts?

------
andyl
Larry Page: "the U.S. government does not have direct access"

Apple: "We do not provide any government agency with direct access"

Facebook: "We do not provide any government organization with direct access"

Yahoo: "We do not provide the government with direct access"

Remarkably consistent - as if it was coordinated, or scripted by an
attorney...

~~~
gridscomputing
It's not "direct" access, it's access through a one-way live xml feed

~~~
venomsnake
Please ... it will be binary format. Even the government isn't so wasteful to
transmit data as xml. And if it did you could easily find where the servers
were located by the 5 nuclear power plants needed to power such parsing.

~~~
bifrost
I hate to tell you this, but the government has never been concerned enough
with overhead to not use something like XML. Frankly its probably tab
deliminated ASCII. We'd be lucky to see a binary protocol.

------
onecommentonly
A few thoughts: It's unlikely that he cannot deny or admit giving data to NSA
/FBI, because he both admitted and denied, albeit with weasel words. No
"backdoor" and "no direct access" but maybe from the front door and indirect
access :). I _suspect_ that NSA has live access to Google /FB / MS for certain
cases, tracking every online move for certain individuals. That's why it costs
just $20 million, maybe they created a portal from which they track Person A
going from site to site, what he searches for, who he calls, and what he
types.

Larry smells the end of his company's "trust us with all your data...all your
life on cloud...search while logged in...visit pages with Google
Analytics...it's secure" etc. etc etc. While NSA might not catalog everything
you do, Google does and everything is there for NSA's and FBI's asking. The
more information Google and Facebook (to pick two of the largest) have stored,
the worst it is for us. They know EVERYTHING about pages you visit, how long
you stay there, what you searched for, what places you went to (Android) what
you emailed, foods you liked, what your ordered from ebay, and so on. A
treasure trove for NSA, a nightmare for us.

Start thinking! Stay logged out of Google and FB, use hosts file, Ghostery etc
to block and make NSA's and FBI's life as hard as possible.

What's good for Google is good for NSA, but not necessarily for you. NSA would
love Google Now, wouldn't they?

------
T3RMINATED
If Google is not part of PRISM where is the lawsuit for damaging the image of
Google and putting their Trademark in a document that is fake a lie... Where
is that slander, PR lawsuit? Google you have billions, if its not true file a
lawsuit we will believe you then.

------
LekkoscPiwa
> Second, we provide user data to governments only in accordance with the law.

Great! So if the law - namely the Patriot Act - states the Government has the
authority to spy on all your users emails, your legal team reviews it, says
it's ok according to the law and you cooperate. Is that how it works?

