So who is lying and who is telling the truth? Most of the leading internet companies have weighed in with denials that they gave the National Security Agency “direct access” to their servers. Facebook CEO Mark Zuckerberg claims, “Facebook is not and has never been part of any program to give the US or any other government direct access to our servers.” Google’s CEO Larry Page wrote something similar on the Google Blog: “First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers.”
When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit.
Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so.
The negotiations shed a light on how Internet companies, increasingly at the center of people’s personal lives, interact with the spy agencies that look to their vast trove of information — e-mails, videos, online chats, photos and search queries — for intelligence. They illustrate how intricately the government and tech companies work together, and the depth of their behind-the-scenes transactions.
In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.
The negotiations have continued in recent months, as Martin E. Dempsey, chairman of the Joint Chiefs of Staff, traveled to Silicon Valley to meet with executives including those at Facebook, Microsoft, Google and Intel. Though the official purpose of those meetings was to discuss the future of the Internet, the conversations also touched on how the companies would collaborate with the government in its intelligence-gathering efforts, said a person who attended.
While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not, which is why Twitter could decline to do so.
Details on the discussions help explain the disparity between initial descriptions of the government program and the companies’ responses.
It is doubtful that the tech companies knew the code name of the program — PRISM — so they could easily deny they were taking part in such an effort.
And, it’s important to remember that the FISA requests are compartmentalized at these companies, with employees dedicated to complying with government requests for information who are outside the chain of command.
Tech companies might have also denied knowledge of the full scope of cooperation with national security officials because employees whose job it is to comply with FISA requests are not allowed to discuss the details even with others at the company, and in some cases have national security clearance, according to both a former senior government official and a lawyer representing a technology company.
That inability to discuss details of the program extends to the CEO’s whose carefully worded statements nevertheless reveal that they have been complying with requests from the government for information. But their main point — that the government does not have a “back door” access to their servers — is also a fudge on the truth:
In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.
In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.
“Real time” transmission of data is also called “monitoring.” The companies implied in their statements that there was no snooping of this sort, but apparently, in some cases, there is. And it sounds like that agent had “direct access” to the server. I don’t know how else you would describe downloading government software directly onto the server and then capturing data.
Either the CEO’s were unaware of these instances of the government getting direct access to company servers and monitoring communications or they couldn’t admit it because of their non-disclosure agreement.
It’s clear that some in the press have misinterpreted the specifics of the internet surveillance program, but the CEO’s haven’t helped matters by issuing statements that skirt the truth and don’t reveal much about their participation in PRISM, even if they were reluctant to do so. That is probably due in part, to rules governing disclosure, but even with that consideration, they appear to have failed the transparency test.