

Google Takeout means something else in light of PRISM - onosendai
https://rachelbythebay.com/w/2013/06/07/takeout/

======
jacquesm
Let's all do a blogpost on PRISM and see how many eyeballs we can get.

Google takeout most likely has nothing whatsoever to do with PRISM or any
other NSA programme, why go through a clunky one-user-at-a-time batch process
when you can be comfortably sitting right where the action is, where updates
are incremental and where information is available when it happens instead of
when you ask for it.

Push over pull any day for the NSA and the likes.

~~~
chmars
User data export features as they have been common recently – Facebook und
Twitter for example offer similar features as Google Takeout – could without
any doubt be used to export data for all kind of other 'users'.

NSA might tap every single bit of communication worldwide but getting
structured data for users of specific interest directly from Google etc. is
still much easier.

~~~
jacquesm
Except that in the case of google they have said that they only do that on a
person-by-person basis, and that PRISM is apparently a wholesale affair.

There just simply is no tie-in between google checkout and PRISM as the
article alleges as far as I can see.

------
sentenza
I am kind of surprised how many people on HN try to downplay the PRISM thing.
The recent revelations and controversy directly affect the business prospects
of any US firm that stores data.

A couple of months ago I was on an education business fair in Germany and the
first thing I heared at the booth of many data-handling businesses was: "We
don't store anything in the United States. All our servers are in
Europe/Germany."

I now wonder if next year, some will advertise that they don't even have a US
subsidiary and are thus not under US jurisdiction.

~~~
realo
That, exactly.

Google, Apple, Facebook and friends go to great lengths to evade taxes. When
it comes to tax matters, those companies have no hesitation to use all the
tricks available to a trans-national company. And they pay very smart people
to invent schemes that ensure a maximum amount of money is kept out of the US
IRS hands.

If Google, Facebook and friends were truly serious about protecting their
users' privacy, they would. They would pay very smart people to invent schemes
that ensure a maximum amount of user data is kept out of the US NSA hands.

But they don't.

~~~
smtddr
It's one thing to have a bankaccount in the Netherlands, that's easy. A whole
data-center? A data-center with all the infrastructure to support it and
employees and it still needs to be fast enough that we can't see a slowdown
from moving it out of USA? That's a different undertaking.

~~~
aiiane
Google actually has many data centers outside the US (in addition to those it
has inside the US).

~~~
smtddr
Yeah I know. To do what the parent comment is asking, there can't be any US
data-centers. That's not realistic.

------
Udo
Exporting every account on a daily basis can't possible work for Google _or_
the government. To be scalable and useful, and to meet the "no direct access
to our servers" mantra, they would instead need for Google to replicate all
database updates straight onto the NSA servers.

That's no small feat, and it certainly requires explicit engineering effort,
but it's not a hugely complex undertaking either. Maybe the infrastructure of
Takeout can _also_ be used to do that, but the data transmission itself would
have to work differently. Again, I believe it has to be basically a data pipe
that replicates every user action, probably in real time.

~~~
leoc
I'm not aware of a good reason to think that Google sends all user data for
everyone (or even all non-US-citizens) pre-emptively (or at all) to the NSA.
The Takeout system is doubtless used to comply with FISA requests targeted at
specific individuals, but it's not at all news that Google receives and
accedes to such requests fairly routinely.

The three questions which remain open are 1) just how many individuals are
getting FISAed - and has it gone up sharply thanks to the shiny new
infrastructure for streamlining the request process? 2) do the FISA requests
being acceded to now also include "broad sweep[s] for intelligence" in
addition to those "specific orders about individuals" which the Internet
companies have acknowledged (and which everyone knew about already) and 3) to
what extent are the CEOs still fully aware of the nature and extent of the
FISA inquiries now that the nice semi-automated processes are in place?

~~~
Udo
PRISM means that internet companies like Google will be free from future FISA
and NSL headaches, and so they can even truthfully say that they haven't
received any requests.

~~~
danso
But Google said it denies taking part in PRISM...that denial could be a lie,
but nothing so far has substantiated that.

The NYT article that so incensed Michael Arrington, for example, exclusively
refers to the FISA procedure, which Google has more or less already admitted
that they comply with (lawyered requests for specific individual/groups data).

The only part of the NYT article that sounds like the alarming scenario
outlined in the PowerPoint slides is this:

[http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html?pagewanted=2&hp)

> _In one recent instance, the National Security Agency sent an agent to a
> tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer
> representing the company said. The agent installed government-developed
> software on the company’s server and remained at the site for several weeks
> to download data to an agency laptop_

There's no mention that the company here is Google and there's really no
reason to believe that it is Google (in this instance)...I mean, because if it
was, then the procedure described here has vast implications about Google's
software stack that would seem untenable for a company with Google's kind of
infrastructure

(It's possible that the procedure described here is inaccurate, as it is third
hand, but that only underscores the vagueness of this whole thing)

~~~
leoc
> But Google said it denies taking part in PRISM

Did it really? It seems that PRISM is the software support etc. to semi-
automate the FISA procedure at the Internet companies. Google claimed never to
have heard the term 'PRISM' but that could easily be true-but-insignificant.

(It's possible that the "PRISM" name is _also_ being used by the NSA to cover
old-fashioned wiretapping of emails etc., but that wouldn't involve the
Internet companies as opposed to ISPs.)

~~~
danso
Well, yes, really, insomuch as can be expressed in typical human language:

> _> First, we have not joined any program that would give the U.S.
> government—or any other government—direct access to our servers. Indeed, the
> U.S. government does not have direct access or a “back door” to the
> information stored in our data centers. We had not heard of a program called
> PRISM until yesterday._

That's a broad flat out denial. And in my opinion, it includes such options as
reserving an omni-admin account for the government, and if such an arrangement
exists, then Larry Page should be pilloried for issuing a lie. But until such
an arrangement can be shown (and why couldn't it? If there's a NSA official
who can leak about it successfully, why is it impossible to imagine that
google has at least one such conscientious objector?), it seems a little
unfair and counter productive to judge Google with inescapable circular logic.

~~~
leoc
But that's perfectly compatible with them being in PRISM. It seems PRISM is
indeed _not_ a backdoor or a means of direct access for the US Government, but
is a conduit for FISA requests to be approved by Google's (and other firms')
lawyers. They hadn't heard the term "PRISM" but that's because the US
"intelligence community" hadn't used it to them when discussing the system.

------
lazyjones
Good points - other things that mean something else in this light is the
realname enforcing policy and the unification of Google accounts (that we got
Google+ to blame for exclusively so far). Taking it further, I wonder what the
information that Google's personalized search is based on, can be used for. It
must be a good summary of your habits, interests etc., right?

------
sdfjkl
Same goes for the Google Apps Email Audit API[1]. Heck, it even lets you set
up keyword queries that get automatically copied to your spy inbox.

[1] [https://developers.google.com/google-apps/email-
audit&#x2F](https://developers.google.com/google-apps/email-audit&#x2F);

------
ynniv
Yep, Facebook has the same thing, which was also pitched as altruistic.

[https://www.facebook.com/help/?page=116481065103985](https://www.facebook.com/help/?page=116481065103985)

~~~
myko
And by all rational accounts, is altruistic.

------
jerrya
Home Depot sells shovels.

Sometimes bad guys kill people and use the shovels from Home Depot to bury the
bodies.

There was this really great Zombie movie from 1985, Return of the Living Dead,
that took place in a funeral home. I'm not going to give any spoilers, but you
really need to see it.

Shovels mean something else in light of this discovery. Sorry Home Depot, I
think your shovels have been co-opted.

------
brown9-2
Even in the absence of this specific Takeout tool, Google would need a way to
comply with legal requests for a user's data across all of their various
systems.

What is more likely than not is that the majority of employees at Google have
no idea how the surveillance system that Google would need to have worked and
were ignorant that it existed.

------
yarou
I think the Palantir link is the most plausible, it's startling to see how
many companies utilize their technologies (mine does, under the premise of
being "AML-compliant"). The end goal of these cretins is to chain men with
invisible, digital shackles.

------
mtgx
When this came out, I remembered about that whole "you can never really delete
your Facebook account, or the data from Facebook's server" situation. The
whole NSA thing could also be one of the reasons why you can not.

Oh, and you can't delete your Skype account either. Not even in the UI.

~~~
alan_cx
I wonder if deactivating one's FB account triggers a copy to be sent to the
NSA? The "Logic" being a panicked user trying to cover tracks.

~~~
mtgx
I wouldn't be shocked if that happened. There was some other leak a while ago
saying that FBI thinks you're "suspicious" if you don't have a Facebook
account. That's the world we live in now.

