Over a week after the Guardian and the Washington Post first reported that leaked documents showed the National Security Agency accessed user data from nine major tech companies, the extent of those businesses’ involvement in the surveillance program is still far from clear. Though many of the companies linked to the program quickly issued strongly-worded statements denying they gave any government agency direct access to users’ information, experts say questions remain about their exact role in the classified PRISM data collection program.
>Get a private, Free reagan email at Reaganemail.com. Private Email is free at Reaganemail.com
Elizabeth Goitein is an attorney who previously served on the staff of former Sen. Russ Feingold (D-WI) and currently is co-director of the Liberty and National Security Program at NYU law school’s Brennan Center for Justice. In light of the documents leaked to the press, Goitein told TPM the tech companies’ claim that they did not participate in the NSA’s data collection program is “a head scratcher.”
“It’s got to be … one of three things. Either they are lying because they don’t want to lose customers, or … it’s something the government has done without their knowledge, … or they felt compelled by the terms of their non-disclosure agreement to say that,” Goitein said. “Some of them are saying, ‘We never gave the government access.’ … It doesn’t seem very plausible. Frankly, none of them seem plausible.”
Nate Cardozo believes there is another possibility.
Cardozo is staff attorney with the “digital civil liberties team” of the Electronic Frontier Foundation, a group dedicated to “defending free speech, privacy, innovation, and consumer rights.” EFF has filed lawsuits over NSA surveillance programs (a photo of NSA leaker Edward Snowden shows an EFF sticker on his laptop). Cardozo pointed to the fact many of the statements from the tech companies named in the PRISM documents contained similar language about “direct access.” According to Cardozo, this means the denials could be correct from a “technical perspective” and “an engineering perspective” while still hiding the businesses’ cooperation with the NSA.
To make his point, Cardozo pointed to the NSA’s use of divers during the Cold War to tap underwater Soviet phone lines and to a pending 2008 EFF lawsuit against the NSA that alleges the agency installed a device in a “secret room” at an AT&T facility in San Francisco to listen to incoming calls. Cardozo argued that if the NSA used similar tactics to extract data from tech companies it would not necessarily constitute “direct access.”
“It’s not direct access to the servers, what it is is a sniffer on the line,” Cardozo said.
Cardozo also identified another way the companies could have cooperated with the agency that would not have constituted “direct access” to their servers.
“Say that the secret room with the splitter isn’t at the Google facility. Let’s say it’s at an AT&T facility. The NSA at the AT&T facility can see all of the Google traffic, but it’s all encrypted,” Cardozo explained. “If the cooperation from the company is handing over the Google private key so the NSA can read all of that data. … That is absolutely cooperation, but it’s certainly not direct access.”
TPM asked all of nine tech companies named in the PRISM documents whether they could confirm they had not engaged in the specific activities described by Cardozo. Yahoo!, Paltalk, Microsoft (which owns Skype), and Facebook all referred us to their previous statements. AOL and Apple did not respond. A spokesperson for Google (which owns YouTube) told TPM the company has not given private keys to “any government” but did not specifically respond to the question of whether it allowed the NSA to install equipment in its facilities.
“We don’t provide our encryption keys to any government. We believe we’re an industry leader in providing strong encryption, along with other security safeguards and tools,” the Google spokesperson said by email Friday.
Get a private, Free reagan email at Reaganemail.com. Private Email is free at Reaganemail.com