The NSA slides are highly damaging to American service providers, thus they are trying to be as forceful as possible in these statements. There are already European government officials calling for the discontinuation of American services and for the development of European alternatives. Making the matter worse is American official's arrogant short-sighted reassurances that the surveillance is for foreigners only. As the NSA called it "our home-field advantage", that these dominant global Internet companies are located here, could quickly be lost thanks to the hubris of our government.
We should give foreigners rights that Americans enjoy. If American enjoys 4th amendment protection, so can foreigners. That mean you can't spy on foreigner without getting a warrant from an open court, rather than secret courts with secret ruling.
Edit:
I am not arguing that foreigners should receive welfare check and benefit from social programs. I am arguing that if they are targeted by the US government, they should be subjected to the same protection. There should be no special exception for anybody, because the special exception was used to justified the NSA spying program.
Definitely, I'm on the lookout for any kind of service that operates in a country with transparent law enforcement and accountability.
I trust Google not to share my sensitive information (product strategies, negotiating positions) with competitors on request, I can't trust some random agent who knows he won't be held accountable if he looks up and sends that information to his cousin.
There's the potential here to 'disrupt' the whole of silicon valley.
It should be noted that the European Economic Area is currently implementing the Data Retention Directive[1], which in my opinion is worse for end-users than what the blogosphere is extrapolating from some dude's PowerPoint slides in this case. If you're using a US hosted service, there's nothing preventing you from deleting your data if it hasn't been subpoenaed already. European countries are starting to enforce a 6-24 month minimum retention period for traffic data.
I'm struggling to make sense of all this. On the one hand, the denials from the companies in question are becoming more and more genuine and convincing - on the other, the NSA PowerPoint did leak which very clearly states the companies' involvement and no one's thus far denied its validity.
On Thursday, James Clapper, the Director of National Intelligence, wrote "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies."[1]
Today, he released a fact sheet[2] which stated, among other things,
* PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
* Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.
* The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.
* In addition, Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States. Likewise, Section 702 cannot be used to target a person outside the United States if the purpose is to acquire information from a person inside the United States.
The most likely explanation is that PRISM = FISA. The Washington Post article with the slides begins "Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA)..."
Now imagine how this works in practice. The FBI (not NSA, other articles have stated that the NSA works by handing a request off to the FBI to implement on domestic soil) comes to a tech company with a signed court order to hand over the user data for a user suspected of criminal actions. The tech company complies. The data is normalized and assembled on the NSA end, and then a realtime feed goes to the PRISM GUI where an analyst looks it over. At no point does the government ever reveal the name "PRISM" to the tech company - why would the NSA ever reveal top-secret codenames outside of the organization.
When the program is made public, it's the NSA side of the story that hits the papers. The tech companies have never heard of PRISM, they know that the NSA does not have boxes inside their datacenters, and the whole accusation seems ludicrous.
It's a mistake, when you find out that a secret has been kept from you, to assume that other people know about the secret as well, even if they were involved. The NSA is not in the business of telling businesses about confidential national security projects.
Probably neither. It is just my guess, but it seems like the NSA slides overstate how much access they have (after all, this is a $20MM project) and the journalists took them at their word/pushed the sensational angle. The tech companies are understating how much they work with the government. No one is strictly lying, but their various interests are conflicting.
Potentially no one is lying, because even if the information in the slides were 100% accurate, they could describe a wide range of possible programs and implementations, many of which are also 100% inline with the companies' claims.
For example, if PRISM is really just an internal NSA tool for interfacing, searching, storing etc information procured from these providers from different means (such as NSLs or FISA warrants), then obviously no company joined it. It's an internal tool! The idea of 'adding' just becomes ensuring normalization of data and other such 'mundane' things.
Note I say, 'for example'. Because amongst all the yelling about, we still don't actually know what the fuck PRISM actually is, and arguments just revolve around how charitable/cynical you are about the parties involved.
These companies are making themselves look really bad to anyone paying attention. Nobody is reporting that they joined a program to volunteer illegal access to user data, so these assurances are canards. What is being reported is that the NSA has been running a secret program to legally collect user data from these companies. If these companies want my respect, they need to admit that these reports are true, declare their opinion against the practice, and state their position on legal reform to make such practices illegal.
What do you call the Google Transparency Report document then? They have been admitting it and documenting it, to the best of their ability (when not gagged). Google has been fighting these in court, they have declared their opinions against the practical, they have been lobbying against these laws. They've done everything they legally can do, unless Larry Page wants to risk being put into federal prison.
The PRISM leak started as this dramatic claim that NSA is hoovering up all of the person data of everyone in the cloud. Now this has been mostly retracted to tech companies sending them data on individual accounts as requested by lawful court order, which is what they've been doing, in public view, unclassified, for years, and admitting it -- that they respond to lawful requests on a case by case basis.
What more do you want? The denials are about as vehement as they can get. The NSA denies the "firehose feed" hypothesis as well.
Sincere question: was it not common knowledge that these companies would hand over user data if compelled to do so by the government? What exactly is new about this revelation?
Exactly. This kind of technically correct, but utterly unhelpful resposnse reminds me of the Adolf Eichmann trial. Where have they been the last 10 years? Where are their values and spines at?
You see, if you don't stand up, you still get counted. "Little Brother is watching you, too"
i think the reason this statement feels like it carries more weight is that it doesn't read like a mad libs where the CEO has filled in their company name in the required blanks.
I don't care about whether a given company "volunteers information" (or has it compelled), or whether it's via "lawful means" (which means, we got a secret court order or an NSL for everyone). What I want to know is, of the N users you serve in Country X, how many have had information turned over to a third party?
If you qualify it as "any third party", I really doubt the proscriptions over disclosing specific FISC or NSL orders apply. They do receive orders to turn over information for all sorts of reasons, some of which are totally legitimate.
Wow bet Yahoos glad they took a little longer than Facebook and Google to 'set the record straight'.
This statement definitely carries much higher conviction language that related statements, interesting to note the absence of Marissa Mayer from the statements. I would guess that it just gives a little more PR distance in case things blow up further.
Lately all these PR statements from the companies involved are so carefully structured that they can be interrpreted 2 clear ways.
1) Face Value. Don't look into the wording and just see that so many companies "accused," are not involved.
2) Semantics. Look at the wording for hidden meanings, possibility of a gag order, and these companies are (in reference to this article) involuntarily involved.
I think they are general so the person reading it will take it as they want. I posted a "what will you do now," post on here [0], because that's really what this comes down to. I agree with most that I've ALWAYS assumed we were all monitored, but as I've said many times....it's not what they know, it's what they can prove in court (that's why I'm thankful CISPA got blocked...it was kinda like legalizing what was already going on to be able to use what they know in court).
All the organizations in question have a permanent smut on their record. The angle I'm missing in this discussion is that this is a business opportunity for something new and better. Acquiring new users for a search engine, social network, etc was damn near impossible because you couldn't compete with the resources, quality and brand. Now they have a flaw; privacy. Maybe the homogeneous landscape of the tech industry can get shaken up. Kim Dotcom is creating an anonymous email service and I'm curious to see what other alternatives for common tech pops into existence in the wake of this.
Changing a government will take a lot of time; but a business outside the reach of US legislation could pop up tomorrow.
[+] [-] guelo|12 years ago|reply
[+] [-] kiba|12 years ago|reply
Edit:
I am not arguing that foreigners should receive welfare check and benefit from social programs. I am arguing that if they are targeted by the US government, they should be subjected to the same protection. There should be no special exception for anybody, because the special exception was used to justified the NSA spying program.
[+] [-] RWeaver|12 years ago|reply
I trust Google not to share my sensitive information (product strategies, negotiating positions) with competitors on request, I can't trust some random agent who knows he won't be held accountable if he looks up and sends that information to his cousin.
There's the potential here to 'disrupt' the whole of silicon valley.
[+] [-] mortehu|12 years ago|reply
1. http://en.wikipedia.org/wiki/Data_Retention_Directive
[+] [-] cmelbye|12 years ago|reply
[+] [-] wslh|12 years ago|reply
What Google et al didn't take into account, being very short sighted, is the competitive advantage they lost unprotecting their customers information.
[+] [-] edwardunknown|12 years ago|reply
They look like they were made with MS Paint. CNET and James Clapper says this is all bullshit.
Maybe we should stop drawing conclusions about a story that is developing and extremely foggy until it clears up a little more?
[+] [-] dkulchenko|12 years ago|reply
Who's lying?
[+] [-] kahirsch|12 years ago|reply
On Thursday, James Clapper, the Director of National Intelligence, wrote "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies."[1]
Today, he released a fact sheet[2] which stated, among other things,
* PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
* Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.
* The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.
* In addition, Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States. Likewise, Section 702 cannot be used to target a person outside the United States if the purpose is to acquire information from a person inside the United States.
[1] http://www.dni.gov/index.php/newsroom/press-releases/191-pre...
[2] http://www.dni.gov/files/documents/Facts%20on%20the%20Collec...
For other statements from the DNI, see http://www.dni.gov/index.php/newsroom/press-releases
[+] [-] nostrademons|12 years ago|reply
The most likely explanation is that PRISM = FISA. The Washington Post article with the slides begins "Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA)..."
Now imagine how this works in practice. The FBI (not NSA, other articles have stated that the NSA works by handing a request off to the FBI to implement on domestic soil) comes to a tech company with a signed court order to hand over the user data for a user suspected of criminal actions. The tech company complies. The data is normalized and assembled on the NSA end, and then a realtime feed goes to the PRISM GUI where an analyst looks it over. At no point does the government ever reveal the name "PRISM" to the tech company - why would the NSA ever reveal top-secret codenames outside of the organization.
When the program is made public, it's the NSA side of the story that hits the papers. The tech companies have never heard of PRISM, they know that the NSA does not have boxes inside their datacenters, and the whole accusation seems ludicrous.
It's a mistake, when you find out that a secret has been kept from you, to assume that other people know about the secret as well, even if they were involved. The NSA is not in the business of telling businesses about confidential national security projects.
[+] [-] Kylekramer|12 years ago|reply
[+] [-] icegreentea|12 years ago|reply
For example, if PRISM is really just an internal NSA tool for interfacing, searching, storing etc information procured from these providers from different means (such as NSLs or FISA warrants), then obviously no company joined it. It's an internal tool! The idea of 'adding' just becomes ensuring normalization of data and other such 'mundane' things.
Note I say, 'for example'. Because amongst all the yelling about, we still don't actually know what the fuck PRISM actually is, and arguments just revolve around how charitable/cynical you are about the parties involved.
[+] [-] coolj|12 years ago|reply
[+] [-] cromwellian|12 years ago|reply
The PRISM leak started as this dramatic claim that NSA is hoovering up all of the person data of everyone in the cloud. Now this has been mostly retracted to tech companies sending them data on individual accounts as requested by lawful court order, which is what they've been doing, in public view, unclassified, for years, and admitting it -- that they respond to lawful requests on a case by case basis.
What more do you want? The denials are about as vehement as they can get. The NSA denies the "firehose feed" hypothesis as well.
[+] [-] pyre|12 years ago|reply
[+] [-] md224|12 years ago|reply
[+] [-] HoochTHX|12 years ago|reply
[+] [-] PavlovsCat|12 years ago|reply
You see, if you don't stand up, you still get counted. "Little Brother is watching you, too"
[+] [-] nhangen|12 years ago|reply
Seems like a paradox. Mind blown.
Something about this feels like it carries more weight, probably because it comes from the legal department and not from a CEO.
[+] [-] notatoad|12 years ago|reply
[+] [-] fiatmoney|12 years ago|reply
If you qualify it as "any third party", I really doubt the proscriptions over disclosing specific FISC or NSL orders apply. They do receive orders to turn over information for all sorts of reasons, some of which are totally legitimate.
Unless the number is "100%".
[+] [-] wycats|12 years ago|reply
[+] [-] evolve2k|12 years ago|reply
This statement definitely carries much higher conviction language that related statements, interesting to note the absence of Marissa Mayer from the statements. I would guess that it just gives a little more PR distance in case things blow up further.
[+] [-] quackerhacker|12 years ago|reply
1) Face Value. Don't look into the wording and just see that so many companies "accused," are not involved.
2) Semantics. Look at the wording for hidden meanings, possibility of a gag order, and these companies are (in reference to this article) involuntarily involved.
I think they are general so the person reading it will take it as they want. I posted a "what will you do now," post on here [0], because that's really what this comes down to. I agree with most that I've ALWAYS assumed we were all monitored, but as I've said many times....it's not what they know, it's what they can prove in court (that's why I'm thankful CISPA got blocked...it was kinda like legalizing what was already going on to be able to use what they know in court).
[0] https://news.ycombinator.com/item?id=5842556
[+] [-] lhl|12 years ago|reply
Like the other official/legal postings so far, the verbiage in this post is carefully crafted to mean the opposite of what it says.
[+] [-] Father|12 years ago|reply
Changing a government will take a lot of time; but a business outside the reach of US legislation could pop up tomorrow.
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] outside1234|12 years ago|reply