The Tech Behemoths Implicated in the PRISM Scandal Say They've Done Nothing Illegal

It's becoming clear just how Orwellian the U.S. government has become, after the recent discovery (surprising or not) that the NSA has direct access to the servers of nine top tech companies, giving them free reign to read our emails, Gchats, Facebook posts and "quite literally can watch your ideas form as you type," in the words of the government official who leaked information on the top-secret NSA program PRISM to the Washington Post yesterday.

But what's still unclear is, did these tech titans have any clue that this was going on? Was the government tapping into their servers behind their backs? Or did the companies know user data was compromised? And if so, was the program supported by court orders?

As the news unfolded last night, so did conflicting reports on the answer to these questions. Initially the Washington Post reported the companies "knowingly participated" in the PRISM scheme, but removed the phrase from the article after Google, Apple, Facebook and Microsoft came forward fervently denying that the government had direct access to their servers. (Skype and AOL have not yet released statements.)

So were the companies lying, or did the Washington Post get it wrong? Surely, the devil is in the details. Amie Stepanovich, director of EPIC's Domestic Surveillance Project, told Motherboard, "I wouldn't say [the companies] are lying, I would believe the reports coming out from Guardian and Post, but I'd say the companies' denials are very specifically worded and that probably is significant."

For instance, Apple was the only company to use the program's code name in its statement. "We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order," an Apple spokesperson said.

But denying knowledge of "PRISM" iteslf doesn't really mean anything, since the companies most likely wouldn't have had knowledge of the programs's code name. EFF wrote in a statement to Ars Technica, "Whether they know the code name PRISM, they probably don't…[Code names are] not routinely shared outside the agency. Saying they've never heard of PRISM doesn't mean much."

In other words, there's some room for plausible deniability here. I mean, it's top secret, right? Perhaps even if no one know the name PRISM per se, only one or two executives at these companies even knew about the program at all. Or perhaps these spokespeople are forbidden from confirming the existence of a clandestine program. That would explain the Guardian reports that the executives who talked to the paper seemed "shocked" and "confused" when they got wind of the scheme.

But Apple doesn't appear to be simply trying to skate with some clever wordplay. Note that the latter half of its denial is pretty specific, which the EFF says is notable. "Generally what we've seen when there have been revelations is something like: 'we can't comment on matters of national security,'" EFF wrote. The tech companies responses are unusual in that they're not saying 'we can't comment.' They're designed to give the impression that they're not participating in this."

The statements from the other companies stressed valuing users' privacy and denied providing the government with "direct access" to data.

From Google: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

From Facebook: “Protecting the privacy of our users and their data is a top priority for Facebook. We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

From Yahoo: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”

From Microsoft: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Notably, Twitter, a major international communication platform, didn’t make it on the NSA’s list. Twitter has an admirable track record when it comes to privacy, fighting subpoenas that other companies opt to comply with, and recently scoring an A+ in the EFF's chart ranking the privacy practices of top tech companies. Did Twitter refuse to comply? Were they not even approached? So far the social media company has not come forward with a statement regarding PRISM, even to sing their own praises as champions of privacy.

Indeed all the internet behemoths who are allegedly offering back door access to our data have talked a big game about privacy. They've also for years now been complying with government warrantless requests and subpoenas for access to personal information under current laws in the bloated Patriot Act.

The Washington Post article pointed out that considering the complicated information-sharing relationship between the NSA and web companies, it would be very hard for the agency to build back door access without the companies' knowledge:

In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.

The companies' denials all make sure to point out they're simply complying with the law. Now if the NSA is interpreting that law so broadly as to compromise our Fourth Amendment rights—unbeknownst to corporations enabling them to do so—that's another, far more important, conversation.