NSA paid millions to cover Prism compliance costs for tech companies (2013)
theguardian.comModerators - Could you please add [2013] to the title?
The article seems to mix up the PRISM and Upstream programs. For more information, I'd recommend either the Privacy and Civil Liberties Oversight Board report of Section 702 collection[1] (VERY long) or this post from Top Level Communications analyzing the PRISM program[2] (much more accessible).
[1] http://www.pclob.gov/All%20Documents/Report%20on%20the%20Sec...
[2] http://electrospaces.blogspot.fr/2014/04/what-is-known-about...
EDIT: corrected link
1. The compensation is provided for in the surveillance state legislation which authorized unconstitutional surveillance of American residents, as well as unlimited surveillance of noncitizens outside the US. To that extent, the payments are no real surprise, to the small number of people who've paid attention to this fiasco from the beginning. Yes, awareness has grown post-Snowden.
2. The payments are compensation for costs of complying with mandatory legal orders. To that extent, they likely aren't the reason why Internet companies are complying, but since they must, their costs are covered.
Of course, they may also be full and willing participants, or could be getting dragged kicking and screaming into this. I've heard stories of varying levels of persuasion across the full spectrum.
However both my points are mentioned clearly within the article, if not well articulated in the headline.
Remember all the "act-surprised-and-disgusted" posts of these involved companies, right after Snowden had started his revelations? Personally, I remember Zuckerberg's "What the F#ck" post very well.
They were right to be surprised and deny it. The initial reporting in the Guardian and Washington Post all said that NSA had "direct access" to the servers of all of these companies. After a few days, it was revealed that the NSA did not, in fact, have direct access to their networks, but instead had a system in place to retrieve data provided by these companies under court order.[1]
The Washington Post quietly revised its article without issuing a formal correction[2], but to date Glenn Greenwald has yet to retract his statement the NSA has direct access to their networks.
[1] http://thedailybanter.com/2013/06/nsa-story-falling-apart-un...
[2] http://www.zdnet.com/the-real-story-in-the-nsa-scandal-is-th...
None of these individual companies would have known about the NSA end of the webservice NSA calls PRISM.
Does the Zuck have a TOP SECRET clearance with read-ins to all the special access programs that would be needed to know about PRISM? Somehow I doubt it.
There was acting going on with those responses alright, but the acting more about pretending they didn't understand how powerful automating warrant compliance was, instead simply playing along to the crowd of hacktivists.
But none of these companies would have known about the NSA side, all they'd have seen would be the company's end of the operation, which would be nothing more than an archival tool of a user's data within a certain filter set followed by an upload tool to some NSA-controlled server. They wouldn't have even known what NSA calls the whole operation.
Weren't they justified in that reaction? As best I have been told and can recall, the CEOs recognised neither the "PRISM" name (presumably because it was an internal label which the government hadn't shared with the webcos?) nor the initial description in the press of the PRISM program (apparently because it was highly inaccurate). In that case it's easy to see how their reaction could be genuine.
Can we stop pretending these companies were not complicit in these programs now?
If we're going to get specific about who is complicit, the vast majority of all people in the US are complicit. They keep electing the same politicians in D.C. (Pelosi, Reid, Boehner, Boxer, Graham, Feinstein, McConnell, McCain etc.), and constantly turn a blind eye to government abuses. Tons of leaders around the world are complicit.
It stands to reason, and should be unsurprising, that the vast majority of all relevant US technology companies would be complicit, seeing as they're under direct forced compliance.
There is broad electorate support for what the NSA does ('keeping America safe from terrorists' - Joe Public), which is why it has escaped an incredible scandal almost entirely un-altered. It's the same reason the Patriot Act still exists, despite the fact that you're historically more likely to die by choking on a hotdog than at the hands of a terrorist.
Yes, yes, and yes. We should stop blaming government officials for this. For all the flaws of American democracy, we still mostly get the government we (collectively) want.
A lot of techies seem to look around at their fellow techies, see little support for ubiquitous surveillance and other erosions of civil liberties, and assume the general population feels the same. They then conclude that the government is doing this for nefarious reasons against the wishes of the people, and that the solution is to make government more representative of popular sentiment.
As far as I can tell, government is already representative of popular sentiment here. If we want to change these things, we need to convince people in general that change is a good idea.
To be fair: they have no choice in whether or not to participate.
Whether or not they're participating willingly or not is another question.
Breaking the model under which they operate is the only real way to ensure that
Maciej Cegłowski's "The Internet With a Human Face" is one of the best examinations of what's wrong, and how to fix it, I've read (though Bruce Schneier and Eben Moglen also do a good job).
> To be fair: they have no choice in whether or not to participate.
That depends on whether there is another country that they could move their companies to, but which does not have similar laws in place :)
Inside the US, data services firms are governed by NSLs and the FISA court, offering impunity by way of legislated immunity and sanction.
Outside the US, they're subject to flat out illegal hacking, offering impunity by virtue of remote access and state-actor status. Though parties whose confidence is violated in that case aren't gagged from reporting this.
Where do we draw the line? It's clearly not willingly if they have a gun to your head. Would you move away from your friends and family for work? If your company announced they were moving out of the country, would you consider your decision to follow our not to be under duress?
These companies could have done more, but I think your standard for coercion is a bit high.
You can move a company without physically moving yourself. This is not a barrier.
How does this establish their complicity? Surely agreeing to cover these costs out of their shareholders' pockets would be complicity, rather than pushing them onto the government?
Thanks to mr Snowden we now all know the massive influence of the NSA and the way they can change/delete trends in the online media. HN is a big website with lots of influence (as is Reddit). Question: Has Ycombinator come forth with a statement they are not under the spell of the NSA?
Given the persistent, and intense criticism on HN of all things NSA since the original Snowden reveal, to say that your question is absurd would be putting it gently.
In fact I've seen no other platform that has had more negative + rational + informed discussion regarding the NSA than Hacker News.
It's not so absurd because all NSA articles dive off the front page when about 15 comments (or something of that nature) are reached.
To be fair, quite a lot of HN users honestly find NSA related articles to be more noise than signal, particularly when they lack technical details and can have the tendency to spiral into political arguments and blind conspiracy theory. One doesn't need to necessarily invoke the specter of government-driven censorship to explain that effect, given the way some stories can overwhelm the site.
Thank you for your comment. I Had not thought about it like that.
YCombinator is an American company which is required to obey the law and comply with the government. The 'spell' you're referring to is for the moment a matter of law.
So yes, they are under the spell of the NSA. That YC still exists and hasn't been pursued ala Lavabit suggests that any requests, if they have been received, have been complied with to the government's satisfaction.
If one doesn't trust Facebook, Google, etc on principle, there is no reason to trust YCombinator or any startup they fund, other than personal bias, because the same principles apply. No one would trust such a statement from another company. YC should be no different in that regard.
Although, as is mentioned elsewhere, HN itself doesn't keep much private data. It probably wouldn't be worth their time to do anything more than monitor this site and inject the occasional bit of propaganda.
">>Has Ycombinator come forth with a statement they are not under the spell of the NSA?"
Considering the existence of "Gag orders", would they even be allowed to tell us? It's not like HN even has any private data really. It's not an Email service, it's not Facebook with privacy-settings. All our comments are very public and as far as I can tell pretty anti-NSA. It would be crazy to think the NSA isn't watching this site. HN, Reddit and Twitter are like the most likely places an uprising would start from.
If you're worried about the email-address you signed up with on HN, just assume the NSA has it(and whatever IPaddress you login from) and go from there.
Not worried, just curious. I'm here with a direct link to my old blog with name and everything...
We can read the link, and we can read your comment. If Y Combinator is 'under the spell of the NSA', they aren't doing a very good job at it.
Or they don't care about moderating a tiny programmer website.
Something doesn't need to be 'big' or mainstream to have an impact. Quite the opposite I'd say. (And I think HN's impact as an influencer should not be underestimated).
The article is from one year ago. Very relevant today, but an year old.
> Since the existence of the program was first revealed by the Guardian and the Washington Post on June 6, the companies have repeatedly denied all knowledge of it and insisted they only hand over user data in response to specific legal requests from the authorities.
How is this statement anything other than a simple untruth on the part of the Guardian?
> How is this statement anything other than a simple untruth on the part of the Guardian?
This article is from last year - IIRC this was the stance of those companies at the time.
It was the proper stance too.
These companies wouldn't have known about "PRISM", they would have known about their own individual subsystems used to tie into some NSA warrant system.
All these companies knew that NSA could get NSLs signed out, or even warrants issued by FISA before PRISM was made public, and they had all received such NSLs/warrants before they setup the infrastructure to handle those NSLs/warrants in a more automated fashion. NSA calls this infrastructure "PRISM", but each individual company wouldn't have been privy to it, because none of those companies would have a "need to know" (or a clearance) about the NSA's own special access programs.
Thanks, I stupidly hadn't checked the publication date.
When submitting old[er] content please include the year (2013 in this case) in the submission's title.
And that is why I host my own shit...
This is in no way a guarantee against surveillance or even compromise, really. We already know blanket persistent monitoring exists so all communication is already collected between your hosted services and any others outside your network. All unencrypted data is analysed in near-real-time and encrypted data is stored for later analysis.
If you're interesting enough to state actors, there's not much you can do.
It's not a guarantee, but on the other hand it does give you stronger Fourth Amendment rights (if the NSA is what you're worried about as opposed to Russia or China, at least).
That's true. What you spend in time and effort, you do gain in less ambiguous legal protections.
I'll add that you do get to control the features you're presented with and your privacy is better shielded from commercial interests. The benefits are many compared to the relative inconvenience and cost.
I'm talking about internal communications, which are kept internal.
I have no assumption about the privacy if something leaves my network, even if it's over SSL (PKI is broken).
Lol seems they left out AMZN.
Old news from Aug 2013.
Yet still relevant,even if you dont like it.Because trust me foreign businesses using US based internet services still care about that huge scandal.