HomestoryDigital Privacy › Analysis: Why Google Can Flatly Deny Knowledge of Prism

News Story

Analysis: Why Google Can Flatly Deny Knowledge of Prism

USA TODAY

Google is in a mad scramble to distance itself from the National Security Administration's controversial Prism data mining program.

So are Microsoft, Yahoo, Facebook, Apple, AOL, Skype (now part of Microsoft) and Paltalk -- the other tech companies mentioned in PowerPoint slides depicting the Prism program, slides that were leaked by whistleblower Edward Snowden.

A lot is at stake. The tech giants are all hustling to swell profits derived from products and services tied into the Internet cloud. A necessary ingredient to accomplish that -- consumer trust – has been put under another kind of cloud by the Prism disclosures.

"It's no secret that the tech companies are in damage control right now trying to regain their users' trust," says Jonathan Mayer, fellow at Stanford University's Center for Internet and Society.

At the moment, there is a gap in the facts between what the PowerPoint slides leaked by Snowden appear to depict – and Google's flat denials; in particular, the company insists that its senior executives, at least, never heard of Prism before its splashed into global headlines last week. And Google's disclosure today that did hand over data to the feds, but only using rudimentary technologies, also shows an attempt at incremental distancing.

Claudia Rast, a privacy attorney at Butzel Long, says assertions by Google general counsel Dave Drummond that the search giant used only simple File Transfer Protocal, or FTP service, and even simpler hand deliveries, to honor very narrow data requests from the NSA rings true.

Yes, the PowerPoint slides published by The Guardian clearly identify the tech companies as supplying data to Prism. But the slide graphics really don't specify the technology used, nor the frequency of the requests, nor the scope of the data transferred.

Rast said it would be just plain good legal sense for Google and the other tech companies to treat data requests from the feds very conservatively.

"Legally, a company's not going to allow wide open access to their data," Rast says. "They're going to want specific time frame and scope of the search."

Google's corporate spokesman, Chris Gaither, issued this statement: "We refuse to participate in any program — for national security or other reasons — that requires us to provide governments with access to our systems or to install their equipment on our networks. When required to comply with these requests, we deliver that information to the US government--generally through secure FTP transfers and in person. The US government does not have the ability to pull that data directly from our servers or network."

Gaither's statement is probably air tight, says Scott Cleland, president of consultancy Precursor. That's because corporations routinely take steps to keep its executives in a position to deny knowledge of anything potentially controversial.

"The companies are smart. They would have broadly delegated authority for their company's NSA compliance to a very small number of individuals supervised by a company legal official of some kind; and only those few people would get the security clearances necessary to know what is transpiring," says Cleland.

This compartmentalization, he says, keeps sensitive information in the hands of a few. "The leadership wants and needs to have reasonable and plausible deniability for times exactly like this," says Cleland, who has testified before Congress on several occasions, criticizing Google's business practices.

"Google's whole business model depends on people exercising minimal privacy limits on Google's world-leading collection of their private data," Cleland says. "They understand they must change the conversation from Google being perceived as a complicit bad guy holding the world's largest trove of intimate private info on the most people, to a champion of user privacy and security demonizing government for not allowing more openness and transparency of secret activities."

Rob D'Ovidio, associate professor of criminal justice at Drexel University, says he gets why Google strives for plausible deniability.

Any involvement, whether voluntarily or compelled through a judicial order, in handing over its customers' data to government surveillance officials "will not sit well with its users and likely cause mass migration to other service providers," he says.

Prism could be the tripwire that finally grabs the attention of convenience-minded U.S. consumers, who have been largely oblivious to exhaustive tracking of their every online move by tech companies chasing online advertising revenue. And it's sure to add fuel to the fire in Europe, where the preservation of individual privacy has long been – and continues to be – a touchstone issue.

John Simpson, Consumer Watchdog's privacy project director, says it's crucial for Google and the tech companies to do everything possible to restore the public's confidence.

"The massive database that Google has is a honeypot for the NSA, and the snoops wouldn't be using unconstitutional overreaching surveillance tactics if Google didn't have this data and retain for so long," says Simpson. "Google perhaps wasn't as cooperative as some of the others, but the Internet giant clearly turned over massive amounts of user data."