Washington Post Quietly Backtrcks On Claim That Tech Companies Knowingly Gave NSA Data, As Denials Get Stronger
from the hmmm dept
The Next Web is noting that the Washington Post has quietly backtracked on its original claim that tech companies “participated knowingly” in the PRISM spying program. And, at the same time, some of the denials appear to be getting stronger. Google’s CEO, Larry Page, posted a blog post with the interesting title, What the …?:
First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.
Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
Mark Zuckberberg has now posted a similar denial to Facebook:
Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.
Some have pointed out that these claims can still be read carefully to mean that other forms of data access potentially did happen, though some of the direct claims are pretty strong. It’s also noteworthy that Page and Zuckerberg seem to mimic each other’s word usage. Furthermore, it does seem odd that the President more or less confirmed the existence of the program, which all these tech companies are denying. Does that mean that something else is going on? Is the NSA doing this without letting the companies know? It’s certainly unclear at this point, but it’s going to come out eventually.
Filed Under: knowingly, larry page, mark zuckerberg, prism, surveillance, tech companies
Companies: facebook, google
Comments on “Washington Post Quietly Backtrcks On Claim That Tech Companies Knowingly Gave NSA Data, As Denials Get Stronger”
HA! Supports that it's an intentional leak!
To reveal yet wind up with a lame “WELL, actually, they’re only spying a LITTLE…”
But no, kids, Google really does spy on you 24/7/365, and IS a front for the NSA.
Re: HA! Supports that it's an intentional leak!
not a front for the nsa, but the more the goverment demands they hand over data the less it matters
Re: HA! Supports that it's an intentional leak!
Sheesh, I can easily see your Googlely eyes rolling around when you bark like that.
Re: HA! Supports that it's an intentional leak!
You know you can just, like, not use Google, right?
Re: Re: HA! Supports that it's an intentional leak!
no, even bing uses google…
hee hee hee
ho ho ho
ha ha ha
ak ak ak
I’ll believe every word John Steele has ever said before I believe even the smallest part of the spin and bullshit coming from these tech companies.
Re: Re:
You probably believe Alex Jones too
“We will continue fighting aggressively to keep your information safe and secure.” – Facebook
Please, stop. After Obama’s “we want to dialog but only if you stop leaking”, I don’t think I can take any more of this belly-laughter. My stomach hurts.
Re: Re:
Perhaps some roughage would help. Some popcorn?
Re: Re: Re:
As I said before… Welcome to the next Watergate.
Re: Re: Re:
Prunes. Massive amounts of prunes. Then Kaopectate. A future standard masochists mixture. Or maybe past.
/what a relief it is
They are using PRISM in the sense of a beam-splitting prism as well as an acronym. All data going to or from the tech company is copied to the NSA disks in real time. NSA can then send the tech companies special data requests on top of that.
Re: Re:
Prism is simply Nyan Cat shitting your data
How would a program this large have gone on for so long without ANYBODY in any of these companies noticing something was up. It just doesn’t seem feasible from a logical perspective that the US government was able to access and store all this data on a continual basis without ever screwing up and setting off some alarm bells.
Re: Re:
This is of course meant only in the sense of a backdoor being used and not perhaps getting access to the data before it gets to the company and after it leaves.
Re: Re:
Seriously….a Small black box copying the data streams from Google servers or Facebook servers or even twitter is all that is needed, damn the sites would not even know they were being bled dry of all the details of their members.
That being said i am sure the NSA could easily get the internet businesses to install a few black boxes to grab data anywhere it is entered. I would not be surprised if every message sent via gmail was redirected to the nsa servers for backup and analysis.
And with having everyone involved sign a document declaring they would be charged with major crimes if they mentioned it to anyone i understand them standing up and claiming no such thing exists.
What about...
…their ISPs and whoever they outsource the storage of their offsite backups to? Have they received any broad orders to allow traffic sniffing or to supply copies of data?
If it’s their ISPs, anyone using HTTPS Everywhere and https with google, facebook, and the like is not exposed through their use of those sites — unless the ISPs are running MITM attacks on HTTPS traffic, which would be a very big deal in its own right.
If it’s their backups, well, the government’s seeing pretty much everything, though maybe as it was a week or so ago.
Re: What about...
I honestly don’t think that the NSA is doing a MITM attack live. Look at what is already out there with Mark Klein’s account of a passive splitter. It’s far less intrusive to download flows, and do crypto analysis on them then to try and insert yourself in the middle.
As far as Google, Facebook, etc, they have already stated that proper government subpoenas would be obeyed, and it’s well known that all information is archived. So by following these shitty laws that have been enacted, they can legally get the information without much trouble.
Re: What about...
Couple of points, here:
Firstly, you’re assuming that the NSA hasn’t somehow compromised the SSL certificates for the various sites. If they somehow got hold of the private keys for the certificates, they’d be able to decrypt the traffic without needing to run MITM. Given the NSA’s brief, trying to covertly grab copies of major sites’ private SSL keys would seem like a logical and (relatively) easy step.
Secondly, if you look at the leaked powerpoint slides, you’ll notice that they talk about communications flowing “into and through” the US. To me, this suggests that they’re tapping the major network hubs, rather than the endpoint ISPs. Tapping into Google’s ISP would only get them traffic heading “into” Google; tapping all the dark fiber hubs would give them everything “into” and “through”. That’s a truly absurd amount of data to mine, but any implementation of PRISM would require sifting absurd amounts of data.
So, my guess is that they’re tapping the super-fast, massive routers in the backbone, rather than tapping into individual ISPs. It’s a huge amount of data, but it would be relatively easy to filter that data based on source/destination IP. If they’ve also compromised the SSL certificates, and I’m willing to bet that they have, they could then read everything sent to or from the compromised sites regardless of whether or not it used HTTPS. Done right, the companies they were tapping wouldn’t even know about it.
Re: Re: What about...
Here’s the thing, they don’t even talk about costs. In order to do this surveillance, you are talking about top notch technology. I’m a network engineer, so I would say you would probably need a Cisco CRS-3 with 100Gbps modules, the modules themselves are about $70k, let alone the cost of the CRS-3, the servers to carry the load to separate traffic, and the amount of man hours spent to analyze and actually know how to set up the system.
http://www.costcentral.com/proddetail/Cisco_CRS_3_1_Port_100_Gigabit_Ethernet_Interface_Module/1X100GBE/11806624/
Divide that up to the amount of DCs that Mark Klein stated and we are talking probably billions of dollars, to catch the one in a billion transaction that occurs every second of which we can almost guarantee there will be stuffed missed.
Re: Re: Re: What about...
I’m sure you get a discount if you buy a few hundred thousand.
Re: What about...
Does the government even use ISP’s? It seems to me they could reserve some IP addresses and connect directly themselves. Never having done this myself, I may be missing some equipment or ‘permissions’, but those are easily dealt with.
Imagine the ‘governments ISP’ being part of the cache and outing ***** Departments commo traffic, and that getting hacked to Wikileaks, or their replacement.
That is a possible unintended consequence that I foresee. These databases getting hacked, and all our stuff either just out there or, maybe worse, quietly and nefariously used (and I don’t mean by Google or any other legitimate company, however scummy some of them may be).
The government will learn, along with the rest of us, if you want it kept private, don’t put a network card, CD or DVD writer, or USP port, or Floppy drive, or Blue-tooth or whatever else I have forgotten in the computer.
Then turn it on only when necessary, and then only in a cave deep in the mountains, way outside of Cellphone range, wrapped in a tent of 30 layer heavy duty aluminum foil, with noise canceling equipment NOT tuned to the diesel generator, with all entrances and air ducts covered by covert teams of ex-special forces commandos from private contractors that don’t recognize the rule of law and have probable deniablilty, with your anti-intrusion waves emanating from the mountaintop…
:end thought stream
It’s certainly unclear at this point, but it’s going to come out eventually.
Much of this information has been out for years, as this story from 2007 shows.
And just like when the floodgates were thrown wide back then, I doubt little will be done about it this time either because, like most other problems we face today, too many people will blame one party or another. Not enough people are willing to concede that BOTH parties are broken and corrupt at this point.
Ether way, the cat’s out of the bag.
Question is what will result from it?
But I do know that Senator Darell was right.
We. Are. Pissed.
Didn’t Google and the NSA have an alliance?
Re: Re:
The NSA wears two hats: 1) to collect signal intelligence on foreign governments and individuals and 2) protecting the communications of US government, business, and citizens as well as general computer security stuff. For example, a secure linux version was developed by the NSA. Ostensibly, Google’s arrangement with the NSA was to help investigate the Aurora attack and help secure Google’s servers against further security breaches. Although, you never know if the NSA is keeping it’s other hat in their back pocket.
Re: Re:
The CEO of Google, Eric Schmidt[sp?] gave Obama a butt load (or should I say a google load) of money during his campaign and received a nice cushy job with the government in exchange.
He became some top dog adviser on Science and Technology.
Pretty transparent to me when you look at things at face value.
How could it happen?
Simple there have been rumors that NSA has a direct link to AT&T servers/routers for at least ten years.
Is it true? I certainly don’t know, don’t really want to know to tell the truth.
Re: How could it happen?
Not rumor… fact.
https://www.youtube.com/watch?v=e9WStvRc0rQ
https://www.youtube.com/watch?v=qy3eOCkLVaw
As commentators are suggesting over on Hacker News, the CEO’s could be intentionally mimicking each other as a passive way to show that they are under gag-order and are being forced to deny any involvement.
I call bullshit on Zuckerberg
because I have personally witnessed a state parole department employee logging into a custom facebook page where they could view private information from parolees accounts. The employee also searched for, identified, and inspected facebook accounts that were tied to parolees but which the parolees had hidden from them and which they had no prior knowledge of. I was told that Facebook has several ways of linking the unknown and often private accounts together (ip address, cookies, etc.) and that the parole department had full ability to search and access accounts based on that. The only restrictions placed on the parole department employees was that there was an audit trail and that they were forbidden to look at accounts other than those known, found, or suspected to be tied to their parolees. If state parole departments have this ability then I’m quite sure that state police departments and federal government agencies have it and perhaps more.
Re: I call bullshit on Zuckerberg
That is interesting, but I don’t believe it extends, in general, to other law enforcement activities. Some parolees, no doubt, have agreed, as part of their parole, to have their social media accounts monitored. Neither IP address or cookies alone will identify an alternate account as belonging to the parolee, so they had better be pretty damn sure their not accessing the account of someone else. I would like to know the grimy details of how hidden account access takes place. Another troubling aspect is that friends of the parolee have lost some privacy here. This could be considered similar to the case where law enforcement has the right to search a car if one of the passengers, even a hitch hiker, is a parolee.
the next web got it wrong
This interview today with one of the authors of the WP article, Barton Gellman, completely refutes thenextweb’s interpretation.
http://www.washingtonpost.com/video/thefold/nsa-leak-source-believes-exposure-consequences-inevitable/2013/06/07/fb15c0fe-cf94-11e2-8845-d970ccb04497_video.html?hpid=z1
Re: the next web got it wrong
In this video interview with the Wash Post reporter, he says the Post self-censored “quite a bit” (i.e., a whole lot) of this story. The phrase “Tip of the Iceberg” was emphasized as well. The WP reporter also calls bullshit on the tech company spin, evasion, bob & weave, weasel dance, etc…
If Congress had any balls...
…they would subpoena all of them. NSA staff, White House staff, tech company CEOs, CTOs, engineers, NOC operators, anybody and everybody with a plausible hand in this.
If any decline to appear: send armed federal marshalls after them and drag them into Congress, in chains.
The hearing should be fully open to the public. It should last as long as is necessary. (Congress isn’t really doing anything else useful, anyway.)
If any decline to answer questions, they should be found in contempt of Congress and locked in a cell until they answer or die.
The American people deserve to know, down to the last detail, exactly what’s going on here, who’s responsible, and whether what we used to call “our laws” have been broken.
Give Full Access to the Public
The NSA should be required to turn over all data and control of PRISM to the public so that we will be able to see exactly what they did. It appears beyond a reasonable suspicion that they have broken the law. All information surrounding it should be used as evidence. The public should also be given access to all phone, email and internet usage records of congress, the executive branch and the courts in order to determine their involvement and to determine if laws were broken and rights were infringed upon.
Unless of course you do not believe in truth and freedom.
Another batch of denials?
Sure, FB is not allowing the government to look at user information, nor is Google. They deny having given them access to user records.
They don’t have to. All the Government has to do is go on the net themselves, log into Google or FB and there is the data.
Then they can screen capture all of the relevant information and there you go!
Handy dandy way to deny plausibility.
Hey, if it works for potential or present employers, it should work for the NSA, right?
Who are you going to believe?
I’m tempted to say “Who are you going to believe – Page and Zuckerberg or Obama and the NSA?”.
But this is an odd one. Altho the government obviously lies all the time, and tech CEOs usually don’t, what motive does the POTUS have for admitting that spying is going on, if it isn’t?
All I can think of is this – Obama really thinks the techs are cooperating, but they’re not. The NSA has infiltrated moles inside Yahoo, Google, etc. The moles are (illegally) supplying NSA with access. The NSA tells the executive branch that the techs are cooperating (per the leaked slides – tho it’s not true), in order to cover up the source of the intelligence.
If so – the leaked slides are falsely claiming to the “users” of the intelligence that the data comes from the techs – when in fact it comes from moles without the tech’s management’s knowledge.
Imagine you’re an infrastructure manager with Apple or Google – would you hire some bright young thing with A++ recommendations from their previous employer – the NSA? Sure you would…
If this is it, it’s a far bigger scandal than anything revealed so far.
BS artists
“First, we have not joined any program that would give the U.S. government” No mention of being compelled.
“Second, we provide user data to governments only in accordance with the law.” See above.
“Our legal team reviews each and every request” – And provided me with this “denial” speech.
“Any suggestion that Google is disclosing information about our users? Internet activity on such a scale is completely false. ” – We only gave them the records of 45 million. (Sticks out tongue)
Damage
All I read about this is damage control. Such claims of having the NSA root though all their data can be economically very damaging for the tech companies involved.
The US Administration likes to have a plan for every eventually so here they are running their mandated damage avoidance plan in a scheme that is extremely carefully worded to remain legally truthful without revealing anything about the real truth.
You may notice that nowhere in their denial do they demand that the FBI/NSA should explain themselves. So just imagine the worst option possible and remain extremely skeptical.
From looking at the denial, and reading some messages around the web from insiders, the impression I’m getting is that the involvement of these Internet corporations has primarily been surrendering copies of their SSL certs to the NSA.
How to generate a PRISM denial for your company
Deny PRISM – Your company’s one-stop PRISM involvement denial statement generator
How about this?
Maybe they just analyse content on their servers with some special tool and send suspicious data to the NSA?
“Backtrcks”?
Who cares?
Personally I’m less worried about being spied on than I am of the knowledge that our governments don’t seem to be able to comprehend security.
Highly sensitive US military networks are apparently vulnerable to anybody with a few scrip-kiddie tools and in the UK our government can’t even keep social security records on laptops safe.
I mean my god the NSA just grabbed everybody’s data in a drag net to catch one or two people. Does anybody think Fox Mulder is going to be sitting there reading every single e-mail and web search? Uncaring emotionless computers will do all the grunt work.
Nobody cares you watch lesbian granny porn and pay for the privilege.
Now Google and other similar companies already track everything you do on-line. And they can’t even claim it’s in the interests of national security.
Re: Who cares?
Nobody cares you watch lesbian granny porn and pay for the privilege.
Same here. I’m not overly concerned about being caught in a dragnet because of what I do online or offline. Not only do I not do anything worth spying upon, I’m not worth the time and effort to catch me doing something.
What DOES concern me is replacing one type of concentration of power with another one. The goals of Google, Facebook, and Amazon seem to be to run as much of the world through their servers as possible. I don’t necessary view their power grabs as inherently better than NSA’s power grab. So I don’t buy the “Don’t trust the US government, but do trust us” pitch that seems to come from some business folks.
Basically what I see are a variety of institutions, both public and private, wanting to know everything about everyone — because the technology allows it. However, government operations can’t really do much with what most of us do day-to-day, while big companies CAN do something with (either sell us something or sell our data to someone). Therefore, the minutiae of my daily life is much more likely to come to the attention of companies like Google, Facebook, and Amazon than US security operations.
As I have been saying on Techdirt for quite awhile now, I anticipate that at some point the US government will privatize all security operations and whenever there is a political flap, it will let private companies take the heat. The private companies are already collecting the data and it would be easy enough for them to flag whatever any customer (in this case the US government) wants them to flag. Want to develop profiles of gun owners who will likely become mass murderers? Done. Want to profile airline passengers? Done.
Citizens are already been flagged by credit companies, insurance companies, real estate companies, etc. The government will likely buy that data for its own uses, too.
Maybe at some point there will more transparency on the part of both government and private companies, fully disclosing what they are collecting, what they are doing with that data, and who has access to it.
Re: Re: Who cares?
I’m getting caught up on my reading and just saw this.
Are coders worth it?: “We like to think that because we can code, we have unprecedented leverage over the world. We decide what 15 million people will see when they follow a link. Our laptops literally get hot from the electric action we command.”
I perceive that attitude a lot as I read the articles about what’s wrong with DC and how the tech companies know better. Yes, there’s a ton wrong with DC. But I don’t want one group of “we know best” to be replaced with another group of “we know best.”
The Silicon Valley/Davos/TED environment is more elitist, I believe, than the participants realize. And of course, the same thinking happened among previous generations. It’s not new, which is the point. It’s the same thinking among whoever controls the wealth and power at any given moment.
Whoever is hot shit at the moment thinks they know best. Then eventually they get displaced by something. But before they get displaced, they try to hang on to what they have in the same ways as each power generation tries to hang on.