Go look at this post at TechCrunch rounding up reaction from Google, Facebook, Apple, etc. All of them deny giving the feds “direct access” to their servers; some of them claim never to have even heard of PRISM until WaPo’s story yesterday. “But wait,” you say, “what if they’re being slippery in their statements and they actually gave the feds indirect access to their servers?” That’s possible. Other people have noticed that loophole too.
But what to make of this new statement on Google’s blog, signed by CEO Larry Page himself?
First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.
Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
Finally, this episode confirms what we have long believed—there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible. We were the first company to do this. And, of course, we understand that the U.S. and other governments need to take action to protect their citizens’ safety—including sometimes by using surveillance. But the level of secrecy around the current legal procedures undermines the freedoms we all cherish.
Emphasis mine. Even if Google’s not allowing the feds any access, directly or indirectly, to their servers, you can imagine them handing over the data contained in those servers pursuant to a broooooad order issued “in accordance with the law.” But the second boldface bit says they’re not doing that. As far as I can tell, this amounts to a flat denial of voluntary participation. Plus, if they are participating voluntarily somehow, they’d be much better off with a terse statement signed by a random PR official simply saying that they don’t provide “direct” access to servers and they comply with applicable laws, which would put the heat back on Congress for making PRISM possible in the first place. Instead you have an elaborate denial here emphasizing that they don’t deal with very broad requests for information signed by the company’s CEO. If Google’s being cute in using weasel words to hide its complicity, it’ll look even worse when the truth of their compliance comes out. So maybe they’re not being cute. Maybe they’re really not participating in this voluntarily.
But in that case … what’s going on? Three obvious possibilities. One: They’re not participating voluntarily. Somehow PRISM’s lifting the data off of their servers without them knowing it. Which, if true, takes this story from bombshell to atomic bombshell. Two: Page and his counterparts at the other tech behemoths are flat-out lying. As noted above, it would be risky for them to do that given the breach of trust that would result if/when their lie is exposed. Some people on Twitter are speculating that they’re being required to lie, per some sort of provision of the Patriot Act, but I’ve never heard of a law that does that. Even if there were a secret law that did, one of the tech behemoths could have exposed it when the feds approached them about PRISM and the resulting scandal would have exploded in Obama’s face. Plus, a tech reporter tweeted me to note that Google’s locked in other litigation with the FBI; they’re not afraid to challenge the feds on national security issues.
Three: There’s something fishy about the details of PRISM as reported by WaPo and the Guardian. Read this post at Business Insider rounding up some of the odder details of the story, from the suspiciously amateurish Powerpoint slides to the odd timing of the revelations to the implausibly low pricetag for the program. ($20 million a year to harvest data from nearly the entire Internet?) There’s no question that a program called PRISM exists — other news sources have independently confirmed its existence since WaPo’s story came out — but there is some question as to whether it’s as extensive and intrusive as the WaPo report claims. James Clapper’s statement last night also accused WaPo of “numerous inaccuracies” in its story. Hmmmmmm.
Exit question: If WaPo’s scoop was bogus in some material way, wouldn’t Obama have emphasized that in his remarks this afternoon? Why let a damaging story that’s false in key respects gain traction when you can shoot it down in front of a national audience?
Update: Mark Zuckerberg just issued his own statement and, as Andy Levy notes on Twitter, it’s similar to Page’s. Very similar. Extremely similar, in fact. Hmmm.
Update: Matt Yglesias spots more weasel words in Google’s statement:
Matt Yglesias ✔ @mattyglesias
Weasel words in Google’s denial. Also a use/mention fail: pic.twitter.com/irXgGQH3EK
Do note, Larry Page’s post on PRISM is titled “What the …?”, as if he and the company are in shock about learning what’s going on. Weasel words or not, they’re presenting this as a total surprise to them. Remember that if/when we find out they were complicit. Also, some on Twitter are speculating that the reason these companies can semi-plausibly issue denials is because it’s likely that only a select few inside the building know what’s going on with PRISM. A company spokesman won’t have access to that information. The significance of Page’s post is that he’s the CEO; if massive data-sharing with the feds is going on somewhere in the company and he doesn’t know it, he has a big problem.
Update: Anyone else find it curious that Twitter isn’t among the big nine involved in PRISM, despite its massive client base and the fact that it’s been used to share information in uprisings abroad (like in Iran in 2009)? Surely the feds would love to have access to the world’s DMs. If they can’t access Twitter’s servers, it must be because Twitter refused to play ball. And if Twitter had a choice and refused, then presumably the big nine had a choice too.