Washington Post Quietly Backtrcks On Claim That Tech Companies Knowingly Gave NSA Data, As Denials Get Stronger

from the hmmm dept

Fri, Jun 7th 2013 3:20pm — Mike Masnick

The Next Web is noting that the Washington Post has quietly backtracked on its original claim that tech companies "participated knowingly" in the PRISM spying program. And, at the same time, some of the denials appear to be getting stronger. Google's CEO, Larry Page, posted a blog post with the interesting title, What the ...?:

First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.

Mark Zuckberberg has now posted a similar denial to Facebook:

Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.

When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.

Some have pointed out that these claims can still be read carefully to mean that other forms of data access potentially did happen, though some of the direct claims are pretty strong. It's also noteworthy that Page and Zuckerberg seem to mimic each other's word usage. Furthermore, it does seem odd that the President more or less confirmed the existence of the program, which all these tech companies are denying. Does that mean that something else is going on? Is the NSA doing this without letting the companies know? It's certainly unclear at this point, but it's going to come out eventually.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: knowingly, larry page, mark zuckerberg, prism, surveillance, tech companies
Companies: facebook, google

47 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

This comment has been flagged by the community. Click here to show it

out_of_the_blue, 7 Jun 2013 @ 3:33pm

HA! Supports that it's an intentional leak!
To reveal yet wind up with a lame "WELL, actually, they're only spying a LITTLE..."

But no, kids, Google really does spy on you 24/7/365, and IS a front for the NSA.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 3:40pm
  
  Re: HA! Supports that it's an intentional leak!
  not a front for the nsa, but the more the goverment demands they hand over data the less it matters
  [ link to this | view in chronology ]
- Automatic Grammatizator, 7 Jun 2013 @ 3:45pm
  
  Re: HA! Supports that it's an intentional leak!
  Sheesh, I can easily see your Googlely eyes rolling around when you bark like that.
  [ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 3:58pm
  
  Re: HA! Supports that it's an intentional leak!
  You know you can just, like, not use Google, right?
  [ link to this | view in chronology ]
  - art guerrilla (profile), 9 Jun 2013 @ 5:48am
    
    Re: Re: HA! Supports that it's an intentional leak!
    no, even bing uses google...
    hee hee hee
    ho ho ho
    ha ha ha
    ak ak ak
    [ link to this | view in chronology ]
Spin and Bullshit, 7 Jun 2013 @ 3:37pm

I'll believe every word John Steele has ever said before I believe even the smallest part of the spin and bullshit coming from these tech companies.
[ link to this | view in chronology ]
- Anonymous Coward, 8 Jun 2013 @ 6:39am
  
  Re:
  You probably believe Alex Jones too
  [ link to this | view in chronology ]
PRMan, 7 Jun 2013 @ 3:42pm

"We will continue fighting aggressively to keep your information safe and secure." - Facebook

Please, stop. After Obama's "we want to dialog but only if you stop leaking", I don't think I can take any more of this belly-laughter. My stomach hurts.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 4:57pm
  
  Re:
  Perhaps some roughage would help. Some popcorn?
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 Jun 2013 @ 5:28pm
    
    Re: Re:
    As I said before... Welcome to the next Watergate.
    [ link to this | view in chronology ]
  - Anonymous Anonymous Coward, 7 Jun 2013 @ 7:39pm
    
    Re: Re:
    Prunes. Massive amounts of prunes. Then Kaopectate. A future standard masochists mixture. Or maybe past.
    
    /what a relief it is
    [ link to this | view in chronology ]
Look at the name, 7 Jun 2013 @ 3:43pm

They are using PRISM in the sense of a beam-splitting prism as well as an acronym. All data going to or from the tech company is copied to the NSA disks in real time. NSA can then send the tech companies special data requests on top of that.
[ link to this | view in chronology ]
- Anonymous Coward, 8 Jun 2013 @ 6:40am
  
  Re:
  Prism is simply Nyan Cat shitting your data
  [ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2013 @ 3:45pm

How would a program this large have gone on for so long without ANYBODY in any of these companies noticing something was up. It just doesn't seem feasible from a logical perspective that the US government was able to access and store all this data on a continual basis without ever screwing up and setting off some alarm bells.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 3:47pm
  
  Re:
  This is of course meant only in the sense of a backdoor being used and not perhaps getting access to the data before it gets to the company and after it leaves.
  [ link to this | view in chronology ]
- anonymouse, 8 Jun 2013 @ 5:00am
  
  Re:
  Seriously....a Small black box copying the data streams from Google servers or Facebook servers or even twitter is all that is needed, damn the sites would not even know they were being bled dry of all the details of their members.
  
  That being said i am sure the NSA could easily get the internet businesses to install a few black boxes to grab data anywhere it is entered. I would not be surprised if every message sent via gmail was redirected to the nsa servers for backup and analysis.
  And with having everyone involved sign a document declaring they would be charged with major crimes if they mentioned it to anyone i understand them standing up and claiming no such thing exists.
  [ link to this | view in chronology ]
Androgynous Cowherd, 7 Jun 2013 @ 3:57pm

What about...
...their ISPs and whoever they outsource the storage of their offsite backups to? Have they received any broad orders to allow traffic sniffing or to supply copies of data?

If it's their ISPs, anyone using HTTPS Everywhere and https with google, facebook, and the like is not exposed through their use of those sites -- unless the ISPs are running MITM attacks on HTTPS traffic, which would be a very big deal in its own right.

If it's their backups, well, the government's seeing pretty much everything, though maybe as it was a week or so ago.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 4:24pm
  
  Re: What about...
  I honestly don't think that the NSA is doing a MITM attack live. Look at what is already out there with Mark Klein's account of a passive splitter. It's far less intrusive to download flows, and do crypto analysis on them then to try and insert yourself in the middle.
  
  As far as Google, Facebook, etc, they have already stated that proper government subpoenas would be obeyed, and it's well known that all information is archived. So by following these shitty laws that have been enacted, they can legally get the information without much trouble.
  [ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 4:50pm
  
  Re: What about...
  Couple of points, here:
  
  Firstly, you're assuming that the NSA hasn't somehow compromised the SSL certificates for the various sites. If they somehow got hold of the private keys for the certificates, they'd be able to decrypt the traffic without needing to run MITM. Given the NSA's brief, trying to covertly grab copies of major sites' private SSL keys would seem like a logical and (relatively) easy step.
  
  Secondly, if you look at the leaked powerpoint slides, you'll notice that they talk about communications flowing "into and through" the US. To me, this suggests that they're tapping the major network hubs, rather than the endpoint ISPs. Tapping into Google's ISP would only get them traffic heading "into" Google; tapping all the dark fiber hubs would give them everything "into" and "through". That's a truly absurd amount of data to mine, but any implementation of PRISM would require sifting absurd amounts of data.
  
  So, my guess is that they're tapping the super-fast, massive routers in the backbone, rather than tapping into individual ISPs. It's a huge amount of data, but it would be relatively easy to filter that data based on source/destination IP. If they've also compromised the SSL certificates, and I'm willing to bet that they have, they could then read everything sent to or from the compromised sites regardless of whether or not it used HTTPS. Done right, the companies they were tapping wouldn't even know about it.
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 Jun 2013 @ 5:18pm
    
    Re: Re: What about...
    Here's the thing, they don't even talk about costs. In order to do this surveillance, you are talking about top notch technology. I'm a network engineer, so I would say you would probably need a Cisco CRS-3 with 100Gbps modules, the modules themselves are about $70k, let alone the cost of the CRS-3, the servers to carry the load to separate traffic, and the amount of man hours spent to analyze and actually know how to set up the system.
    http://www.costcentral.com/proddetail/Cisco_CRS_3_1_Port_100_Gigabit_Ethernet_Interface_Mod ule/1X100GBE/11806624/
    Divide that up to the amount of DCs that Mark Klein stated and we are talking probably billions of dollars, to catch the one in a billion transaction that occurs every second of which we can almost guarantee there will be stuffed missed.
    [ link to this | view in chronology ]
    - Hothmonster, 7 Jun 2013 @ 7:32pm
      
      Re: Re: Re: What about...
      I'm sure you get a discount if you buy a few hundred thousand.
      [ link to this | view in chronology ]
- Anonymous Anonymous Coward, 7 Jun 2013 @ 8:10pm
  
  Re: What about...
  Does the government even use ISP's? It seems to me they could reserve some IP addresses and connect directly themselves. Never having done this myself, I may be missing some equipment or 'permissions', but those are easily dealt with.
  
  Imagine the 'governments ISP' being part of the cache and outing ***** Departments commo traffic, and that getting hacked to Wikileaks, or their replacement.
  
  That is a possible unintended consequence that I foresee. These databases getting hacked, and all our stuff either just out there or, maybe worse, quietly and nefariously used (and I don't mean by Google or any other legitimate company, however scummy some of them may be).
  
  The government will learn, along with the rest of us, if you want it kept private, don't put a network card, CD or DVD writer, or USP port, or Floppy drive, or Blue-tooth or whatever else I have forgotten in the computer.
  
  Then turn it on only when necessary, and then only in a cave deep in the mountains, way outside of Cellphone range, wrapped in a tent of 30 layer heavy duty aluminum foil, with noise canceling equipment NOT tuned to the diesel generator, with all entrances and air ducts covered by covert teams of ex-special forces commandos from private contractors that don't recognize the rule of law and have probable deniablilty, with your anti-intrusion waves emanating from the mountaintop...
  
  :end thought stream
  [ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2013 @ 3:59pm

It's certainly unclear at this point, but it's going to come out eventually.

Much of this information has been out for years, as this story from 2007 shows.

And just like when the floodgates were thrown wide back then, I doubt little will be done about it this time either because, like most other problems we face today, too many people will blame one party or another. Not enough people are willing to concede that BOTH parties are broken and corrupt at this point.
[ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2013 @ 4:00pm

Ether way, the cat's out of the bag.

Question is what will result from it?

But I do know that Senator Darell was right.

We. Are. Pissed.
[ link to this | view in chronology ]
Jay (profile), 7 Jun 2013 @ 4:00pm

Didn't Google and the NSA have an alliance?
[ link to this | view in chronology ]
- aldestrawk (profile), 7 Jun 2013 @ 4:19pm
  
  Re:
  The NSA wears two hats: 1) to collect signal intelligence on foreign governments and individuals and 2) protecting the communications of US government, business, and citizens as well as general computer security stuff. For example, a secure linux version was developed by the NSA. Ostensibly, Google's arrangement with the NSA was to help investigate the Aurora attack and help secure Google's servers against further security breaches. Although, you never know if the NSA is keeping it's other hat in their back pocket.
  [ link to this | view in chronology ]
- Anonymous Coward, 7 Jun 2013 @ 4:52pm
  
  Re:
  The CEO of Google, Eric Schmidt[sp?] gave Obama a butt load (or should I say a google load) of money during his campaign and received a nice cushy job with the government in exchange.
  He became some top dog adviser on Science and Technology.
  
  Pretty transparent to me when you look at things at face value.
  [ link to this | view in chronology ]
AG Wright (profile), 7 Jun 2013 @ 4:02pm

How could it happen?
Simple there have been rumors that NSA has a direct link to AT&T servers/routers for at least ten years.
Is it true? I certainly don't know, don't really want to know to tell the truth.
[ link to this | view in chronology ]
- weneedhelp - not signed in, 7 Jun 2013 @ 7:03pm
  
  Re: How could it happen?
  Not rumor... fact.
  https://www.youtube.com/watch?v=e9WStvRc0rQ
  https://www.youtube.com/watch?v=qy3eOCkLVaw
  [ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2013 @ 4:11pm

As commentators are suggesting over on Hacker News, the CEO's could be intentionally mimicking each other as a passive way to show that they are under gag-order and are being forced to deny any involvement.
[ link to this | view in chronology ]
Tom Williams, 7 Jun 2013 @ 4:24pm

I call bullshit on Zuckerberg
because I have personally witnessed a state parole department employee logging into a custom facebook page where they could view private information from parolees accounts. The employee also searched for, identified, and inspected facebook accounts that were tied to parolees but which the parolees had hidden from them and which they had no prior knowledge of. I was told that Facebook has several ways of linking the unknown and often private accounts together (ip address, cookies, etc.) and that the parole department had full ability to search and access accounts based on that. The only restrictions placed on the parole department employees was that there was an audit trail and that they were forbidden to look at accounts other than those known, found, or suspected to be tied to their parolees. If state parole departments have this ability then I'm quite sure that state police departments and federal government agencies have it and perhaps more.
[ link to this | view in chronology ]
- aldestrawk (profile), 7 Jun 2013 @ 4:48pm
  
  Re: I call bullshit on Zuckerberg
  That is interesting, but I don't believe it extends, in general, to other law enforcement activities. Some parolees, no doubt, have agreed, as part of their parole, to have their social media accounts monitored. Neither IP address or cookies alone will identify an alternate account as belonging to the parolee, so they had better be pretty damn sure their not accessing the account of someone else. I would like to know the grimy details of how hidden account access takes place. Another troubling aspect is that friends of the parolee have lost some privacy here. This could be considered similar to the case where law enforcement has the right to search a car if one of the passengers, even a hitch hiker, is a parolee.
  [ link to this | view in chronology ]
aldestrawk (profile), 7 Jun 2013 @ 4:36pm

the next web got it wrong
This interview today with one of the authors of the WP article, Barton Gellman, completely refutes thenextweb's interpretation.

http://www.washingtonpost.com/video/thefold/nsa-leak-source-believes-exposure-con sequences-inevitable/2013/06/07/fb15c0fe-cf94-11e2-8845-d970ccb04497_video.html?hpid=z1
[ link to this | view in chronology ]
- WP "held back quite a bit from this story"!!!!!!!, 7 Jun 2013 @ 5:13pm
  
  Re: the next web got it wrong
  In this video interview with the Wash Post reporter, he says the Post self-censored "quite a bit" (i.e., a whole lot) of this story. The phrase "Tip of the Iceberg" was emphasized as well. The WP reporter also calls bullshit on the tech company spin, evasion, bob & weave, weasel dance, etc...
  [ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2013 @ 4:39pm

If Congress had any balls...
...they would subpoena all of them. NSA staff, White House staff, tech company CEOs, CTOs, engineers, NOC operators, anybody and everybody with a plausible hand in this.

If any decline to appear: send armed federal marshalls after them and drag them into Congress, in chains.

The hearing should be fully open to the public. It should last as long as is necessary. (Congress isn't really doing anything else useful, anyway.)

If any decline to answer questions, they should be found in contempt of Congress and locked in a cell until they answer or die.

The American people deserve to know, down to the last detail, exactly what's going on here, who's responsible, and whether what we used to call "our laws" have been broken.
[ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2013 @ 4:42pm

Give Full Access to the Public
The NSA should be required to turn over all data and control of PRISM to the public so that we will be able to see exactly what they did. It appears beyond a reasonable suspicion that they have broken the law. All information surrounding it should be used as evidence. The public should also be given access to all phone, email and internet usage records of congress, the executive branch and the courts in order to determine their involvement and to determine if laws were broken and rights were infringed upon.

Unless of course you do not believe in truth and freedom.
[ link to this | view in chronology ]
FM Hilton, 7 Jun 2013 @ 5:29pm

Another batch of denials?
Sure, FB is not allowing the government to look at user information, nor is Google. They deny having given them access to user records.

They don't have to. All the Government has to do is go on the net themselves, log into Google or FB and there is the data.

Then they can screen capture all of the relevant information and there you go!

Handy dandy way to deny plausibility.

Hey, if it works for potential or present employers, it should work for the NSA, right?
[ link to this | view in chronology ]
OldMugwump (profile), 7 Jun 2013 @ 5:31pm

Who are you going to believe?
I'm tempted to say "Who are you going to believe - Page and Zuckerberg or Obama and the NSA?".

But this is an odd one. Altho the government obviously lies all the time, and tech CEOs usually don't, what motive does the POTUS have for admitting that spying is going on, if it isn't?

All I can think of is this - Obama really thinks the techs are cooperating, but they're not. The NSA has infiltrated moles inside Yahoo, Google, etc. The moles are (illegally) supplying NSA with access. The NSA tells the executive branch that the techs are cooperating (per the leaked slides - tho it's not true), in order to cover up the source of the intelligence.

If so - the leaked slides are falsely claiming to the "users" of the intelligence that the data comes from the techs - when in fact it comes from moles without the tech's management's knowledge.

Imagine you're an infrastructure manager with Apple or Google - would you hire some bright young thing with A++ recommendations from their previous employer - the NSA? Sure you would...

If this is it, it's a far bigger scandal than anything revealed so far.
[ link to this | view in chronology ]
weneedhelp - not signed in, 7 Jun 2013 @ 5:34pm

BS artists
"First, we have not joined any program that would give the U.S. government" No mention of being compelled.

"Second, we provide user data to governments only in accordance with the law." See above.

"Our legal team reviews each and every request" - And provided me with this "denial" speech.

"Any suggestion that Google is disclosing information about our users� Internet activity on such a scale is completely false. " - We only gave them the records of 45 million. (Sticks out tongue)
[ link to this | view in chronology ]
Violated (profile), 7 Jun 2013 @ 5:35pm

Damage
All I read about this is damage control. Such claims of having the NSA root though all their data can be economically very damaging for the tech companies involved.

The US Administration likes to have a plan for every eventually so here they are running their mandated damage avoidance plan in a scheme that is extremely carefully worded to remain legally truthful without revealing anything about the real truth.

You may notice that nowhere in their denial do they demand that the FBI/NSA should explain themselves. So just imagine the worst option possible and remain extremely skeptical.
[ link to this | view in chronology ]
mvario (profile), 7 Jun 2013 @ 8:30pm

From looking at the denial, and reading some messages around the web from insiders, the impression I'm getting is that the involvement of these Internet corporations has primarily been surrendering copies of their SSL certs to the NSA.
[ link to this | view in chronology ]
Suzanne Lainson (profile), 7 Jun 2013 @ 9:01pm

How to generate a PRISM denial for your company
Deny PRISM - Your company's one-stop PRISM involvement denial statement generator
[ link to this | view in chronology ]
/me, 8 Jun 2013 @ 2:09am

How about this?
Maybe they just analyse content on their servers with some special tool and send suspicious data to the NSA?
[ link to this | view in chronology ]
Anonymous Coward, 8 Jun 2013 @ 11:43am

"Backtrcks"?
[ link to this | view in chronology ]
aikiwolfie (profile), 9 Jun 2013 @ 4:03pm

Who cares?
Personally I'm less worried about being spied on than I am of the knowledge that our governments don't seem to be able to comprehend security.

Highly sensitive US military networks are apparently vulnerable to anybody with a few scrip-kiddie tools and in the UK our government can't even keep social security records on laptops safe.

I mean my god the NSA just grabbed everybody's data in a drag net to catch one or two people. Does anybody think Fox Mulder is going to be sitting there reading every single e-mail and web search? Uncaring emotionless computers will do all the grunt work.

Nobody cares you watch lesbian granny porn and pay for the privilege.

Now Google and other similar companies already track everything you do on-line. And they can't even claim it's in the interests of national security.
[ link to this | view in chronology ]
- Suzanne Lainson (profile), 9 Jun 2013 @ 4:42pm
  
  Re: Who cares?
  Nobody cares you watch lesbian granny porn and pay for the privilege.
  
  Same here. I'm not overly concerned about being caught in a dragnet because of what I do online or offline. Not only do I not do anything worth spying upon, I'm not worth the time and effort to catch me doing something.
  
  What DOES concern me is replacing one type of concentration of power with another one. The goals of Google, Facebook, and Amazon seem to be to run as much of the world through their servers as possible. I don't necessary view their power grabs as inherently better than NSA's power grab. So I don't buy the "Don't trust the US government, but do trust us" pitch that seems to come from some business folks.
  
  Basically what I see are a variety of institutions, both public and private, wanting to know everything about everyone -- because the technology allows it. However, government operations can't really do much with what most of us do day-to-day, while big companies CAN do something with (either sell us something or sell our data to someone). Therefore, the minutiae of my daily life is much more likely to come to the attention of companies like Google, Facebook, and Amazon than US security operations.
  
  As I have been saying on Techdirt for quite awhile now, I anticipate that at some point the US government will privatize all security operations and whenever there is a political flap, it will let private companies take the heat. The private companies are already collecting the data and it would be easy enough for them to flag whatever any customer (in this case the US government) wants them to flag. Want to develop profiles of gun owners who will likely become mass murderers? Done. Want to profile airline passengers? Done.
  
  Citizens are already been flagged by credit companies, insurance companies, real estate companies, etc. The government will likely buy that data for its own uses, too.
  
  Maybe at some point there will more transparency on the part of both government and private companies, fully disclosing what they are collecting, what they are doing with that data, and who has access to it.
  [ link to this | view in chronology ]
  - Suzanne Lainson (profile), 9 Jun 2013 @ 5:25pm
    
    Re: Re: Who cares?
    I'm getting caught up on my reading and just saw this.
    
    Are coders worth it?: "We like to think that because we can code, we have unprecedented leverage over the world. We decide what 15 million people will see when they follow a link. Our laptops literally get hot from the electric action we command."
    
    I perceive that attitude a lot as I read the articles about what's wrong with DC and how the tech companies know better. Yes, there's a ton wrong with DC. But I don't want one group of "we know best" to be replaced with another group of "we know best."
    
    The Silicon Valley/Davos/TED environment is more elitist, I believe, than the participants realize. And of course, the same thinking happened among previous generations. It's not new, which is the point. It's the same thinking among whoever controls the wealth and power at any given moment.
    
    Whoever is hot shit at the moment thinks they know best. Then eventually they get displaced by something. But before they get displaced, they try to hang on to what they have in the same ways as each power generation tries to hang on.
    [ link to this | view in chronology ]