The Edward Snowden leaks have fostered a cottage industry in softening or repositioning the involvement of elected officials and technology companies. Given that few of us can be sure we won't be implicated for our role in that surveillance in the future—can you?—here are some do's and don't's for downplaying your role in the process based on new statements from Sen. Dianne Feinstein and Microsoft.
In our effort to ensure the most informative article possible, these statements are as fresh as they come. Microsoft's new statement is an upgrade to its initial response after its name was mentioned in association with the NSA's PRISM data collection system. At that point, the company issued a tepid response: "If the government has a broader voluntary national security program to gather customer data we don't participate in it." That was undermined somewhat by a report last week detailing Microsoft's role in a broader national security program to gather customer data. So, today's substantially longer offering.
Feinstein's was made public by Jennifer Granick, director of civil liberties at Stanford Law's Center for Internet and Society.
What can we learn from these denials?
Lament that you can't share as much information as you'd like.
Both Feinstein and Microsoft explain that their ability to defend themselves is hampered by the fact that they can't offer as much information as they'd like.
Please know that it is equally frustrating to me, as it is to you, that I cannot provide more detail on the value these programs provide and the strict limitations placed on how this information is used.
Government lawyers have yet to respond to the petition we filed in court on June 19, seeking permission to publish the volume of national security requests we have received. We hope the Attorney General can step in to change this situation.
Until that happens, we want to share as much information as we currently can.
Remind the reader that you're simply obeying the law.
Not only has Congress been briefed on these programs, but laws passed and enacted since 9/11 specifically authorize them. The surveillance programs are authorized by the Foreign Intelligence Surveillance Act (FISA), which itself was enacted by Congress in 1978 to establish the legal structure to carry out these programs, but also to prevent government abuses, such as surveillance of Americans without approval from the federal courts. The Act authorizes the government to gather communications and other information for foreign intelligence purposes.
First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.
Gloss over the tricky parts.
First, I understand your concerns and want to point out that by law, the government cannot listen to an American's telephone calls or read their emails without a court warrant issued upon a showing of probable cause.
(This is not strictly accurate, as several people have pointed out. And as the NSA documents reveal.)
Hey, DiFI, here's a long list of conditions where NSA can look at U.S. communications w/o a warrant. http://t.co/HZc6aQHLoW— Julian Sanchez (@normative) July 16, 2013
Meanwhile, here's The Guardian on how the NSA reads Skype:
According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.
The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."
We continue to enhance and evolve the Skype offerings and have made a number of improvements to the technical back-end for Skype, such as the 2012 move to in-house hosting of “supernodes” and the migration of much Skype IM traffic to servers in our data centers. These changes were not made to facilitate greater government access to audio, video, messaging or other customer data. ... Even in these circumstances Microsoft remains committed to responding only to valid legal demands for specific user account information. We will not provide governments with direct or unfettered access to customer data or encryption keys.
Bring the reader back to the big picture.
These surveillance programs have proven to be very effective in identifying terrorists, their activities, and those associated with terrorist plots, and in allowing the Intelligence Community and the Federal Bureau of Investigation to prevent numerous terrorist attacks. More information on this should be forthcoming.
Cutting through the technical details, all of the information in the recent leaked government documents adds up to two things. First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.
This is a bit more detailed than that original statement. Which brings us to our final point:
Be prepared to amend and update your arguments as needed.
Photo: Feinstein takes the oath. (AP)