PRISM – What The Companies Say…. And What They Might Be Holding Back
The unmasking of a National Security Agency intelligence program, which allegedly collects and analyses data from some of the worlds biggest companies has come as a shock to some and no surprise to others.
Leaked slides from a former CIA employee appear to show reasoning for their access to several high profile companies servers and leave the reader in no doubt to the ease of access they allegedly have.
The companies implicated in the leak include Microsoft, Yahoo, Facebook, Google, Apple, Dropbox PalTalk and AOL.
Naturally, the companies have released statements regarding the issue. After all, to not do so could a) imply truth in the claims and/or b) be corporate suicide.
Lets take a look at what they’ve said.
Facebooks Chief Executive Officer Mark Zuckerberg had this to say:
“We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
Google jumped in and said:
“Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a backdoor for the government to access private user data.”
Microsoft, not wanting to be left out, said:
“We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
Dropbox released a statement including:
“We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”
Followed fairly swiftly by Apple:
“We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
“We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers.”
“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”
And finally PalTalk:
“We have not heard of PRISM. Paltalk exercises extreme care to protect and secure users’ data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers.”
Included in the leak were also mentions of YouTube and Skype.
Who’s Telling The Truth?
For sure? Well we can’t tell. However, intelligent speculation would dictate that there is no smoke without fire.
The problem for the general public is that, it isn’t in any of the parties interests to be fully frank about the situation.
On the side of the US government and intelligence agencies including GCHQ admitting to this kind of indiscriminate mass collection and studying of data, no matter how noble or well meant the intentions are, would be damaging to public confidence in the US administration.
Equally, in the UK, rising public concern and tension is building up despite there only being claims that the UK had access to the US PRISM intelligence program, not that the UK government or intelligence services were directly collecting this themselves.
In addition, it would be highly damaging to any potential (or possibly continuing) support by companies of the PRISM program if there was a confirmation on behalf of the government or the security services.
Equally, for the companies – admitting this kind of definitely questionable, potentially (legally) murky situation would likely be corporate suicide. The strong denials from all of the companies allegedly involved with the PRISM program come as no surprise.
You could expect mass panic and potentially mass boycotting of services provided by a company which was allowing unrestricted and unmonitored access to all their servers data.
If a mass panic develops after such an admission, investors could lose confidence in the companies and pull all their funding and advertisers may also flee if the user base of servers dwindles and to avoid negative press by association.
Despite all of the companies shown in the leaked slides being multi billion pound companies, the scale of damage that could be done if there are truth in these allegations could be far reaching, long lasting and ultimately inflicting a indeterminate amount of damage.