Obama Defends NSA Prism, Google Denies Back Door
You cant have 100% security, 100% privacy and 0% inconvenience, insists President Obama.
Apple WWDC 2013: 8 Things To Expect(click image for larger view and for slideshow)
In defense of classified government surveillance programs that were revealed in the past week, President Obama on Friday offered reassurance that U.S.intelligence efforts are lawful, echoing a statement published the day before by James R. Clapper, Director of National Intelligence.
When it comes to telephone calls, nobody is listening to your telephone calls, President Obama
said
during a press conference at the Fairmont Hotel in San Jose, Calif. As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at peoples names, and theyre not looking at content. But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism.
Clapper said as much in
a statement
issued on Thursday. The program does
not
allow the Government to listen in on anyones phone calls. The information acquired does
not
include the content of any communications or the identity of any subscriber. The only type of information acquired under the Courts order is telephony metadata, such as telephone numbers dialed and length of calls.
[ For an IT chiefs take on NSA Prisms impact, see
NSA Dragnet Debacle: What It Means To IT
. ]
No eavesdropping allegation was made, however.
The Guardian
on Wednesday reported on the existence of a secret court order that requires Verizon to provide the NSA with all records of phone calls on its network on an ongoing basis. The records represent metadata: phone numbers involved in a call, the call time and duration, and location data, for example, but not the words that were said during the call.
In any event, the scope of the U.S. governments surveillance activities go beyond metadata.
The Guardian
and
The Washington Post
on Thursday revealed the existence of a surveillance program called PRISM, which reportedly provides the NSA and FBI with the ability to siphon data directly from the servers of major Internet companies such as Apple, Facebook, Google, Microsoft and Yahoo.
According to
The Wall Street Journal
, the NSA has been getting data from AT&T and Sprint, as well as credit card companies and Internet companies.
PRISM, according to
The Guardian
, gathers data as well as metadata: search history, emails, file transfers and chats.
President Obama acknowledged the collection of online content from Internet companies by noting, Now, with respect to the Internet and emails — this does not apply to U.S. citizens and it does not apply to people living in the United States.
Nonetheless, Internet communications involving U.S. citizens may be caught in the dragnet: Clapper said that PRISM included procedures that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
President Obama noted that the two surveillance programs have been authorized by broad bipartisan majorities repeatedly since 2006. Documents posted on
Cryptome.org
suggest that PRISM has been active since at least 2003. And
The Wall Street Journal
says that intelligence officials trace such broad intelligence gathering back to the Sept. 11, 2001, terrorist attacks.
In an emailed statement, Google insisted it doesnt provide the government with access to user data. Google cares deeply about the security of our users data, a company spokesman said in an email. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government back door into our systems, but Google does not have a back door for the government to access private user data.
Google reiterated and elaborated on this point in
a blog post
attributed to CEO Larry Page and chief legal officer David Drummond on Friday. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period, Page and Drummond state. Until this weeks reports, we had never heard of the broad type of order that Verizon received — an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users Internet activity on such a scale is completely false.
Clapper claims that the surveillance program revealed by
The Guardian
and
The Washington Post
is lawful under Section 702 of the Foreign Intelligence Surveillance Act and that the governments activities conform with established oversight requirements.
Section 215 of the Patriot Act
also appears to be implicated in the governments ability to justify such surveillance.
Taking Googles statement at face value and assuming the press characterization of PRISM is accurate — and late Friday there appeared to be
reason to doubt some of the initial claims
— Google could be simply providing the NSA with access to data as required by law. A June 7
New York Times
story
indicates as much. Theres also the possibility that the NSA could be obtaining Google customer data without Googles knowledge. Evidence of that, however, has yet to be demonstrated.
Googles Transparency Report includes data on government information requests related to criminal investigations. But the company provides only limited disclosure about government information requests under national security laws, specifically the receipt of National Security Letters. In other words, Googles Transparency Report isnt entirely transparent.
Google however clearly wants to reassure users that it isnt just rolling over. Im not sure what the details of this PRISM program are, but I can tell you that the
only
way in which Google reveals information about users are when we receive lawful, specific orders about individuals -- things like search warrants, said Google+ chief architect Yonatan Zunger in
a post
. President Obamas assertion that nobody is listening to your telephone calls suggests that the U.S. governments mining of telephony metadata is nothing to worry about.
But Susan Freiwald, professor of law at University of San Francisco School of Law, said in a phone interview that metadata has significant privacy implications. Its really not true that the content of our communication holds more revealing information than the metadata, she said.
In a phone interview, Jon Callas, CTO of secure communications service
Silent Circle
, agreed that metadata can be very revealing. Its one of the reasons that privacy advocates have been concerned about seizure of phones and looking at call logs, he said.
In a 1996
a paper
about metadata, or communication attributes, Freiwald warned, As it now stands, disclosure of communication attribute information presents an extremely intrusive view into peoples private lives. Unfortunately, the law does little to prevent it.
Today, in 2013, metadata tells even more about us, thanks to the addition of location information, supplied by mobile phones, to say nothing about records of our online activities. Simply put, metadata can lead to criminal charges. It is thus relevant in the context of legal protections guaranteed under the U.S. Constitution.
Freiwald argues that the secrecy surrounding these surveillance programs runs contrary to what we expect from an accountable democracy. She points to the judges who oversee these programs, who are selected by the Chief Justice and who cant be contacted. Theyre not what we think of as a judiciary, she said.
The criticism Ive always had of surveillance programs is when they operate with the insufficient involvement of other branches, we have to rely on executive branch restraint, she said. ..These programs give too much power the the executive branch to operate in secret. The answer keeps coming back, dont worry, trust us. We dont know enough and we need to know more. We need to move as much as we can of this decision making into the light.
Callas observed that when a similar program, Echelon, was revealed many years ago, there was a presumption that U.S. citizens were not the target of information gathering. He said if information about Americans is being gathered by current surveillance programs, he hopes to see some reconsideration of the laws.
Callas believes that one result of the renewed awareness of government surveillance may be that some organizations and individuals will reconsider doing business with online companies that fail to support SSL connections and take steps to secure customer data.
Callas also observes encrypted communication services have some advantages in the current environment, because they cant reveal data that has been properly encrypted. If someone came to us with a National Security Letter, wed hand over the zero records we have, he said.
Tags:
Obama Defends NSA Prism, Google Denies Back Door