Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
Ever since The Guardian and the Washington Post first revealed the existence of a top-secret NSA surveillance program known as PRISM in June, there has been a glaring question mark at the center of the documents leaked by former CIA contractor Edward Snowden: namely, how much access the spy agency has to the servers and systems of companies like Facebook (s fb), Google (s goog), Yahoo (s yhoo) and Microsoft (s msft).
All of these companies have strenuously denied that they provide any access at all, direct or indirect — but in the second half of an interview with the Guardian, released by the newspaper on Monday, Snowden maintains that PRISM gives the NSA “direct access” to company servers.
In the interview, which he did in early June with Guardian writer Glenn Greenwald and independent documentary film-maker Laura Poitras from his hideout in Hong Kong, the former CIA staffer repeats the allegations contained in the PRISM slides about tech companies willingly providing direct access to their servers — and doing so in an automated way so that they can deny any involvement:
“Companies like Google, Facebook, Apple, Microsoft — they all get together with the NSA and provide the NSA with direct access to the backends to all of the systems you use to communicate, to store your data, to put things in the cloud, and even just to send birthday wishes and keep a record of your life. And they give the NSA direct access that they don’t need to oversee, so they can’t be held liable for it.”
Identical denials from every tech company
The slides that were originally published by the Post and Guardian describe how government agents could get “data collected directly from the servers” of what the presentation called “partner” companies such as Google and Facebook. This triggered a series of almost identical denials from the companies implicated in the story, all of which maintained that there was no such “direct access” provided — and that any NSA requests or orders to provide information on users were routinely resisted and handled via other methods.
A New York Times follow-up story, based on anonymous sources — including those at companies named in the PRISM presentation — said that several of these tech giants had set up secure “lock box” or “drop box” style servers or locations where they could send data requested by the NSA, as a way of automating the process of responding to court orders under the Foreign Intelligence Surveillance Act.
This seemed to explain the denials from Apple (s aapl), Facebook and others about providing “direct access,” while still fitting the general description of the PRISM system contained in the NSA slides — suggesting that the argument over the meaning of the term “direct access” was mostly semantic. But that was before Google doubled-down on its earlier denials, both in a Wall Street Journal story and in a public question-and-answer session that Google’s chief counsel David Drummond did with The Guardian.
Someone is not telling the truth
In the Journal story, the company said that it provided data primarily via a secure FTP program, and refused to participate in any program that required it “to provide governments with access to our systems or to install their equipment on our networks.” In the Q&A session, meanwhile, Drummond said that Google was not “in cahoots” with the NSA or any other government agency, and strenuously denied that the company provided any kind of access — direct or otherwise — to its equipment, saying:
“There is no government program that Google participates in that allows the kind of access that the media originally reported… there is no free-for-all, no direct access, no indirect access, no back door, no drop-box.”
The inescapable fact is that there’s no way of squaring Drummond’s statements and Google’s other denials with Snowden’s specific claims in the video interview the Guardian just released. And it’s not just Snowden reiterating that the program involves “direct access” to servers: in annotations to several new slides from the NSA presentation, Washington Post reporter Barton Gellman said they confirmed the existence of a program that allows security agencies to tap directly into FBI-operated equipment installed on company premises.
Either Snowden and those whom Gellman has spoken to in the course of his reporting — not to mention the sources that the New York Times used for its “lock box” story — are lying about what kind of access the NSA gets to company servers, or the companies involved have repeatedly lied about their participation in the program. There is no other explanation.
Thumbnail image courtesy of Shutterstock / Lightspring