It is not just the data that matters in this NSA surveillance mess

Several days ago, we broached the issue of Google and trust in the consumer arena, and how people perceive Google’s use of personal data in its operations to generate advertising revenue. One of the initial references was made to Sundar Pichai’s answer to the question of why someone should not be nervous about what Google does.  The debates that followed among everyone in the comments were entertaining and informative. However, one thing that was not observed was that Mr. Pichai did not really answer the question.

We were going to discuss reasons why people do not trust Google, but in light of the news over the past couple days, the issue has taken a different shape. By itself, it does not matter for many people in the US who are now trying to grasp the depth of the surveillance activities of the National Security Agency.

Unfortunately, it appears that these massive depots of information storage, Google, Facebook, Twitter, et al, are simply too attractive a source for data mining outside their intended purpose (advertising) and are finding another use given the activities being performed under the auspices of the Foreign Intelligence Surveillance Act (FISA, passed in 1978).

When you read the statements from the companies involved, one thing should be apparent, data was indeed shared. Moreover, from the looks of things, it seems like these big players, most notably Google and Facebook, were, in fact, working with the NSA to actually build separate portals with which the government could request information and the companies would deposit said information. To put it plainly, they made it easier to transfer data.

Twitter was also approached by the government to develop a similar mechanism, however Twitter declined to do so. FISA requests are legal, and they are secret, recipients are often under a gag order to not even acknowledge an order’s existence, but they do not mandate that it be easier for the government to grab information.

Indeed, it looks like instead of a back door (something that so many paranoid people worry about), the government was given a back room at some of these companies. Sometimes, the government has a front row seat too. According to The New York Times, an NSA agent visited a tech company in Silicon Valley to observe a suspect involved in a cyberattack. The agent installed government software on the servers and remained there for weeks downloading data onto government hardware. Sometimes, the NSA is seeking real-time transmission of data.

Google, Twitter and Microsoft are well known for issuing transparency reports. In fact, the recent report by Google provided a glimpse of the type of activity it deals with regarding requests via National Security Letters from the FBI. However, that activity paled in comparison to the breadth and depth of surveillance apparently being performed by the NSA.

As it is, the carefully worded statements against the reality of action taken do just enough to skirt a perception of complicity, but these actions in the wake of their rhetoric are just as worrisome as the government surveillance. Phrases like not allowing “direct access” and not providing a “back door” are meaningless in the scheme of things. A back door would infer access that the host is unaware of. Direct access means unfettered access. Just because there was no direct access (arguably refuted by the Times article), that does not mean there was no access. Just because Larry Page and Mark Zuckerberg have never heard of PRISM, that does not mean they were not acutely aware of data mining activity by the government.

So in a broader context as to why people distrust Google (or Facebook, or Microsoft, ad infinitum), it is not so much what they do with the data we entrust to them, it is dichotomy of their words versus their deeds. Calls for transparency ring hollow when these companies do not combine resources to actually make that a reality. Instead, they hide behind a government blanket as if to say, “We were helpless to do anything.”

Larry Page bemoaned the need for openness when speaking at Google I/O last month. He used Google+ to share insight about a health condition that affected his vocal chords. He felt such sharing could become a boilerplate for others that may be seeking treatment for other conditions in a utopian open environment. Privacy issues aside, Mr. Page repeatedly advocates his vision to a utopian world with few barriers for information. He advocated again today the need for transparency (as did Mark Zuckerberg).

Taking the legality aside for a moment, and thinking back to the idea of trust, the issue is not simply that the data was mined by the government to look for patterns in the noise, what should be just as glaring to you is how these companies are reacting to it. They are all denying involvement and calling on the government for more transparency when the trend of activity shows everything becoming more opaque, especially since it is known that data on "innocent" people was gathered "by mistake."  When coupled with government surveillance of US based journalists, these activities are certainly the tip of the iceberg. 

Google was able to surpass one hurdle by being able to acknowledge the NSLs it received did in fact exist. If this activity is widespread enough, there is nothing stopping these companies from taking the first step. Sunlight is an amazing disinfectant, and as the US government is supposed to be a reflection of the people that elect it, if those people (including these companies) want more transparency, it may very well be their burden to provide it.

references: The New York Times, TechCrunch, Foreign Policy, EFF, NBC News

Below is a short video with the Director of National Intelligence, James Clapper responding to an inquiry from Oregon Senator Ron Wyden on whether NSA collects data on Americans.  The answer is in direct conflict with what we know now.