What Are The Tech Giants Doing In The FISA Court? Part 1: Background
By now, the name Edward Snowden should be familiar to you. When the former intelligence contractor’s revelations about the National Security Agency’s now-infamous PRISM program were first reported by The Guardian earlier this year, they raised serious questions not only about the breadth of the government’s surveillance apparatus, but to what extent had the major Internet and technology companies participated and acquiesced to such a sweeping program.
Or, to paraphrase a Watergate-era question: What did the technology companies know and when did they know it?
As a result of those revelations, in early September Google, Facebook, Microsoft and Yahoo! filed motions with the U.S. Foreign Intelligence Surveillance Court (FISC) seeking permission to release aggregate statistical data about the requests the companies have received pursuant to the Foreign Intelligence Surveillance Act (FISA).
What exactly does this mean and how did we get here?
PRISM Reports in the Media
From the beginning, many of the news stories reporting on PRISM suggested some level of cooperation between the NSA and companies such as Google, Yahoo!, Facebook, Microsoft and others. The initial Guardian piece, for example, opens with the following statement: “The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US Internet giants, according to a top secret document obtained by the Guardian.”
Further down in the article, we learn that:
Some of the world’s largest Internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan “Your privacy is our priority” – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.
On the same day, The Washington Post published an article that began:
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets …
Not surprisingly, all of the companies identified in these claims immediately denied any knowledge about the program, as well as their alleged assistance and support of its activities. The day after the story broke, Google’s CEO Larry Page, and its Chief Legal Officer Larry Drummond, published a blog post in response to the allegations. In the post, Page and Drummond assert that Google has “not joined any program that would give the U.S. government—or any other government—direct access to [Google’s] servers.”
While admitting that Google does provide certain user data to governments, the post goes on to say the company does so “only in accordance with the law.” Page and Drummond were also careful to note that the U.S. government is not accessing information stored by Google through some “back door” channel, and they maintain that Google only learned of the existence of the PRISM program the previous day.
In addition to the denials asserted by Google, Facebook’s CEO Mark Zuckerberg published his own message in response to the story, stating:
Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if it is required by law.
Regardless of the who-knew-what-when debate and any claims made in support of the companies’ public relations strategies, skepticism about how forthcoming the technology giants were being continued in the ensuing months as more information was released. In a post by the Guardian in August, for instance, it was reported that the NSA “paid millions of dollars to cover the costs of major Internet companies involved in the Prism surveillance program.” Following this report, according to The Washington Post, the companies either denied such accusations or refused to respond.
As can be expected, these kinds of drips and subsequent denials have fueled the perception that a closer relationship exists between some of the technology giants and the government than any of the companies care to admit.
Which brings us to the most recent filings, which I’ll discuss in Part 2 next week.