It's not the phrase "direct access" (which they could reasonably use given it was used in the original leak story), but rather the construction of the whole sentence.
There are millions of ways you could phrase the response
(Dropbox and Microsoft used completely different language), the chance that these five came up with the phrasing used independently seems fairly low. Especially as the statements weren't all given to a single reporter (who could have phrased the question in a particular way) but rather to a variety of different news sources.
It could still be completely innocent, they could all have cribbed off whoever did the first denial or they could have discussed it beforehand and co-ordinated messages without there having been any government involvement.
I accused you of doing X on mondays. You could say "You know, in fact, I do X, but on tuesdays". Most hypocrites however will take your question as literally as possible and will just say: "No, I don't do X on mondays".
You see, people don't want to know if government has direct access(ok, they want, but it is not their primary concern), they want to know what happened.
It simply doesn't matter if google uploads data to government servers or government gets data from google servers by "directly accessing" them. I would even guess that the latter is simpler to implement and maintain.
I don't mean that google is happy to hand user data to government - they probably aren't - I want to know how many data governments gets.
"You see, people don't want to know if government has direct access(ok, they want, but it is not their primary concern), they want to know what happened.
"
The companies are saying they have no idea. They literally said "we've never heard of this program".
What more do you want?
The claim the newspapers made, in line 1, was, "the government has direct access". The denial made was "the government does not have direct access".
If they want to publish a different claim, i'm sure a different denial will be written.
If you want to know what happened, why are you asking GOogle?
Go ask the NSA
No it isn't. You can run it through plagiarism software which is specifically designed to take into account scenarios like your suggest and it'll be flagged.
For example why do they all use the word "provide" there are hundreds of synonyms that work just as well ("given", "enabled", "allowed", "have", etc.). They weren't accused of "providing" the access, it's a word they've chosen to use.
The specific accusation was about the NSA, why are the denials using "government agencies" or synonyms rather than NSA. There might be perfectly valid reasons, but the chance that they'd all make the same decision to use it independently ?
Why are they all in current tense rather than "we have never x" ?
If there were on or two similarities it might be coincidence, but we're talking about dozens of grammatically and phrasing choices.
Because it is plagiarism. Do you honestly believe the PR people who wrote this didn't also read what others wrote? I don't think they released their statements all the same second.
Here's an example of how a government agency could get indirect access to phone data...
Amdocs (http://en.wikipedia.org/wiki/Amdocs) provides billing services and customer support for most of the major phone companies so it has access to all of the transactional data on your billing statement. If a government agency had access to the Amdocs data, it would have access to the phone data through an indirect channel.
> they could have discussed it beforehand and co-ordinated messages without there having been any government involvement
These are after all companies several (all?) of whom have co-ordinated illegal no-hire compacts in the past: it's not far-fetched to think they'd work together on a PR response to this. Which isn't necessarily to rule out a more sinister explanation of course.
I think lawdawg is saying there's no reasonable way they can deny participating in a massive spying program without somebody saying it sounds dodgy.
And it is kind of true: "We do not provide any government agency with direct access to our servers" is the clearest construction I can imagine for denying involvement, but they get called out for it anyway.
Commits massive domestic spying operation, people complain.
"Can't win with you guys."
I mean, not much more you can do than just laugh at shit like this. Yeah man, everyone here is so unreasonable with their standard of "I don't like when companies blatantly lie" how hypocritical of them?
Those statements are probably true. The NSA has probably subcontracted the operation out to a private corporation. So Facebook, Google, et al, don't deal directly with the government, they deal with the private company.
In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.
The Chinese security bureau didn't have "direct acces to servers" as well, instead, they install black boxs in every IDC which mirror router traffic to an unknown destination.
There's also shit ton of papers on Chines academia on how to reconstruct and rapid classify packets from raw IP dumps
Love it how they got played. I hope they appreciate the way the administration let them look and lie their customers in the face.
Wish I had been a fly on the wall when they where instructed on what to say and how to phrase it. It is certainly no accident that they came out on the same day, with the same phrasing, etc
This article is terrible. What exactly did "the White House" say? There is not even one sentence that is attributed to a specific individual. Was it the White House press secretary, or Obama, or somebody else? Or are they referring to the statements from the Director of National Intelligence?
"EDITOR'S NOTE: Since this story was published, The Guardian has reported that the UK intelligence gathering organisation GCHQ has had access to the PRISM system since at least June 2010 and has generated 197 intelligence reports."
So other governments have a backdoor to our government's backdoor... What stops China among others from being able to access this?
On the other hand, what is the truth if Larry Page is saying that Google does not allow 'direct' access but the White House is saying that it does have access? This just looks like a giant finger pointing and blame game now.
> So other governments have a backdoor to our government's backdoor
And we have a backdoor to their backdoor. It's fairly easy to assume that they -- state-sponsored intelligence agencies -- collude with each-other by offering access to each-other's data stores.
In a sense we are all foreign to each-other, and the USG may access American data through requests acting as foreign agencies.
> So other governments have a backdoor to our government's backdoor... What stops China among others from being able to access this?
Nothing, and that's exactly what China was doing during Aurora and similar operations.
It's worth noting that Google posted incorrect/misleading information on their blog at the time of that incident as well. They claimed that the intrusions were motivated by China wanting to target human rights and freedom of speech activists, positioning them as a villain.[1] It ended with the same crap about pushing for freedom and transparency.
A few months ago it was leaked that the actual motivations behind Aurora were that China was using it to see which of China's spies were being monitored by the US government through the PRISM-like interface[2]:
""What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on," Aucsmith says. "So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way."
[3]:
"As Google was responding to the breach, its technicians made another startling discovery: its database with years of information on surveillance orders had been hacked. ...
The most sensitive orders, however, came from a federal court that approves surveillance of foreign targets such as spies, diplomats, suspected terrorists and agents of other governments. Those orders, issued under the Foreign Intelligence Surveillance Act, are classified.
Google did not disclose that breach publicly, but soon after detecting it, the company alerted the FBI, former officials said."
Interesting, well I'm just glad this is all hitting the mainstream as it is... I think the community here had been well aware of the lack of privacy in most online services.
The presentation makes it seem they are harvesting the data. That would resolve any apparent contradiction. The biggest question is how? Surely google has noticed these man in the middle attacks. I think the guardian misinterpreted the word "provider".
Edit: it appears the NSA has google's ssl keys. That would explain all the talk about "direct access".
What is the source on the SSL keys? Arguably a lot of metadata could be gleaned without even decrypting the data. If an IP is tied to an identity, timing of traffic alone would be very revealing.
My guess? They worked with the CEO to discuss the issue. Then recommended hiring some consulting company that specializes in key management. The consultant says something like, you need to keep a copy of the keys in an offsite vault for disaster recover purposes. The NSA now has the keys.
It is also possible they just got the keys from spies. In my company, anyone with sudo access to front end machines can get the keys. I have no idea how to keep these keys secure from the NSA.
If someone has your private cert and keys, that is irrelevant - they can fully MITM you. Forward secrecy only ensures that a compromised key doesn't compromise data collected in the past.
Google could not provide the NSA with its TLS keys and then argue it hadn't given the government direct access to its servers. Nor could the government MITM TLS, which would be detectable, nor could they have compromised a TLS CA to accomplish the same thing, because Google's keys are pinned in Chrome and recent Firefox; you can examine the builds to see that.
> Google could not provide the NSA with its TLS keys and then argue it hadn't given the government direct access to its servers.
Sure it could. First, it would be accurate: TLS keys give you the ability to decrypt communications, which is distinct from direct access to the servers (though, obviously, it can easily substitute for it.) Second, even if it wasn't an accurate distinction, people can (and do) argue positions on unsound bases, and Google doesn't seem to be especially incapacitated in that regard.
How do you resolve the the fact the presentation is real, and Larry Page's statements?
This is the only explanation that makes sense. Some secret court compels Google to provide their TLS keys, which is a a few kb of data. No one at Google has to know, and no one at Google can accidentally detect the leak.
Also, can you clarify for me why you think giving someone access to eavesdrop overlaps with "direct access to servers"?
If what I say is correct, Larry Page's statement is 100% defensible.
Could it be that the presentation describes targeted surveillance? PRISM may just be a program to standardize a process and the type and format of information returned.
Yes, I think the $20M figure makes it clear it is targeted. They have the ability and authorization to eavesdrop on foreign packets, but that is like drinking from a firehose. They need a way to syphon and interpret the data, and also a way read TLS streams. I think the dates and companies are a combination of getting access to the TLS keys, and actually implementing a sane way of sipping from the firehose. In facebook's case, I think they implemented a way to eavesdrop, and then later compelled Zuck to provide the keys.
The slide about how traffic is routed through the US is really telling. This program works because there is access to the packets.
> Why would the government choose to use this route to get data from Google/Facebook/etc?
It is the only way to get access to the data without requiring a vast conspiracy. If they had direct access, thousands of employees would know something was up. If they MITM, then lots of people would notice. If they had a way to actually break TLS, then there would be no slide about "providers".
That doesn't give you the type of data (and tools) that the provider has. I don't see the government building tools on top of user-level access when the provider already has better data (like login records) and tools.
Can someone just tell what the final deal is? I'm quite annoyed by conflicting reports from the media, Internet firms and the US government. Also, please stop playing with words. It doesn't matter if the program is named PRISM or Hexagon. What matters is the access powers to otherwise private data by governments.
Even if the White House confirmed the PRISM program exist, and condemned the leak about the PRISM program, it doesn't mean all the facts in some power point presentation is real at all.
From the Sherlock files? I've read the presentation; it doesn't mean everything out there is cast & stone. I'm seeking the truth and not popular stories.
> “It [PRISM] cannot be used to intentionally target any US citizen, any other US person, or anyone located within the United States,” said James Clapper, the director of national intelligence.
And how are we supposed to believe this? We were already blatantly lied to.
Or...you may be misinterpreting what's at issue. I can't claim to really know either, but from what I gather, the issue at hand is: Does the NSA have a direct feed into Google's servers, via PRISM?
Google says "No".
However, Google has not denied giving government access to user data: in fact, Google for a few years has been publishing a report of how many times governments ask it for user data:
Eric Schmidt, in March 2010, knew about this when he said the following for users who wished their actions to be private:
> But if you really need that kind of privacy, the reality is that search engines, including Google, do retain this information for some time. And [...] we're all subject, in the US, to the Patriot Act, and it is possible that that information could be made available to the authorities.
Whatever your views on this are, I hope nobody is actually surprised. If I were a $CURRENT_MEDIA_BOOGIEMAN_SCAPEGOAT_THINKOFTHECHILDREN, I would definitely assume that the usgov has access to any "big data" on the general public and can get it anytime they want. My plans for world-domination won't be sent through gmail or sent in a private message on facebook, or an text-msg on VerizoNSA. I'd take the time to learn and use PGP.
Only regular citizens will be caught by this and... the whitehouse knows it. I only wish the general public could see HN now. Someone with lots of money,looks-at-Google, should buy like 2mins of commercial-time during the Super-bowl to talk about stuff like this.
I'm no intelligence expert, but I'd be surprised if the NSA would expect something like this to find a "smoking gun" proving that person X is planning Y.
More likely you already have suspects, and your suspects have acquaintances , family etc.
You would be more interested in looking at these people, who do they network with on social media, what are they interested in?
Might they be knowingly or unknowingly be providing material support?
You would probably use this information to build up a broader profile and see which avenues are worth investigation.
Ok, but what about companies who store sensitive data and emails on Google Apps for business, especially non US companies ?
What about non US citizens who seems to have less protection and spyable at mercy ?
Should we the ( whatever your country or citizenship ) avoid by all means US internet corps.
If the American gov wanted to kill the cloud, then good job !
I want to clarify that I do not trust my own gov neither ...
Nobody should store sensitive data and e-mails on a system where they're sitting there in plain text accessible to god knows how many people at Google and their data centers. That's insane.
As Microsoft was the first company to adhere PRISM as stated by the leaked slide, that also means that no company worldwide should ever use office 365, azure or managed sharepoint / exchange !
These software corps better be persuasive because a whole economic part of USA will be endangered then !
That doesn't even make any sense. Your house is your private space. Google's servers are someone else's private space. It's like leaving your business documents scattered around a Starbucks and depending on the honor system to ensure nobody reads them.
To be honest, this whole thing is coordinated. The leak, the opportunity for outrage, the opportunity to gloss over the outrage, and now it's out in the open where the politicians and CEOs don't have to face real outrage.
But they're not controlling anything, they're just doing now what they would be doing if the leak had been real, assuming it was orchestrated. They would've done a better job letting everyone stay distracted by all the other crap being dropped on Obama's head right now.
Not necessarily: you could for example throw in red herrings and disinformation along with whatever facts you're disclosing. The "limited hangout" http://en.wikipedia.org/wiki/Limited_hangout is apparently a real thing, though of course once you've heard of them it's easy to start imagining them where they don't exist.
What really pisses me off is something like »It [PRISM] cannot be used to intentionally target any US citizen, any other US person, or anyone located within the United States«. Mass surveillance without suspicion of foreigners is even worse than spying the own people.
The public has unprecedented access to information b/c of the stuff publicized on HackerNews. Should come as any surprise the White House also has this access?
I just assume Barack is LOLing everytime I crack a funny on twitter.
Yahoo: "We do not provide the government with direct access to our servers"
AOL: "nor do we provide any government agency with access to our servers."
Paltalk: "Paltalk does not provide any government agency with direct access to its servers"
Apple: "We do not provide any government agency with direct access to our servers"