Look at the two writeups (Zuckerberg's and Page's) side by side. Each has 4 paragraphs. Each of the pairs of paragraphs addresses the same thing.
1st paragraph: we wanted to respond to these claims. 2nd paragraph: never heard of PRISM, don't give direct access. 3rd paragraph: each request goes through legal channels. 4th paragraph: encourage governments to be more transparent.
EDIT: It gets worse. Here's Apple: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."
Here's Paltalk: "We have not heard of PRISM. Paltalk exercises extreme care to protect and secure users’ data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers.”
Here's AOL: "We do not have any knowledge of the PRISM program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers."
And here's Yahoo: "We do not provide the government with direct access to our servers, systems, or network."
Microsoft refused to issue a direct denial of involvement in PRISM.
I'm not impressed. Most press releases have only a handful of paragraphs. I'd believe it was common to go over the topics of "What We're Talking About, What We Deny, What We Affirm, and How It Could Be Better."
It may look impressive that they all say they don't allow "direct access to servers", but it's hardly surprising, since the original Guardian headline was "Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook". If they didn't say that exactly, you'd be suspicious.
It may look impressive that they all say they "haven't heard of PRISM," but this is really quite a natural thing to say if it's true, and someone accuses you of being involved in the program.
Moreover, aside from the "direct access" thing, the phrases they all use are actually different. "We have not heard of PRISM" in one case, "We have never heard of PRISM" in another, "We had not heard of a program called PRISM until yesterday," in a third, and so forth. You don't have any case for funny business based on similar wording (because it isn't), and the case for contamination based on similar content would be a whole lot more impressive if that content weren't something common and expected.
On the whole, I think the similarities have plausible mundane explanations. Admittedly, I am no student of accidental plagiarism. I don't have an academic opinion on how similar or dissimilar we should expect the statements to be when ten people try to say the same thing in response to the same accusation. But that is just my point: if you want to persuade me of something so preposterous as that all of these people are following a script, you're going to have to do more than wave your hands and say, "Look, there are similarities."
Please. That's the stuff of superstition. If you want to convince me the probability of this occurring at random is low, you're going to have to dosomemath.
or all these companies are intentionally making similar press releases in hopes people will catch on that theyre being coerced into denying involvement. this way they're (assuming they have one) fulfilling their denial obligation with the NSA, yet still are protesting what they dont actually want to be doing
The real issue, IMHO, isn't whether or not the companies are participating in PRISM or any similar program – yes, it'd be problematic if they are – but yes or no, the fact that we can so easily be suspicious of our government is much, much more telling about the state of democracy and society in the United States of America. We've seen enough to be unable to trust, regardless of ground truth in this case.
If you want to see how it is really done, look at Russia - people that have money get charged with money things. You have tax audits, labor laws audits, financial compliance audits, whatever. With 2000-page laws and over 50 new federal crimes added to the statutes every year, I'm sure if you need it you can find it. I'm not saying Obama is there yet - I really hope not - but the technology is there. Nixon was impeached in part for using it, and Obama could use it too and there's some evidence it is being used here and there, even though no evidence yet it is used systematically by the highest branches of government. But it is there, and it works.
Whose to say they would pursue those charges? Why do they have to even disclose why they nabbed them? Under the PATRIOT act they can make anyone disappear without justification. Obviously if they're committing treason they could figure out any number of ways to make it happen.
...the tactic of the US government has been to attack and demonize whistleblowers as a means of distracting attention from their own exposed wrongdoing and destroying the credibility of the messenger so that everyone tunes out the message.
According to the same article:
...Obama prosecutes whistlelblowers at double the number of all previous presidents COMBINED
The US government could easily and expertly discredit any whistleblower CEO with trumped-up tax evasion charges.
Most press releases have only a handful of paragraphs
Are you surprised? High profile figures are going to want their statements to say exactly what they mean to say, and no more, no less. This means vetting, and keeping it concise helps when your timeframe is "same day".
Wouldn't Occam's Razor instead suggest that since the Page statement was much earlier that Zuckerberg or whoever wrote this (probably not Mark) just copied the style of Page's statement semi-intentionally? They'd have almost certainly have read it.
It's also sad to see the immediate dismissal of alternate story lines even after this discovery.
A conspiracy was just uncovered... and we're concerned about conspiracy-theorizing? The word itself has been dragged through the mud to the point of becoming a dismissing scare tactic, it basically translates to "crazy person, crazy ideas".
Basically, if your story doesn't match the official conspiracy theory given by the government and the companies that work for it, then you must be a conspiracy theorist...
I've been called a conspiracy theorist enough, I wear it as a badge of honor now. I'm not one of these anti-vaccine, anti-gmo glenn beck style conspiracy theorist.
No, just one that accepts there is most certainly things going on behind closed doors the public is not privy to, which is all the definition a conspiracy is.
People say, "you are a conspiracy theorist" or a "tin foil hat wearer" in an attempt to discredit what you say. The government doesn't need paid goons to sleuth on the internet to defend them, their are armys of people just waiting to comment on how stupid we all are for challenging the government positions/laws. The battle is already lost in the mind of the average american.
A conspiracy doesn't have to have a common goal between all parties. What kind of bizarro logic did you use to reach that conclusion? People and companies can conspire with others against their will, you know. E.g I blackmail you in order to conspire with me to steal valuable data from your employeer, etc.
The goals are set by the NSA, and the tech companies could not care less about them. The agree to conspire (ie. help the NSA) though, because there would be other consequences if they did not. From prosecution from the government, to under the table blackmail, etc.
>Wouldn't Occam's Razor instead suggest that since the Page statement was much earlier that Zuckerberg or whoever wrote this (probably not Mark) just copied the style of Page's statement semi-intentionally? They'd have almost certainly have read it.
No, that's not Occam's Razor. That's "naive believer in government that's willing to ignore all the facts Razor".
Occam's Razor tells us that when some companies participate in a covert secret services program which is brought to light, then the secret services coordinate damage control and tell them what they are allowed to say to the press and what not.
I'm pretty sure that's it, especially given the call for 'greater transparency'.
That one is definitely optional and would not be part of any scripted response, the fact that a large number of the statements have this exact same optional closing paragraph suggests they are inspired by a common source.
The implication that there is some central figure behind this giving these companies scripts to read meets the most common flaw of governmental conspiracy theories. It requires the government to be simultaneously incredibly competent and incompetent. If the NSA was able to keep this project under wraps for so long with the number of people involved, I think they would be smart enough to at least slightly alter the words of their puppets, after all this is supposed to be the area of their expertise.
>The implication that there is some central figure behind this giving these companies scripts to read meets the most common flaw of governmental conspiracy theories. It requires the government to be simultaneously incredibly competent and incompetent.
Which is exactly what governments are.
Extreme resources, very smart people, and very idiot people, incompetent bureaucrats, messy cover-ups, all co-exist, all the time.
What did you thought they were? Incredibly competent XOR incredibly incompetent? (Only the first would be a conspiracy theory, whereas only the second would be gross underestimation).
>If the NSA was able to keep this project under wraps for so long with the number of people involved, I think they would be smart enough to at least slightly alter the words of their puppets, after all this is supposed to be the area of their expertise.
You've never seen badly (or too fast) done spin work?
Not to mention, why would the NSA care to spend too much effort to how those things were phrased?
If you think it matters, I'm afraid, you give the American public too much credit. It's not like it's gonna get suspicious by such small and peripheral signs. Listening to and accepting bad arguments, BS excuses, fake promises, and shit from politicians if what people are doing all their life.
And it's not even like they're gonna do anything about the core situation with regards to privacy. It's just the "hot topic" of the day, to be forgotten for some BS next week. You surely don't expect some kind of revolt of anything? If that was to be, it would have been at the other 20 similar media expositions or against the horrible laws that have been passed openly.
> If you think it matters, I'm afraid, you give the American public too much credit.
Not just the American public. This is blanket spying on the people of the world. Now that might sound less problematic for Americans who want to see those pesky terrorists brought to justice, but it also allows the NSA to build up profiles on everyone.
US border security is already a nightmare, god knows what they can do with this kind of information. Ever searched for torrents on Google? Your next trip to the States might be interesting.
It seems also they could be sharing this data with other national security agencies, which is where this gets really scary:
Actually, no, "every other country is" NOT "spying on every other country".
You think Belgium or France or Poland spies on US citizens phone-calls and Google/FB? Inside the US?
As for "Nobody gives a shit if your torrented a movie", first, we're not talking about Joe Average, that downloads GoT in rural Idaho. We're talking about people that matter to society: writers, investigative journalists, dissidents, hackers, activists, etc. They cared very much what A. Swartz did, for example.
Second, even normal people, downloading a "torrented movie" have been hit with huge fines by RIAA.
We've had this same conspiracy appear a number of times.
It isn't chance that their statements look similar: You can be absolutely sure that each looked to the other for some sort of direction, and once that came they followed the leader simply because it makes sense.
Even excluding that, really how many variations could there possibly be? Someone said you did something illegal. Say "no I didn't do something illegal, and everything I have done has been above the board and transparent". Do the same thing to twenty people and you would get remarkably similar statements, because a response can only come in so many forms.
You're wrong, it does not require that they be incredibly competent, not in the least.
It requires that they coordinated with the companies PR departments in the process of setting up the program. The companies asked: what if the shit hits the fan, or this comes out in the public, what do we say? And the government had a simple, boilerplate answer for it.
You wouldn't even have to work with the PR dept, just one single person. Either a special rep in PR for government matters, or just the CEO himself. It would take 5 minutes to put together a generalized script for the CEO to follow in the event this hit the public news.
This (the PR response) would be extraordinarily easy to coordinate, and it would take just one conversation at the point the program was signed on to by the companies.
And when this all became public, the company could also easily then call up the US Government and ask them what to do (and more than likely, the NSA could call them and tell them what to do).
Let me be more clear. The part that requires competence is everything up to the leak. Given the scope, keeping this quiet is no small task. It isn't just keeping the people who know about this from talking. It is also preventing other people from finding out. Depending the way they theoretically got this data, that could stretch from keeping this hidden directly in the code base at Facebook to hiding huge amounts of traffic emanating from Facebook's data centers. Remember a lot of these tech companies helped recognize and locate likely Chinese sponsored government hackers in the past. If someone is doing something they aren't supposed to, a lot of people are going to find out about it.
The part that requires incompetence is everything that has happened today. The NSA's job is intelligence. They are the experts in connecting dots, reading between the lines, seeing how random events might be a sign of something bigger, and whatever other cliches you want to throw in here. Yet they are an organization that doesn't know that having people reading from nearly identical scripts will make people think they are reading from nearly identically scripts?
> Given the scope, keeping this quiet is no small task.
Rumors of widespread data collection -- even specifically by the NSA -- from many of the providers at issue have surfaced many times, what was new recently is the same (or substantially similar) bits of documentary evidence substantiating and connecting those rumors.
So, to all appearances, it may not really have been "kept quiet" up until the recent leak, it was just that the information that got out before wasn't as well-supported and therefore hard to dismiss.
It's not difficult to keep something quiet when the consequences are that you violate national security and go to prison.
Senator Wyden has openly talked about how he wanted to say something about these programs, and even now he can't reveal details of what's going on because it would violate national security and he'd probably be put in prison or at the least removed from Congress.
The overall fact that the NSA has been reading our email, tracking us on Facebook, tapping our phones, etc. has not been kept quiet. Exact details are far more difficult to come by, even now those are classified. The IRS was talking about their right to read our email four years ago. The IRS has no known infrastructure to pull that off, it's clear they were talking about NSA or FBI programs.
As someone else noted, the government is very frequently both competent and incompetent when performing tasks or running programs. There's nothing unusual about that, you see it throughout the government bureaucracy. Sometimes they pull off impressive feats that you only read about decades later, and other times they're Nixon trying to cover up Watergate.
>Senator Wyden has openly talked about how he wanted to say something about these programs, and even now he can't reveal details of what's going on because it would violate national security and he'd probably be put in prison or at the least removed from Congress.
Which is complete bullshit of course. Mike Gravel anyone?
| The IRS was talking about their right to read our
| email four years ago. The IRS has no known
| infrastructure to pull that off, it's clear they
| were talking about NSA or FBI programs.
I seem to remember that this was about their ability to just walk up to Google and request someone's emails without a warrant of any sort. There's no implication that it has to be related to some NSA or FBI program. Assuming that the NSA has every email ever written in storage, I doubt that they would coordinate with something as 'mundane' as IRS tax collection. They are a spy agency after all, and their purview is National Security.
Basically, yes - its been confirmed that they have a shit-ton of traffic to reddit from Eglin, and the rumor is the HBGary scandal is related to this as they do a lot of online "sentiment shaping" from there.
It's actually quite conceivable that there was a first-line response memo crafted by a NSA/government official, that was sent out to the companies in question. What the NSA might not have expected is that the receivers decided to stick to the template so closely.
It's even possible that the companies coordinated their press releases for the very purpose of raising questions. We shouldn't assume they are all isolated from one another. It's far more likely that there is some form of communication going on between them, or at least between the high officials.
In essence, this looks very much like a coordinated effort to rebel against a gag order without actually crossing the line and putting oneself in jeopardy. Read between the lines.
PG made a post on Twitter about the Yahoo and Apple quotes being similar, but I initially thought it were probably due to the way the journalist asked the question. The similarity between these two does suggest something else is happening.
Many people are going to jump to the conclusion that it's because they were following the same broad script, but another possibility is that they want people to notice the similarities and become more upset about PRISM.
You don't get to be CEO unless you can learn to lie & keep secrets.
OTOH, I'm more skeptical about the implementation side. Have you ever set up a feed between two different organizations that needs to transmit a massive amount of data in real-time? It's an immensely complicated undertaking requiring a whole team on both sides, with managers, engineers, techwriters, QA, and support staff. It seems a little unbelievable to me that one of them wouldn't spill the beans, particularly if asked to participate in a morally-questionable program.
Yeah, there is very little chance of CEOs leaking. The obligation they feel most is their obligation to the interests of their company. It definitely wouldn't be in a company's interests to rebel against the government of the country in which the company is headquartered.
Implementation side would definitely be very difficult, but you could screen the candidates for those who are sympathetic toward it. Ensure they understand how important it is that the program stays secret. Keep retention high, and perhaps even have some ongoing benefits for any employees who do churn but were part of the program. It definitely wouldn't be easy, but I think it is doable.
With a technical field, though, you have the added constraint that you need people who are familiar with the technology involved. At the low-level infrastructure level of a company like Google or Facebook, that might number in the dozens-to-hundreds - not exactly a huge pool to choose from, particularly when implementation will require quite a few people. And you need someone to do the choosing who can both be trusted by the government and knows all the people with the relevant technical skills.
There's also the issue of how to hide the source code (to my knowledge, both Google and Facebook use one source repository for the whole company, to which virtually everyone has access). This can be gotten around - I'm sure that there are private repositories off to the side that you could use to build a binary - but this is yet another integration point that could be discovered. (Eg. some SRE notices that network bandwidth is high for a DC, traces it to a machine, notices the machine is consuming a large amount of CPU, gets root and runs 'top', and suddenly notices an unknown process siphoning off all data. At this point, how could they not assume their network is being attacked - because that's really what this is, the U.S. government hacking into the company's DCs - and pull the alarm? So all the SREs, abuse teams, internal security, etc. would have to be briefed, which is small compared to the whole company but still a huge surface area for a top-secret project.)
I agree, and this is the exact same reason why 9/11 conspiracy theorists have such a weak argument: of the 535 representatives in Congress, NOT ONE spoke up and said it was an inside job? Or any of their interns, assistants, etc.
Someone correct me if I'm wrong, but you can admit to a gag order being placed on you. As in, FB and Google would be totally entitled to say "there is a gag order preventing us from going into this". So they don't need to convey anything.
Aha. Thank you for citing a source on this one. I still wonder though, if your involvement has been directly leaked, whether you are able to confirm the existence of it. I suppose it wouldn't be a course of action any lawyer recommends.
> Someone correct me if I'm wrong, but you can admit to a gag order being placed on you.
At least sometimes that it is the case, though I don't know if it generally is.
If you have been authorized to have access to classified information, such as (if one accepts the authenticity of the presentation that the Guardian and WaPo have reported on) even the existence of PRISM, on the other hand, there are fairly substantial legal consequences to unauthorized divulgence of that information, and those consequences don't necessarily go away because someone else gave out the information first.
That doesn't seem likely to me. If you want to let the truth be known, but you feel so much under the gun that you issue not just a minimum-compliance false statement but a fulsome one under your own name, would you really feel safe contacting a bunch of other Silicon Valley CEOs to co-ordinate such a subtle but intentional secret message?
Sure: it seems possible that these statements are co-ordinated, but instead of being false or deceptive statements co-ordinated by a three-letter agency they're truthful or largely truthful statements co-ordinated by the tech companies' PR departments, and the close similarities are designed to amplify a message the companies agreed among themselves. Of course, under the circumstances the similarity looks suspicious, but it seems possible that could be an unintentional blunder rather than a genuine sign of guilt.
Actually they wouldn't necessarily need to coordinate. If Google posted first and Zuck wanted to cause this phenomena, the facebook post just needs to mirror the Google one. No communication with Google required.
We could go one deeper and consider the possibility that they wanted us to think that they were trying to signal something to us with the similar statements so they would have our goodwill. I feel like Lawrence Pritchard Waterhouse.
I call convergent evolution on this one. A convex optimization problem. It's the simplest explanation. They need a broadly accessible response, so that gives like what 2000 words? By the time you account for the various pits of contradiction, handwash to some sufficiently nebulous concept of indirect access; all while the government breathes down your back, the outraged crowd bustles for explanations and a gaggle of lawyers dog your every step like a herd of bumper cars, you have basically 6 or 7 words left in your vocabulary and only one way to string them into a sentence. Before proceeding to inflate into paragraphs from a very limited palette of legalese sanctioned fluff.
The collusion/double speak/poppeteering or game theoretic layered messaging within a secretly orchestrated gag conspiracy are plausible but I'd prefer to wait for more evidence before I accept Facebook and Google are complicit or prisoners to that. That doesn't mean I think they are either of them blindingly righteous beacons of morality (or even chipped and dulled pyrite morality for that matter), just that the implications of the scenario (democracy canceled xor executives willfully distorting the donut of truth into a mug) are hard to believe.
It's definitely not coincidence, but it's important to keep an open mind about all the possibilities.
Participating with government requests doesn't make these companies any money. It must be a major drag, actually. It involves lawyers, tech people, and trying to strike an uncomfortable balance between user trust and trying to persuade a court that a request should be denied.
This might be because they've been given a script, but it might also be because they chose to copy each other. They could copy each other out of not wanting to be "the odd one out." Any company that puts out a statement much different from the others risks being trusted less than the others. They could copy each other because they want people to jump to the conclusion that the government gave them a script (even if they didn't) so that people get more pissed than they already are.
As others have pointed out, the similarity could also be because the PR/lawyer response to this is so cookie cutter. I think the "not wanting to be the odd one out" would be the #1 mundane reason, though.
I looked at these very carefully and slowly, looking for signs of shared authorship or template structure, and the only structures I could find were those practically dictated.
This being said, if you read it more closely what they say is actually quite a bit more damning. Read closely, the denial is actually entirely nonsensical.
Both deny involvement in "PRISM" but both then go on to mistakenly identify PRISM with the Verizon order. Page says he learned about it when Greenwald broke the story (Greenwald broke the Verizon story, the Washington Post broke the PRISM story). Zucherberg similarly talks about metadata significantly.
In essence it is a bait and switch. Sort of like "I wasn't at work yesterday. I can show this because I didn't go on vacation."
The Norwegians have a story called "Good day fellow. Ax handle" which would be a fair summary of what is going on here. The story is about an old deaf ferryman who is deep in debt and left all alone to face the bailiff. So he thinks about all the questions he will face and answers he will give, but when the bailiff comes to ask directions to the inn, he gives answers that are entirely humorous.
"Where is your wife?" asked the bailiff (hoping to find someone less confused).
"I am going to tar her. She's lying down on the beach, cracked up at both ends." Replied the ferryman (thinking he was being asked about his boat).
This is the first thing I noticed. It really scares me as well. I put more of my trust in Google, and perhaps even Facebook then I place in the Gov. or the phone companies and others. However, these definitely look like they are created from the same template. Very worrying coming from Page and Zuckerberg like this at the exact same time. I just hope there really isn't a man behind the curtain pulling the strings of such powerful figures in technology today.
I hope someone can find out if possibly these CEOs met yesterday. Perhaps they decided to try and come up with a uniform and consistent way to respond to this situation, and there wasn't some external source actually able to tell them all what to say. If there is not some kind of explanation such as this I am going to have to rethink how much trust I can have in such huge companies with no real clue about who is really controlling the show.
In any case of accidental exposure of a covert government operation involving many such parties, there would be instructions how to handle the media.
Those could be known in advance (at least for some cases), or they would get a call in case of emergency with instructions on what they are allowed to reveal and how to say it.
It's not different than what would happen at a multinational if there was some embarrassing incident related to one branch (e.g a costly in human lives accident). The legal/marketing team would reach to each branch pronto, with instructions what to say to the media. So, if the media get the manager of the, say, Canadian, branch, he would say more or less what the manager of the German branch would tell to his media.
The only "ludicrous" thing is your misplaced scepticism -- as if things thing isn't both obvious and something that's standard practice to media handling from entities of any scale...
More likely would be that the NSA (or whoever) gave all the involved companies the same standard talking points, either in the past few hours/days or years ago when each company "joined" the program, and each company loosely paraphrased those same talking points. Having all the companies issue the same denial at the same time was probably not anticipated, so they didn't coordinate with each other to avoid sounding like they're all parroting the same talking points.
I think that explanation strikes an appropriate balance of competence and incompetence.
It's not ludicrous at all that the companies were given basic PR instruction when they signed on, in the case of being asked about the program. In fact, that's exactly what would occur.
What's ludicruous is thinking the Feds are tapping every major telecom provider, but wouldn't do the same to Facebook / Google / Apple / Microsoft. These companies are collectively vastly more important than AT&T and Verizon, worth about a cool trillion dollars, and now make-up a huge portion of the data infrastructure for American consumers.
A spy is given instructions in case of interrogation by the enemy. Why wouldn't a $250 billion corporation be given instruction in case one of the largest spying systems in history hits the public news? It's absurd to think they wouldn't be.
Isn't a possibility just that they are using the same PR template, or that one looked at the other as they were responding? They are remarkably similar, but if you were the PR person at a company isn't that exactly what you would say as well?
Those responses are eery close, and both Zuckerberg's and Page responses do not address a key question: Do their companies run queries over users data to answer questions that the state are willing to pay/force to get?
The value of the data inside Facebook would actually go down if it was transfer out of Facebook. Its much better if Facebook themselves would run the query (like they normally do with advertisement), and provide the NSA with either a summery or webbugs/custom code in form of targeted images (advertisement) sent to those NSA is interested about.
Copying massive data would not just be logistically hard, it would need to be constantly updated. The simplest answer is that "direct access" simply mean NSA provided queries that google/facebook run at "request". No need for backdoors.
This phrase 'direct access' -- I wouldn't assume, if there exists something like PRISM, that it would have 'direct access' to anybody's servers. More likely, the data would be given from a company TO PRISM.
You could even argue that an API would not be 'direct access'
Maybe the official responses by these major companies were about the same event were all reviewed by corporate lawyers who all hone in on very similar language and addressable points because it's a tricky statement to make and there are few ways to make it correctly?
I feel these statements are for the fans of these companies that want to hear it to believe it and quick to dismiss it.
Personally: I got in trouble with Google in 08' and yet I still use their products even assuming that I am probably monitored or easily creating a gov profile that can easily be subpoenaed (or given just b/c they may not like me).
I think all companies followed the government supplied script on purpose. To alert public that it was a govt supplied script and that they still have gag orders. They expected people to see a pattern - this is the best that they could do, given the handcuffs they are wearing.
First thing I noticed was really the fact that it took these companies so long to put these statements out there, in Mark's case less than an hour ago as of the time of this posting.
Personally, if someone accused my company of giving customer data to the government, and a large segment of my users believed these claims, then I would switch to damage control mode and send a statement out within 6 hours at the most.
Then again, I suppose if you sent out a statement too soon, then people might think that you knew in advance about the leak.
Well, anyway, the weirdness I observed pales in comparison to the odd coincidence you discovered.
That was my initial reaction as well. The "we never heard of PRISM" line is particularly interesting. Varizon stuff that was leaked mentioned a clause that they can't talk about it so I'm assuming that's the reason.