
Google, Facebook, Microsoft And Apple Deny Participation In NSA PRISM - TheFullStack
http://techcrunch.com/2013/06/06/google-facebook-apple-deny-participation-in-nsa-prism-program/
======
downandout
These denials have been refuted by the Director of National Intelligence.

[http://www.dni.gov/index.php/newsroom/press-
releases/191-pre...](http://www.dni.gov/index.php/newsroom/press-
releases/191-press-releases-2013/869-dni-statement-on-activities-authorized-
under-section-702-of-fisa)

[http://www.dni.gov/index.php/newsroom/press-
releases/191-pre...](http://www.dni.gov/index.php/newsroom/press-
releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-
disclosures-of-classified-information)

The program exists. Each and every company lied. They may have been Bill
Clinton-esque, "legally accurate" lies, but make no mistake: they
intentionally lied.

~~~
dragonwriter
Neither of these refutes the PRISM denials. One is about the Verizon court
order story, which (while thematically related) is not directly relevant, the
other seems intended to be refer to the PRISM stories in the Post and
Guardian, but seems to be an attempt to characterize the program referred to
in the story as being _radically different_ than either what the story
describes or what the providers have denied, so it cannot be a refutation of
the denials.

~~~
downandout
Wrong, read them. They refer broadly to both the Washington Post article
(PRISM) and the Guardian article regarding "collection of communications".

~~~
dragonwriter
I did; one refers explicity to the Guardian article on the Verizon wireless
FISA order, the other refers to supposed Guardian and Washington Post articles
referring to data collection under Section 702 of FISA, and accuses the
articles of misrepresenting basically everything about that collection.
Neither the Post nor the Guardian article abouut PRISM actually says anything
about data collection under Section 702 of FISA, and, even if it did, the DNI
press release claims everything substantive about the article is wrong, and
doesn't in any way refute the denials by the providers (which deny peripheral
elements of the story and aren't, actually -- as I address in other posts in
the thread -- actually denials of the substance of the stories, anyway.)

------
adventured
This is pretty simple: if they got to AT&T and Verizon, it's crazy to think
they wouldn't get Google / Microsoft / Facebook / Apple.

Apple has recently been the world's largest company, and has nearly half the
US smart phone market.

Microsoft still has a practical monopoly in desktop operating systems (and
combined with Apple they cover 98% or so of the market). Also, Microsoft was
already leashed by the Feds via anti-trust. Once you're under their heel,
there's no going back.

Google, well, comeon... they're a data wet dream. Ditto Facebook. One has a
near monopoly in search, and develops the most popular mobile operating system
(reaching almost a billion users), the other has a monopoly in social
(particularly the kind of social where Joe Smith uses it every day).

For all intents and purposes, once a company gets as big as these guys, they
become government/corporate entities, no longer strictly corporate in nature.
Much like Boeing or Bank of America or GE or Exxon. The intermingling is
impossible to avoid at their size. And in fact, the Feds would never allow you
to remain very distant at such size, too many lobbyists and too much money and
power is in play.

And while we're at it, let's remember the close ties to the Obama
Administration that some of these companies enjoy. Hardly far-fetched to
imagine them cooperating with continuously expanding espionage programs,
particularly even more so when they like the administration in power (I would
say it's plausible even that companies would be less likely to fight if they
thought highly of an administration; personal political bias clouding
judgment, how many have fallen for the Obama campaign charm?).

------
dragonwriter
These are all denials of things around the periphery of the PRISM issue like
inferred details of the mechanisms by which the data is gathered, and none of
them are denials of the core of what supposedly is happening under PRISM in
terms of the scope of user data that has been collected by the NSA.

If you look at the "denials", they all only deny one or more of the following
things: 1\. That the government has direct access to the providers systems,
2\. That customer information is provided to the government outside of what
the provider believes is legally required, 3\. That customer information is
turned over to the government without a court order.

Lets start with the "direct access" piece, because this appears to be a common
inference as to how the broad scope of information at issue is provided to the
government, but the "direct access" characterization seems to be at odds with
the slide titled "PRISM Collection Details" in the presentation that is the
source of the accusations. That slide strongly suggests that there is a
distinct _collection_ of data that is available for NSA users, varying in
content by provider.

The idea that it is a "voluntary program" or one outside of a process
dependent on court orders isn't inconsistent with anything that has been made
public from the source documents, but it doesn't seem to be demanded by them,
either. What is clear from the documents (assuming their authenticity and
accuracy) and the direct characterizations of them (rather than what are
clearly inferences and not direct characterizations) provided in the coverage
is that different providers were brought into the program at different times,
and that the program involves some form of "cooperation" by the providers --
but none of that implies that it is voluntary or doesn't involve court orders
of some kind (perhaps, specifically, FISA warrants)-- and that from each
provider the collection of data is limited to a provider-specific list of
particular kinds of data, and that the data is provided to the NSA directly
from the companies servers (but the "direct access" rather than direct
provision thing appears to be an inference from the direct provision, rather
than itself a direct characterization.)

In fact, the recently revealed broad Verizon FISA warrant suggests exactly how
this could have been achieved with FISA warrants -- instead of being dates on
which a negotiated agreement was reached with each provider, the dates the
providers are listed as being brought into the program could be the dates on
which a broad FISA warrant (similar to the Verizon one, but specifying
different data) was issued mandating collection of specified data from the
specified provider. The providers could then _honestly_ deny participation in
a voluntary program, or providing direct access to their servers, or providing
customer information without a court order -- they could even honestly _not_
know that the FISA warrant they were served was part of a broader program
directed at wide range of providers. Such a warrant could specify directly (or
make timeliness requirements that make this the only way to comply) that the
data be provided by being _fed_ to the NSA from the companies servers, without
providing the NSA _access_ to the servers.

IOW, _every_ _word_ of the denials could be literally true, with the substance
of the story -- that the NSA is being fed the vast array of customer data
described in the stories about PRISM and can access data from that collection
freely at will -- being true at the same time, the only things that are in
conflict between the story and the denials are peripheral inferences and
implications about the mechanism that appear in the story (such as "direct
access" or the absence of court orders or other compulsory process.)

~~~
kvb
To me the presence or absence of court orders is absolutely a substantive
distinction, as is the question of whether information is requested for only a
limited subset of customers or for all (or a significant fraction of)
customers.

~~~
dragonwriter
> To me the presence or absence of court orders is absolutely a substantive
> distinction

Its perhaps a substantive distinction in terms of the culpability of the
providers, but its not (IMO) a substantive distinction in terms of the abuse
of surveillance by the government if the scope of information collected is as
broad as described in the story. PRISM is just as bad if it is done via broad
FISA court orders of the type of the Verizon order as if it is done without a
court order.

> as is the question of whether information is requested for only a limited
> subset of customers or for all (or a significant fraction of) customers.

While the providers have denied providing information as part of a "voluntary
program" or "without court orders", none have addressed the _scope_ or
_breadth_ of information, so, while that may be an important distinction, its
not one that is _addressed_ by the denials at all.

------
whiddershins
So the Washington Post "leak" was disinformation to distract everyone from the
Verizon phone records story?

Karl Rove was alleged to have done something similar during one of Bush's
campaigns: Leak a false version of a true story (I believe it was his draft
avoidance, but I can't remember ...) and then provide documentation which
discredits the inaccurate version, so no publication was willing to cover the
story later, regardless of facts.

Is that what's going on here?

------
sixothree
Doesn't FISA order them to not disclose such practices?

~~~
mortehu
A company cannot say with great accuracy how many NSLs they receive[1], but
Google has this page, covering summaries of various types of requests:

<https://www.google.com/transparencyreport/userdatarequests/>

1\. "You'll notice that we're reporting numerical ranges rather than exact
numbers. This is to address concerns raised by the FBI, Justice Department and
other agencies that releasing exact numbers might reveal information about
investigations." --
[http://googlepublicpolicy.blogspot.com/2013/03/transparency-...](http://googlepublicpolicy.blogspot.com/2013/03/transparency-
report-shedding-more-light.html)

~~~
psbp
Wouldn't PRISM mean these data request reports are completely fabricated?

~~~
dragonwriter
No, because the NSA directly collecting the information under PRISM doesn't
mean that the FBI won't also be issuing NSLs, under more specific
justification, for information that the NSA already happens to have.

Just because the NSA has it doesn't mean the FBI has access to it.

~~~
psbp
Still doesn't seem very transparent. It's kind of like saying that I didn't
drink any alcohol today, but I might be doing an undisclosed amount of
drinking with my friend Ned. Kind of defeats the purpose.

------
artpop
The terseness of each of these all but confirms it.

~~~
kvb
So you'd be more likely to believe them if they were verbose? Most of them are
fairly direct denials. That's not to say that they're necessarily true, but
they don't seem like especially weasely statements.

~~~
dragonwriter
I'd be more likely to believe that the substance of the story wasn't true if
they denied the substance (the scope of information provided), rather than
peripheral inferences made in the story about the procedure and mechanics by
which the information gets to the NSA.

Given the actual denials, I will assume that, at a minimum, everything about
the story that they _didn't_ deny -- that is, the scope of the customer data
which has been provided by those providers to the NSA -- is implicitly
confirmed, and that the (mostly irrelevant) details they have denied are in
doubt.

~~~
Terretta
What's wrong with the media in the U.S. is that they let these finely parsed
denials stand, reporting them verbatim or worse summarizing as "the companies
deny it".

We need press that is capable of communicating the grey areas as you did in
your top comment here, ideally in a way the masses can grok.

------
mallrs
Everybody is reading way too much into this. They were all issued "gag orders"
which say "You will never disclose in any such way the existence of this
operation". These orders also specify "If this operation is ever leaked into
to public awareness you will outright deny knowledge and participation of said
operation".

They are legally forced to do this.

------
jw_
Well, I suppose that settles that.

------
mariusz331
they are awfully specific about what they don't do.

"direct access"...

~~~
epistasis
"Direct access" is the specific accusation that has been leveled at them. For
example, the Guardian is using the headline "NSA has direct access to tech
giants' systems for user data, secret files reveal" on their front page, and
the phrase "direct access" is used three times in their story. [1]

I think that everybody assumes that they already comply with court orders for
information from individual accounts. The direct access is what is new and
shocking.

[1] [http://www.guardian.co.uk/world/2013/jun/06/us-tech-
giants-n...](http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-
data?guni=Network%20front:network-
front%20main-2%20Special%20trail:Network%20front%20-%20special%20trail:Position1)

~~~
jeremyjh
Yes but there are plausible ways to deny "direct access" that do not
inconvenience the USG. They just need something they can point to to defend
this statement, they don't actually have to have any meaningful obstruction.

------
1morepassword
No, there's really nothing suspicious about the almost instant complete mass
denial.

It sometimes takes _months_ for these companies to come up with a full public
statement on any privacy scandal. The process of getting hold of the people
with enough clearance to be able to deny alone takes time. Let alone ensure
that the statement is approved by senior management and legal.

Usually the best statement you can get within 24 hours is "we're taking these
allegations very seriously and are looking into it".

This very much feels like a scripted response to an anticipated scenario.

~~~
dragonwriter
> No, there's really nothing suspicious about the almost instant complete mass
> denial.

True, because there was no "complete mass denial". There were very focussed,
specific denials from different providers of certain procedural and mechanical
claims (that they provided customer information as part of a "voluntary
program" or without court orders or that they provided government officials
direct access to the providers servers to access customer information), but no
denials of the central allegation, that each of the providers has been
providing the government with a collection of information for their entire
customer base and that that information gets pushed into the government
collection directly from the providers servers.

