Evolution Of The PRISM Denials: This May Be Why They Seem So Similar

Source: Washington Post, The Guardian

Source: Washington Post, The Guardian

Quite a bit of debate has emerged by how similar these various denials of PRISM involvement are from the tech companies involved. I think they’ve all evolved naturally from each other and from the stories they were responding to. This is my reasoning.

Google & The “Back Door”

Both the Washington Post story and the Guardian story had this statement from Google in their stories when they initially ran:

Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door‘ into our systems, but Google does not have a ‘back door’ for the government to access private user data.

I don’t recall seeing denials from other companies, when these stories first appeared. Maybe I missed them, but I’m pretty sure they weren’t there, because almost immediately after the stories came out, I started working on our story with reactions from the tech companies — which turned into a long list of denials.

If you see more denials now, that seems largely because after denials came out, they were added to the stories — something that’s not noted in the stories.

Why’s Google talking about a back door? My guess is because it was asked about this by one of the publications, probably the Washington Post, which I believe was slightly earlier than The Guardian to publish. The Post has this in its article:

When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.

If you ask a company if it’s providing a back door, that increases the chances it will respond using that particular language.

The Google statement was out at least around 3:30pm PT, because I emailed Google about it at that time, asking them to reconfirm it for me and to specifically ask:

 is Google part of this PRISM program and, if so, how does it grant access to data and what types?

Google reconfirmed this about 3 minutes after I asked but also added it had no knowledge of the program and wasn’t participating in it. That was the answer to my second question, but it wasn’t on record and part of the statement I was allowed to use. That caused me to go back to Google to see if I could get it on record.

Apple & “Never Heard Of PRISM” &  ”Direct Access”

While I was waiting on Google, the next denial I saw came from Apple, which came around 4pm PT as quoted by CNBC. To repeat it:

We have never heard of PRISM. We do not provide any government agency with direct access to our servers.”

I’ve highlighted two key parts, because they’re important. The “direct access” part comes up almost certainly because by then, Apple had seen the stories that talked about it providing direct access to its servers. From the Washington Post:

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies….

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”….

Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information….

Now, the first two paragraphs I’m pretty sure were part of the original story. Someone reading that story might have contacted Apple — perhaps CNBC — and asked if Apple gave “direct access” or something similar based off of it. The third paragraph was added, I think, as the Washington Post updated its story.

As for the Guardian:

Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers….

But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers….

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users….

Jameel Jaffer, director of the ACLU’s Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data….

I think all those paragraphs were part of the original story. Again, you can see “direct” or “direct access” being used often, so if Apple was asked by someone reading these stories, it’s natural that it would use the same language in response.

Back To Google & No Knowledge

By 4:49pm PT, I got permission to get specific about Google’s denials — that it wasn’t just saying there was no backdoor but also that it wasn’t involved with PRISM specifically. As best I can tell, I was the first to report that particular aspect. It was important, because by then, various people on Twitter were chattering about what Google “really” meant with the back door denials. IE, sure, it could say there was no “back door” if the NSA was being allowed through the “front door.”

Going on record to say it wasn’t part of PRISM seemed a pretty clear-cut denial to me. And as I worked on further on getting answers back from other companies, I asked specifically about PRISM. That leads to Facebook.

Facebook & “Direct Access”

I can see that at 4:48pm PT, I emailed Facebook to reconfirm a statement it had given The Next Web. That was the first time I’d come across a Facebook statement, so it probably came out very close to that time. I don’t recall seeing any Facebook statement before Google and Apple, not that I recall. It said:

We do not provide any government organization with direct access to Facebook servers.  When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.

Why’s Facebook using the phrase “direct access?” My guess is for the reason why Apple did — it was asked about the story with that language, or it was responding to that language being used in the stories. Or both. Or triple-threat, it had seen the Apple statement and figured it wasn’t going to go wrong using the same type of denial.

Conspiracy! Not really, not for anyone who has seen companies react when all questioned about anything that might be touchy. They aren’t responding the same way because there’s a secret puppet-master behind the scene. They’re responding that way because like lemmings, that’s the way the herd is going. Though hopefully, not over a cliff.

Facebook confirmed the statement with me at 4:59pm PT. As with Google, I went back to ask Facebook if it could specifically say it wasn’t part of PRISM. It confirmed that at 5:05pm, and I pushed that live into my story. As with Google, I think that’s the first time Facebook went on record specifically denying PRISM.

Microsoft: Unique!

I asked Microsoft for a statement at 5:06pm PT, as I hadn’t yet seen one anywhere. Then I spotted one up on The Verge at 5:11pm (because I emailed Microsoft at that time to reconfirm it):

We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.

Microsoft’s statement doesn’t use any of the language of the others. It could be because of various reasons. Interestingly, Microsoft — unlike the others I’d talked with at this point — refused to specifically say it wasn’t part of PRISM.

Yahoo: More About “Direct Access”

I asked Yahoo for a statement at 5:16pm PT, as I hadn’t yet seen one anywhere. It came back with this at 5:19pm PT:

Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.

Now, the quick turnaround indicates the statement was ready to go, though I hadn’t seen it published anywhere yet. Chances are, it was — that some other publication had asked earlier, so one was ready. And it’s probably so similar to Facebook and Apple because it was responding to the same story and very likely, Yahoo at this point had seen statements from both Facebook and Apple out there already.

That was it for me, yesterday. AOL never got back to me that day (or anyone, I’m pretty sure) and PalTalk — which no one really gets being part of all this — had a no comment, probably because (I’m guessing) they’re a small company with a small PR team that was likely going WTF?

Today’s Statements

Today, we got statements from first Google, then later Facebook that had similar sounding language, in particular about no “direct access” and never having heard of PRISM before yesterday.

My reaction to those similarities was largely, “Duh.” If you’d been watching how the stories emerged, what they said and who responded when, it seems pretty natural why these statements sound similar — and it’s not because of that puppet master pulling strings.

Separately from this, from all my reading so far, my best guess as to what’s going on is that the NSA may have access to ISPs that in turn give them lots or all of the data flowing from these companies but that those who have said they aren’t part of PRISM really aren’t.

It would be extraordinarily stupid to have such strong denials if these companies are knowingly part of these programs. And for those who say, “well, the law might force them to lie,” no. National security laws have prevented companies from revealing they’ve given over data, but I haven’t seen cases forcing them to lie.

That means, if they’re really involved and can’t say, I’d expect a “no comment.” In fact, I’d have expected a loud “no comment” because most of them probably wouldn’t want to do this. But to say flat-out they don’t know about this program and aren’t part of it? I tend to believe that while a program may be out there that somehow gathers their content, that’s not because they know about it.

And anyone can slap a company’s logo on a slide and claim it’s a partner. We’ve only seen 3 of these 41 slides out there that the Washington Post and the Guardian have, and again, personally, I’d like to see much more of what they have so we can better understand specifically what’s going on, assuming that’s not going to put anyone in danger.

Postscript: The New York Times is out now with a story that suggest these companies have been asked, and in some cases knowingly built copies of their data that the government could access. It suggests that part of the “direct access” language might indeed be a way to cover the fact that there are these other services that might as well be direct access.

Also see our analysis of the story, Did Tech Companies Have Checkout & Delivery System For Gov’t Access To Their Data?

Related Articles

Related Topics: Channel: Consumer | Legal: PRISM


About The Author: is Founding Editor of Marketing Land. He’s a widely cited authority on search marketing and internet marketing issues, who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn

Marketing Day:

Get the top marketing stories daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. You can read more about our comments policy here.

Comments are closed.

Get Our News, Everywhere!

Daily Email:

Follow Marketing Land on Twitter @marketingland Like Marketing Land on Facebook Follow Marketing Land on Google+ Subscribe to Our Feed! Join our LinkedIn Group Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Marketing News!

Marketing Day is a once-per-day newsletter update - sign up below and get the news delivered to you!