If you care about internet privacy and government overreach, you've probably been following the recent kerfuffle over the US government's PRISM
program recently reported on by +The Guardian
), the +Washington Post
) and others. I was as shocked as anyone to read the allegations presented in those articles, because they appear to fly in the face of everything I know about the way these systems, and the cultures of the companies involved, operate.
The specific allegations made in the Guardian and WaPo articles are that Google and others are voluntarily participating in a system of government inspection of user data directly on the companies' servers. My immediate reaction was that this was absurd. Of the companies supposedly involved, I know Google the best, and it would be damned near impossible to hide this kind of direct access from the companies' engineers.
This sentiment has since been echoed to varying degrees by others (e.g., +Kenton Varda
and +Yonatan Zunger
), and there's a lot of interesting discussion that you should read on both of those threads if you care about the details.
But what about other possibilities? Perhaps the original articles were overreaching a bit in their interpretation of the leaked PRISM documents (which, oddly, were significantly redacted by the Guardian)? Conveniently, +Alex Stamos
has published a very useful taxonomy of the possibilities here: http://goo.gl/my4SE
. It's a dense read, but worthwhile if you're interested in the details.
My own take is that (for reasons discussed in detail on several of the conversations referenced above), the probability of the original allegations being literally true is close to zero
. It strains credulity to imagine that the NSA has direct access to Google's servers or network infrastructure, without a large swath of the company's engineers (especially in security) being aware. One could allege (as many have) that we on the outside would never know, because of laws (e.g., FISA and NSLs) that prevent the target of a government information request from disclosing its existence. But this is a very simplistic interpretation, for several reasons. First, US laws with this property (to which I object, to be clear) do not allow for indiscriminate collection of data. Second, and more importantly, I know many at Google who would, at a minimum, quit in protest over such a program (I've seen some quit over much
less controversial decisions). Also consider that many
Google engineers (including some working in security) are neither US citizens nor based in the US, and thus largely out of reach of gagged information requests.
This leaves us with external attacks. The theory is that, with the complicity of companies like AT&T and Verizon, the NSA could simply hoover up data passing between Google and its customers, archiving it and interpreting it at their leisure. Stamos' article above goes into some detail on these possibilities. But of course a large proportion of that traffic is encrypted now, making that a lot more difficult (I'd put the odds that the NSA has kept some amazing mathematical breakthrough under wraps pretty close to zero). But what if they'd forced Google to compromise their own SSL keys, or done the same to the root CA? This sounds plausible at first, until you start digging into the details. The first kink is that I believe it's highly implausible that Google network and security engineers wouldn't notice such a huge man-in- the-middle attack. Compromised keys might give them access to unencrypted data, but this kind of attack leaves a detectable signature, and someone would notice it and raise a red flag. This attack is made even more tricky by additional layers of security such as ChannelID (http://goo.gl/dMg4K
) and others that make man-in-the-middle attacks a lot harder.
Since the original Guardian and WaPo articles were published, we have seen what look like categorical denials from Google (http://goo.gl/LNIm8
) and others. Now we've started to see some backpedaling in the press. Business Insider published one article (http://goo.gl/U66eF
) describing WaPo backpedaling on a few important details. Then the New York Times describes (http://goo.gl/J2Mux
) a different system that sounds more like a streamlined system for handling FISA requests, but which falls far
short of the original allegations (I like +Kenton Varda
's take on it - http://goo.gl/Z2qIf
I'm taking the time to write about this because I believe in the importance of both the reality
of government intrusion into private data and the perception
of it. US citizens need to be vigilant on these issues, and put pressure on our elected representatives to make sure we strike the right balance -- and to be clear, I don't
believe secret requests for private information strike a good balance. But in order to do this sensibly, it's important that we understand the real bounds of the problem, so that can have a sensible discussion. Belief in absurd conspiracies can lead to a dangerous cynicism that threatens level-headed debate.
We also need to recognize the effect that our conclusions on the privacy debate have on the US' perception outside our borders. If the world loses confidence in the privacy of their information in the hands of US companies, it could deal a serious blow to our ability to compete in the global marketplace for information services. I don't believe this perspective receives enough attention, and it is incumbent upon those of us who can bend the ears of our representatives, to represent the interests of our friends outside our borders, not solely
for economic reasons, but because it's the right thing to do.