Both the Washington Post and The Guardian are out with stories saying that several major Internet companies gave the US National Security Agency direct access to user data on their servers by participating in what’s been named as the PRISM program. But, Google, Apple & Facebook flat-out deny being in that program, while Yahoo and Microsoft have issued general denials.
Google, it denied participation in PRISM to us, when asked specifically about the program, plus gave us the standard statement it has been issuing:
Google cares deeply about the security of our users’ data.
We disclose user data to government in accordance with the law, and we review all such requests carefully.
From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
Similarly to Google, Facebook specifically ruled out that it is part of PRISM and also told us:
Protecting the privacy of our users and their data is a top priority for Facebook.
We do not provide any government organization with direct access to Facebook servers.
When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.
That doesn’t rule out PRISM specifically, as Google and Apple do, but I’ve reached out to Facebook for a clarification to see if it can be more specific.
“We have never heard of PRISM. We do not provide any government agency with direct access to our servers.”
AOL said in a blog post:
We do not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers.
Yahoo has sent us this general denial:
Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.
That’s not specifically denying PRISM, but we’re checking on that. Both Google and Facebook originally had general denials that, when asked further, were expanded to specifically name PRISM.
Microsoft has sent us this general denial:
We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis.
In addition we only ever comply with orders for requests about specific accounts or identifiers.
If the government has a broader voluntary national security program to gather customer data we don’t participate in it.
That’s not specifically denying PRISM, and Microsoft said that the statement above is all that it’s providing, when asked specifically about PRISM. I suspect it does mean for it to be a denial of PRISM involvement, but we’ll see if the company gets more specific.
The last company named, PalTalk, has issued a “no comment” according to VentureBeat.
For more on the story, see our overview article, Scope of Alleged Spying On Americans’ Internet Activity Massive, “Beyond Orwellian”. See also developing coverage here on Techmeme.