As the NSA surveillance story goes from bad to worse to Philip K. Dick, some of the Silicon Valley companies implicated in the so-called "PRISM" program are denying that they've ever heard of it.
PRISM, as you probably heard by now, lets the FBI access the central servers of several major companies — Microsoft, Apple, Facebook, Yahoo, Google, PalTalk, AOL, Skype, and YouTube. From there, they can pretty much look at anything they want, including emails, photos, audio (including voice-chats), and video. Within hours of the astonishing Washington Post scoop, the named companies began releasing statements saying that the PRISM program was news to them, too:
Apple: According to the Wall Street Journal, Apple says they've "never heard" of it, adding "We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order." Apple was the most recent company to join the PRISM program, according to a training slideshow published by both the Post and the Guardian.
Google: The company sent the following statement to both the Post and the Guardian. It's not quite as strongly worded as those from Apple and Facebook, the other early birds on the statement front: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'backdoor' into our systems, but Google does not have a 'backdoor' for the government to access private user data."
Facebook: Here's their statement, provided to TechCrunch: “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
Yahoo: Also a denial, apparently.
Yahoo on PRISM, finally: "Yahoo! takes users' privacy very seriously. We do not provide the government with direct access to our servers..."— Tim Bradshaw (@tim) June 7, 2013
Microsoft: The company told the Verge that "we provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” (for what it's worth, Microsoft owns Skype, so this statement might also reflect their response, too. We'll see if they release their own take on the story, however).
Dropbox: Dropbox is listed as "coming soon" to PRISM in the report. So they've released a statement, too: “We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”
Meanwhile, others have started weighing in.
The Organizations Who Were Trying To Tell You About This All Along: Both the Electronic Frontier Foundation (who spoke to us after last night's initial NSA story) and the Free Software Foundation have commented on the PRISM story as well. The EFF spoke to ArsTechnica tonight, explaining why the denials might not be that potent:
"Whether they know the code name PRISM, they probably don't," he told Ars. "[Code names are] not routinely shared outside the agency. Saying they've never heard of PRISM doesn't mean much. Generally what we've seen when there have been revelations is something like: 'we can't comment on matters of national security.' The tech companies responses are unusual in that they're not saying 'we can't comment.' They're designed to give the impression that they're not participating in this."
The Free Software Foundation, meanwhile, told the Atlantic Wire that they hoped the news would prompt more people to think about controlling their own data. Here's Executive Director John Sullivan's statement:
"Massive privacy intrusions like this are to be expected when people shift from storing their media locally and using local software, to storing them on other people's servers and using hosted (Web) applications. Giants like Microsoft, Facebook and Google are vulnerable to government requests for user data, and there are better, more secure ways to share information online."
Decentralized (and yeah, much more obscure) programs like GNU MediaGoblin, StatusNet, Diaspora, pump.io, Tahoe-LAFS and SparkleShare are better options, he added.
The Wall Street Journal: The paper published what appears to be an unfortunately-timed editorial Thursday evening dismissing many of the concerns raised last night after the Guardian's original NSA scoop: "Well, another day, another Washington furor. This one is over a National Security Agency phone data monitoring program, but unlike the other White House scandals there seems to be little here that is scandalous," it begins. Strangely, the paper was the first to report on Thursday that the record collection program includes AT&T and Sprint customers, too.
The U.S. government: An unnamed senior official said to Reuters the following about the Washington Post and Guardian stories:
Communications collection program referred to in Guardian, Washington Post does not allow targeting of US citizens/persons in US #breaking— Reuters US News (@ReutersUS) June 7, 2013
Which, it should be noted, is not really a direct denial of the media stories as they stand. UPDATE: Here's the full statement:
Full statement from senior administration official on PRISM revelationstwitpic.com/cvozy8— Sam Stein (@samsteinhp) June 7, 2013
The Office of the Director of National Intelligence has also released a response, stating that the "The article omits key information regarding how a classified intelligence collection program is used to prevent terrorist attacks and the numerous safeguards that protect privacy and civil liberties." More here.
The White House: We'll just leave this tweet from Thursday night here:
We'll update here with more statements as they become available.