Look at the two writeups (Zuckerberg's and Page's) side by side. Each has 4 paragraphs. Each of the pairs of paragraphs addresses the same thing.<p>1st paragraph: we wanted to respond to these claims. 2nd paragraph: never heard of PRISM, don't give direct access. 3rd paragraph: each request goes through legal channels. 4th paragraph: encourage governments to be more transparent.<p>Terrifying.<p>EDIT: It gets worse. Here's Apple: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."<p>Here's Paltalk: "We have not heard of PRISM. Paltalk exercises extreme care to protect and secure users’ data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers.”<p>Here's AOL: "We do not have any knowledge of the PRISM program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers."<p>And here's Yahoo: "We do not provide the government with direct access to our servers, systems, or network."<p>Microsoft refused to issue a direct denial of involvement in PRISM.
I'm now just confused. If I understand it correctly, the government has publicly acknowledged the program and tried to explain how it's "limited and legal," but extant nonetheless. Now the companies are all uniformly denying it. The options:<p>- The companies are lying.<p>- The government has infiltrated these companies and developed backdoor access the executive team is unaware of.<p>- The government is intercepting traffic en-route and doesn't need cooperation of the companies.<p>- The government is confused on their talking about about what they're confirming here and PRISM has been misinterpreted by the press.<p>#1 is possible, but implies that there exists a National Security Letter-like mechanism that can coerce this kind of public behavior. I find that unlikely but certainly not impossible; that would definitely be a concerning outcome.<p>I think #2 is unlikely. There's an interesting passage in the original Washington Post article, though, about how they want to be careful to protect the identities of the cooperating companies so as to not "damage their sources". A simple reading of this is that the companies might pull out if they're publicly exposed as cooperating. However, since they appear capable of coercing cooperating anyway, a slightly more tin-foil-hat reading is that their access is less straightforward than asking Page and Zuckerberg for help.<p>#3 is probably happening regardless of whatever cooperation the companies are providing. However, if that's the extent of PRISM I think it says interesting things about the likelihood that RSA has fallen. Is that likely? I have no idea. It wouldn't be unprecedented compared to what the NSA and its predecessors have done historically, though. It's worth noting that the NSA hasn't approved asymmetric crypto for protecting classified data. (<a href="http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography" rel="nofollow">http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography</a>)
I would like to believe these reports from Google [1] and Facebook [2], but someone is not telling the truth.<p>There is evidence that directly contradicts their stories (i.e. <i>The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers</i>. [3]).<p>Who are we to believe?<p>[1] <a href="http://googleblog.blogspot.ca/2013/06/what.html" rel="nofollow">http://googleblog.blogspot.ca/2013/06/what.html</a><p>[2] <a href="https://www.facebook.com/zuck/posts/10100828955847631" rel="nofollow">https://www.facebook.com/zuck/posts/10100828955847631</a><p>[3] <a href="http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data" rel="nofollow">http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-n...</a>
It's so creepy how Zuckerberg and Page, as well as every other CEO's responses are worded exactly the same. The same goes for Apple too. It's entirely not believable that everyone's answers would sound so similar.
> Facebook is not and has never been part of any program to give the US or any other government direct access to our servers.<p>Amazing how all them, to a company, are using the "direct access" phrase.<p>Plausible deniability for the whole world to see along with the revelation of the biggest spying operation in history.
It is remarkable how similar the two statements from Larry Page (LP) and Mark Zuckerberg (MZ) are below. The same responses worded slightly differently, and expressed in the same order:<p>LP: "...we have not joined any program that would give the U.S. government—or any other government—direct access to our servers."<p>MZ: "..Facebook is not and has never been part of any program to give the US or any other government direct access to our servers."<p>LP: "... we provide user data to governments only in accordance with the law."<p>MZ: "we... always follow the correct processes and all applicable laws."<p>LP: "...we have long believed—there needs to be a more transparent approach."<p>MZ: "We strongly encourage all governments to be much more transparent..."<p>It almost looks like they are reading from a template or script!
1. It would be nice if these statements defined "direct access to our servers". It's safe to guess that they are using the narrowest definition possible, meaning that a NSA employee can walk into the building that Facebook's servers are hosted in and log in to any server and run arbitrary commands. This is likely not what a layman's use of "direct access" would mean. The issue is whether or not the government can access whatever user data they wish provided the correct clearance or assertions.<p>2. "We hadn't even heard of PRISM before yesterday."<p>Somehow I doubt that the National Security Agency is in the habit of telling companies that they work with the names they use for projects internally.<p>3. "we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure."<p>This doesn't preclude the idea that the government accesses more Facebook user data than the general public might realize under current law. Facebook can provide large volumes of info as the PRISM slides suggest if it is indeed lawful, <i>and this statement would not be a lie</i>. It hinges on what exactly is "required by law", or more precisely, what is allowed under the current interpretation of the law.
Hmm, what I'd like to hear is tech CEOs say "the NSA does not have the private key for our SSL certs." Beam splitters are a pretty cheap buy.
> Facebook is not and has never been part of any program to give the US or any other government <i>direct access</i> to our servers.<p>> ...<p>> When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law.<p>So no back door at FB, because the front door is open to secret courts signing the secret subpoenas to do secret things.<p>Got it.
Anyone find it interesting that "direct access to servers" keeps being mentioned when PRISM could almost be an in-joke for the kind of beam-splitting tech they were already using in Room 641A (and elsewhere) - i.e. they're not touching servers, they're just siphoning off a perfect copy of all network traffic
I still find it suspicious that the previous White House press secretary, Robert Gibbs, left the White House to work at Facebook.<p>I realize that statement implies that no one from government can go into the private sector without it suddenly becoming a conspiracy theory, but in this particular case the link is especially concerning.
> to give the US or any other government direct access to our servers<p>"to give the US, or any other government, or any third party intermediary, direct or indirect access to our servers or our users' data"<p>I mean come on, I've never taken a single lesson in legal or PR and even I can see the big huge holes. They insist on direct access, they insist on servers rather than data and they insist on governments.<p>And that's not even taking into account the fact that most of those sentences are the same copy pasted text that we saw in Larry Page's message. If you want to make it sound like a personal message from the founder, maybe don't speak like a drone ...
With the creepy similarities, why do I get the feeling that it's these collective companies way of saying "Yes, they're monitoring you but we just can't say anything..."
If I were covering this story my first move would be to figure out who wrote the boilerplate version of the press release being used by all these tech companies.
Reading between the lines:<p>> Facebook is not and has never been part of any program to give the US or any other government direct access to our servers.<p>We have however set up a tap that mirrors all traffic to Facebook to NSA servers, and we've given them the certificate to decrypt that traffic.<p>> We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received.<p>Instead, we were requested to provide our SSL certificate and to install some hardware in our data center. We never handed over any data ourselves.<p>> And if we did, we would fight it aggressively.<p>Too much work to provide all that data. Best to just give them a mirrored PHY stream.<p>> We hadn't even heard of PRISM before yesterday.<p>We didn't know _what_ the program was called; they never told us, specifically for plausible deniability reasons.<p>> When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law.<p>Technically, they didn't ask for user data, they asked for a hardware interconnect and a private key.<p>> We will continue fighting aggressively to keep your information safe and secure.<p>Our lawyers made us say this. C'mon, we're Facebook, what do you expect?<p>> We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It's the only way to protect everyone's civil liberties and create the safe and free society we all want over the long term.<p>Good God, what have we done?! We're under an NSL, can't you tell that, people?!
Note how similarly worded this response is to that posted by Larry Page: <a href="http://googleblog.blogspot.com/2013/06/what.html" rel="nofollow">http://googleblog.blogspot.com/2013/06/what.html</a><p>The cynic in me wants to believe the coincidence is because Facebook has equally good lawyers as Google.
I believe, without a doubt, that both the Zuck response and the Page response were created from the same template or set of explanations. Unless all these CEOs met up together and decided how they would respond, then this seems very shady to me indeed.
Another possibility would be that PR works in fairly formulistic way. It might not be an exact science, but if asked to comment on such a subject, and you were innocent, I'm sure the following would be what you say:<p>> I have no idea what you're talking about.
> We only give access when absolutely necessary within the confines of the law.
> We're on our customers side.<p>Now some of the terms such as "direct access" are errily familiar, I'll give you that but the message being conveyed and the order it's formed woudn't be enough to suprised me on it's own and the guys working PR for these orgs are probably pretty inbred. Still, it is interesting.
I have also been skeptical of the carefully worded releases, but looking at the PRISM slides more carefully just now, nothing on them necessarily indicates that the target companies actually know what is happening. Perhaps PRISM is based on partnering with backbone providers to suck data straight off the pipe, and the "Dates When PRISM Collection Began" refer to dates when they completed software to scope out information specifically destined for or leaving the services of each "provider".<p>This is just a possibility - I tend to believe the companies are simply lying. But it is possible.
About this direct access phrase, I read a post earlier today (linked from a comment on HN but can't find it now...) that described a hypothetical system offered by facebook to intelligence agencies, this system would allow the user to search for a person and then accept a EULA before being given access to personal information. If this system were to automate the submission and acceptance of a subpoena, would the system then be classed as having given indirect access through the correct "legal channels"?
"Yeah so if you ever need info about anyone at Harvard. Just ask. I have over 4,000 emails, pictures, addresses, SNS." Asked how, he responds: "People just submitted it. I don't know why. They 'trust me.' Dumb fucks."<p><a href="http://www.newser.com/story/88716/zuckerberg-once-mocked-dumb-users-over-trust.html" rel="nofollow">http://www.newser.com/story/88716/zuckerberg-once-mocked-dum...</a>
The keyword for me here is "direct".<p>If PRISM is indeed a "prism", that is, a network-level dump, duplicate RAW of data, then there is no direct access involved.
It does seem as though these companies are trying to signal something (a la cryptonomicon), by the repeated emphasis on <i>direct</i>. That's the part that is scary - as someone else pointed out, with the right SSL keys and a copy of the bytes flowing thru a limited number of NAP's, you don't need your grubby fingers in the google/facebook datacenters. The telcom's seem quite willing to roll over...
> <i>... create the safe and free society we all want over the long term</i><p>I don't think you can have both. Freedom has to be paid for, and the only currency it'll take is blood. If we're unwilling to pay that price then I guess we won't have freedom.<p>Also, I'm not sure I'd want freedom regulated by Facebook, where bare breast in centuries old paintings are forbidden or jokes have to pass a censoring committee.
Why would you believe anything these guys have to say on this matter? For one, the government has clearly given them some kind of deniability. For two, if they were given orders under the National Security Letter program, they couldn't admit they had knowledge even if they did.<p>I don't trust Zuckerberg, I don't trust Larry Page, hell, I wouldn't trust you either if you had to respond.
Something fishy is going on... the same message, same exact words being used.<p>I'm thinking all these companies are legally being forced to give up data and provide direct access to some kind of third party company, which in turn works with the NSA.<p>It's pretty clear Google, facebook, apple, etc. can't just come out and say they're doing this. They're choosing their words very carefully.
If you want to go full conspiracy theorist, you might suggest the slide deck and capabilities were all a psy-ops tactic to persuade the real criminals to abandon using google,Facebook,apple, and all of the big corps who refused to freely hand over user data, and instead flee to smaller businesses that the government could much more easily coerce into participating...
The fact is, when you sign an agreement with the government like this you are given a 30+ page contract. Some items ALWAYS in the contract are:<p>1. If you are asked about it, you will deny it, and LIE about it. They actually tell you to lie.
2. If you break the contract you will be destroyed, and everyone you know will be destroyed.<p>Ask a senior member of the military how this stuff works.
And the plot gets thicker: <a href="http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google" rel="nofollow">http://www.theweek.co.uk/us/53475/white-house-admits-it-has-...</a><p>What to make of this in light of the companies' chorus of denials?
Hm. At this point I think I'd set better than 50% odds that the PRISM Powerpoint is a fake. Which is not to say that there's nothing to it - there could be all sorts of things behind it (the phrase 'modified limited hangout' is one that springs to mind).
I am sure that it's just a consequence of lawyers using their distinct brand of wording that leads to every single one of these denials from various CEO's and PR teams looking almost verbatim, but I do have to admit, the similarity in wording is disconcerting.
> We will continue fighting aggressively to keep your information safe and secure.<p>Is it only me, or is Mark implying that agreeing on every government request to provide data would make your information unsafe and insecure?
1, They got same press release template.
2, they all give govt indirect access to the servers, e.g. ssh.
3, relax, we Chinese have had this since day 1. You think govt can really outsmart determined people?
If read the right way the responses could still allow for direct access to all their users data through a special API. Direct access to the server itself isn't necessary to get at all the data at will.
I really seems quite strange that the statement from both facebook and google CEO's are almost exactly same thing.
If i didn't know better, i would say same person wrote them.
Dear Mr Zuckerberg,<p>Feel free to deny your company's involvement, but don't you fucking dare criticize the free press's reporting as "outrageous".<p>Thanks.
if it was direct access, didn't the years here differ - <a href="http://tctechcrunch2011.files.wordpress.com/2013/06/prism-slide-5.jpg" rel="nofollow">http://tctechcrunch2011.files.wordpress.com/2013/06/prism-sl...</a>
are they playing with words? do they know about complete access to the network just short of their data center but are saying that they are not providing it?
This is a gun in the back response. Am I really supposed to believe the guy with an open index of almost every American hasn't in some way folded to the government. Ever?<p>Sorry, Z.
Facebook: "We do not provide any government organization with direct access"<p>Google: "the U.S. government does not have direct access"<p>Apple: "We do not provide any government agency with direct access"<p>Yahoo: "We do not provide the government with direct access"<p>The consistency is amazing - do they all use the same law firm?<p>Something stinks here.
It's like:<p>John Doe asks, "Hey Larry, did you let Zuck read my mail I wrote you last week?".<p>Larry says, "No! He doesn't have my password or yours, right?"<p>Joe persists and proves Zuck knows the contents of the email. Then Larry shrugs and says, "Well, I didn't give him <i>access</i> to your email, I gave him a print out when he asked for it".
I guess the question is: should governments have the same access as "social media platform sysops"?<p>I would be surprised if they didn't.