The US government has no back door, front door or side door into our data, Google effectively said today, with its third PRISM-related denial. Each denial keeps stressing that Google doesn’t provide any type of constant stream of data to the government, that Google only hands over data on a case-by-case basis, after a legal order and review.
I’ll do today’s statement from Google, but I thought it would be better to do all of them, in the order issued.
Thursday: No “Back Door”
Here’s the first, which came out on Thursday. I’ve bolded the key parts:
Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully.
From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
That statement didn’t rule out some type of “direct access,” instead denying “back door” access. That omission caused some to wonder if Google was using clever wording to avoid acknowledging that it gave access through some type of “front door” system.
My previous story, Evolution Of The PRISM Denials: This May Be Why They Seem So Similar, explains why I think the term “back door” was used, primarily because that’s what was being raised in news reports and perhaps what Google was being asked about.
Google’s statement also stressed that all reviews are handed over through a legal process that’s done after a review, which inherently precludes some type of constant monitoring that the initial reports of PRISM suggested were happening.
Friday: No “Direct Access” & Never Heard Of PRISM
You may be aware of press reports alleging that Internet companies have joined a secret U.S. government program called PRISM to give the National Security Agency direct access to our servers. As Google’s CEO and Chief Legal Officer, we wanted you to have the facts.
First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.
Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
Finally, this episode confirms what we have long believed—there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible. We were the first company to do this. And, of course, we understand that the U.S. and other governments need to take action to protect their citizens’ safety—including sometimes by using surveillance. But the level of secrecy around the current legal procedures undermines the freedoms we all cherish.
That denial stressed again that any information handed over happened on a case-by-case basis, after a review.
This post also seemed to have been designed to take care of the direct access omission, and it also stressed that Google hadn’t even heard of PRISM. However, because that language was similar to statements made by others, it sparked another round of questioning the denial in some quarters.
Again, Evolution Of The PRISM Denials: This May Be Why They Seem So Similar explains why I felt there was a good reason why all these denials were so similar. But late on Friday, the New York Times had a story that suggested there was some type of secure servers being used by Google and other companies to transmit information.
That suggested that the denials were carefully constructed to avoid mentioning these servers, perhaps because by law, Google and the others might not even be able to talk about them.
Saturday: No “Drop Box” or “Blanket Orders”
From today’s post:
We cannot say this more clearly—the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media. It is quite wrong to insinuate otherwise. We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. And we have taken the lead in being as transparent as possible about government requests for user information.
Once again, Google stresses that there’s no on-going feed of information to the government. Data is handed over only on a case-by-case basis.
Today’s denial also seems to go directly against the New York Times story, saying it has created no such secure delivery system for the government.