In spite of denials of working with the NSA, the NY Times says both Google and Facebook were in discussions with the NSA and planning to offer an improved way of sharing information with the NSA.
Whether that meant direct or indirect access or something else is not clear from the news report.
via PRISM: Google and Facebook DID allow NSA access to data and were in talks to set up ‘spying rooms’ despite denials by Zuckerberg and Page over controversial project | Mail Online.
My main point in covering this topic is the loss of trust and reputation harm to cloud-based companies caused by the NSA scandal. Until such time as security for user data can be improved and clarified for the customer, the security of cloud-based services is definitely in doubt. And as I said previously, this will impact international customer usage of U.S. based cloud services.
The keyword is “astounded” – in other words, ignorant:
Surveillance programs like the NSA’s PRISM are “the tip of the iceberg” a US House representative has admitted, claiming she and her fellow lawmakers were “astounded” by the extent of the monitoring when it was explained in a confidential briefing.
via NSA’s PRISM “tip of the iceberg” warns lawmaker “astounded” by spying – SlashGear.
Congressional members admit they were not doing their jobs in overseeing the work of the NSA – they had no idea what the NSA was doing. How do we have meaningful oversight when Congress is ignorant – and fails to attend briefings on the subject. Does Congress care?
This is where things are headed:
“Why don’t they simply ban the American companies”
via Can the United States help locate lost songs’ – The Times of India.
From the ACLU:
“It is the equivalent of requiring every American to file a daily report with the government of every location they visited, every person they talked to on the phone, the time of each call, and the length of every conversation.” Jameel Jaffer, ACLU’s deputy legal director, said in statement accompanying the challenge, maintaining that the dragnet program is “one of the largest surveillance efforts ever launched by a democratic government against its own citizens.”
via Embarrassed USA closes ranks over snooping disclosures – The Times of India.
Which means it may falsely identify thousands of people as potential terrorists for each actual terrorist found.
The article points out to the similarity between the use of sensitivity and specificity terminology common in medical testing. A test that is highly sensitive is likely to have many false positives; a test that is highly specific is likely to miss potential positives. (One of many things I learned in my OHSU medical informatics grad courses – not shown on my resume.)
Ethics Aside, Is NSA’s Spy Tool Efficient? – WSJ.com.
But there are too many unknowns in the NSA process for anyone to come up with a figure that is meaningful. But it could very well be many thousands of false positives for each actual terrorist threat. It may not be particularly cost effective – as pointed out by another writer, tens of thousands of people are killed annually in car crashes – and I think he said about 17 are killed in terror attacks. There seems to be a disconnect between cost-benefit ratio.
“I think we need to do a better job of explaining to the American people exactly what is kept, what are the real restrictions on how—I’m just talking now for DHS, Department of Homeland Security–how we use it, how long we can keep it, how we share it, all those things,” she explained.
via Janet Napolitano Denies Existence of ‘Orwellian State’ | Politicker.
These are the sorts of questions you should ask anyone that is gathering your information, even the local store that asks for personal data.
The NSA is said to record all email communications in the country, and stores it in massive databases for potential future analysis, if needed. Secret to Prism program: Even bigger data seizure – AP Washington Heads – MyNorthwest.com.
Per the post below this one, the NSA told Congress that it does not need a warrant to listen in on current or past recorded phone calls (this violates my state’s wiretapping law). Presumably this thinking applies to current or past emails as well.
(Added 6/16) This CNet article addresses the potential for logging of web access - at a minimum, a log of IP addresses (but not full URLs) would qualify under the same rule that the NSA uses to run their telephone meta data collection.
If true, the NSA lied to Congress, and the NSA staff and those who supported these efforts have violated the Constitution of the United States. This would not be good.
If this concerns you, you may wish to support
Reminder: The NSA is a military agency, not civilian:
Rep. Jerrold Nadler D-NY challenged Muellers statement, saying, “we heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that… In other words, what you just said is incorrect. So there’s a conflict.”
via Report: NSA briefing reveals agency can listen in on your phone calls without court approval | The Verge.
Many more details in this report.
Exactly what I have been saying:
Whatever the details might be, it seems clear that dozens of technology companies — and perhaps even more — have co-operated with the NSA on its surveillance program. And they could pay a high price for doing so.
via Tech companies working with the NSA are making a Faustian bargain — Tech News and Analysis.
… being seen as co-operating with the spy agency is still a fairly huge risk for cloud-based services. Not only that, but co-operating in even a small way makes those companies look like easy targets for further government pressure.
I suspect most American users will continue to use these cloud-services. But foreign users will definitely be looking for other options, not provided by U.S. companies, even if U.S. companies offer new end-to-end security and try to be more transparent about what is going on. Many governments world-wide may require avoidance of U.S. based cloud services for their own applications. This will result in the growth of significant competitors to U.S. based firms; even if the foreign competitors are not as good, the fact that they are not cooperating with the NSA may significantly increase their value proposition to non-U.S. customers.
The damage to the U.S. high tech industry is potentially immense as cloud-based services are the fastest growing sector and have been seen as the next high growth opportunity.