• Marketing Land
  • Sections
    • CMO
    • Social
    • SEM
    • SEO
    • Analytics
    • Display
    • Retail
    • MarTech
    • Resources
    • More
    • Home
  • Follow Us
    • Follow
  • Marketing Land
  • CMO
  • Social
  • SEM
  • SEO
  • Analytics
  • Display
  • Retail
  • MarTech
  • Resources
  • More
    • Follow
  • SUBSCRIBE

Marketing Land

Marketing Land
  • CMO
  • Social
  • SEM
  • SEO
  • Analytics
  • Display
  • Retail
  • MarTech
  • Resources
  • More
  • Home
  • Newsletters
  • Home
CMO Zone

Did Tech Companies Have Checkout & Delivery System For Gov’t Access To Their Data?

Tech companies named in reports to be part of the NSA’s “PRISM” data gathering program have strongly denied participating in programs giving “direct access” to their servers. But the New York Times is now reporting this may be because they provided indirect ways for the system to at least selectively request and receive data, after […]

Danny Sullivan on June 7, 2013 at 10:52 pm
  • More
NSA PRISM Slide

Tech companies named in reports to be part of the NSA’s “PRISM” data gathering program have strongly denied participating in programs giving “direct access” to their servers. But the New York Times is now reporting this may be because they provided indirect ways for the system to at least selectively request and receive data, after legal review.

The New York Times story, Tech Companies, Bristling, Concede to Federal Surveillance Program, may give the impression that all the named companies were part of the PRISM system, for those who have been following the story. But it never names PRISM and how data would be delivered isn’t how PRISM has been described. It does, however, paint a picture of how the companies might be indirectly part of PRISM.

How PRISM Works: Real-Time Monitoring & Data Access

Before going further into the New York Times story, it makes sense to recap what most people probably think PRISM is so far. Based on reports from the Washington Post and the Guardian, PRISM:

  • Gave the National Security Agency, the NSA, “direct” access to data at Apple, AOL, Facebook, Google, Microsoft, PalTalk and Yahoo
  • The was data “collection directly from the servers” from servers run by these companies
  • Data would include things like email, search history, video and voice chat, photos and voice calls
  • Data was gained with “assistance of communication providers in the US”
  • The FBI was an intermediary for requests
  • Access to the data was “100% dependent on ISP provisioning”
  • Data is only provided when there’s a 51% confidence in “foreignness,” that a target is not a US citizen
  • “They quite literally can watch your ideas form as you type,” said the unnamed whistleblower that leaked details

Those details paint a overall picture of the NSA being able to see everything that happens on these companies’ servers, in real-time, and pull whatever they want from those servers. There are a few points that seem odd, such at the FBI as an intermediary.

What The New York Times Describes

What the New York Times describes is far different than the PRISM system outlined above. There’s no real-time monitoring of data. There’s no instant access to that data. It seems more like what I’d call a “checkout” system that could selectively feed data into the PRISM system.

The story says that all the companies have been negotiating with the US government over more efficient ways it could receive the data it wants, when it has a legal request for it. The story also says that “in some cases, they changed their computer systems” to do this.

It specifically names Facebook and Google having negotiations to build “separate, secure portals” where the government would place data requests — apparently on a one-off basis, and not as best I can tell from my read, by having any type of real-time access or comprehensive collection of everything.

All the companies, the story says, were asked to build this type of “locked mailbox” system but only Facebook is named as having built one. But the story also says that data is shared when “company lawyers have reviewed the FISA request according to company practice.”

How This Connects To PRISM

Bottom line — this feels more like a library check-out system rather than handing over the entire library. To continue that metaphor, the government was interested in suspicious “books” held in one of these companies’ libraries, it would have to go through a legal process to request those. If granted, then the companies had an more efficient way to deliver those books. It might send them via overnight mail, for example, rather than through a slower method.

What might cause the government to flag a suspicious book? That’s unclear. My guess is that perhaps the government might see something unusual data from real-time it data it has perhaps by tapping into ISPs or phone provides, as is done with AT&T, Verizon and Sprint. For example, maybe someone sends an email from the US using Google to a suspicious location in a non-US country, which is spotted because the email goes through a third-party ISP.

That might send up a red flag with PRISM. Then, PRISM might be used to put in a request to learn more about the actual email from Google, one that would be granted after a legal review and approval. The email wouldn’t just be instantly accessible.

How This Connects To The Denials

All the named companies still have to give the data. Even Twitter, called out in the story for not cooperating on building and easier delivery system, would have to give the data. It would be be less efficient for Twitter to respond to those requests, even though ultimately, it would.

None of them, as best I can tell from my read, seem to have made it possible for PRISM to “quite literally can watch your ideas form as you type,” one of the key points about PRISM.

It’s also quite possible that none of the companies know that the request system, if this is indeed what it is and how it works, is considered part of the PRISM system.

Still, if the latest revelation holds up, even if the companies aren’t knowingly active participants in PRISM, the denials seem carefully constructed to avoid mentioning the delivery system they are part of. Further, again if this all holds up, the companies probably had a pretty good idea how they might have gotten confused with or mixed in with the PRISM system.

That would make those denials, especially the latter two from Google and Facebook that plead for more transparency, almost worse. That’s because rather than really being transparent about what’s going on, they were calculated to hold back, rather than provide clarity.

Of course, it is true that the companies might be forbidden from talking about the delivery systems. If so, it feels like they could have figured out some way to say, “we’re not doing this, but there’s also that” better than was done.

Postscript: I heard from someone at one of the named companies who says they work on services that would be involved if PRISM really tapped into their company as described. They note providing a real-time stream of data to the NSA would generate bandwidth usage that would be noticed by hundreds of people in the company (so hard to keep secret). They also added that the systems the New York Times describes seem to be indeed a way they have for delivering data securely when they receive a legal request, since printing it out isn’t really an option. They also stressed no data is given out without a legal request, and there’s no “surveillance” going on.

Postscript 2: Two other pieces on technical details of how PRISM and the separate request system might work, one from Lauren Weinstein & one from ZDnet, are worth a read.

Postscript 3: PRISM, The Tech Companies & Monitoring Versus Requests is a fresh post from me that expands more on the difference in PRISM and what the system above likely provides.

Postscript 4: In a third denial, Google has said it has no “drop box” delivery system. See: Google: Government Has No Back Door, Front Door Or Side Door To Our Data. CNET also has an article with sources saying companies gave no direct access to the US government to their data and suggests the companies aren’t even using a government CALEA system to deliver data ordered for release by a case-by-case basis.



About The Author

Danny Sullivan
Danny Sullivan was a journalist and analyst who covered the digital and search marketing space from 1996 through 2017. He was also a cofounder of Third Door Media, which publishes Search Engine Land, Marketing Land, MarTech Today and produces the SMX: Search Marketing Expo and MarTech events. He retired from journalism and Third Door Media in June 2017. You can learn more about him on his personal site & blog He can also be found on Facebook and Twitter.

Related Topics

Channel: CMO ZoneFeatures & AnalysisLegal: PRISMLegal: Privacy

We're listening.

Have something to say about this article? Share it with us on Facebook, Twitter or our LinkedIn Group.

Get the daily newsletter digital marketers rely on.
See terms.

ATTEND OUR EVENTS

MarTech 2021: March 16-17

MarTech 2021: Sept. 14-15

MarTech 2020: Watch On-Demand

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

February 23, 2021: SMX Report

April 13, 2021: SMX Create

May 18-19, 2021: SMX London

June 8-9, 2021: SMX Paris

June 15-16, 2021: SMX Advanced

August 17, 2021: SMX Convert

November 9-10, 2021: SMX Next

October 2021: SMX Advanced Europe

December17, 2021: SMX Code

Available On-Demand: SMX

×


Learn More About Our SMX Events

White Papers

  • 6 Powerful Ways Experience Analytics Can Help Your Business Now
  • Email Tune-Up: A 5-Point Inspection to Get Your Program in Gear
  • Digital Marketing Report Q4 2020: Benchmarks and Insights for 2021
  • Data SEO – The Next Big Adventure
  • Getting Started with Email Marketing Automation
See More Whitepapers

Webinars

  • The Secret Behind SEO Success: Predict Rank with the Power of Data Science
  • How to Avoid the Digital Transformation Trap
  • How to Build a Marketing System of Record
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

h
Receive daily marketing news & analysis.
Marketing Land
Download the Marketing Land app on iTunes Download the Marketing Land App on Google Play

Channels

  • MarTech
  • CMO
  • Social
  • SEM
  • SEO
  • Mobile
  • Analytics
  • Retail
  • Display

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars
  • MarTech Conference
  • Search Marketing Expo

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff
  • Connect With Us

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • Instagram
  • RSS
  • Youtube
  • iOS App
  • Google Play

© 2021 Third Door Media, Inc. All rights reserved.

Your privacy means the world to us. We share your personal information only when you give us explicit permission to do so, and confirm we have your permission each time. Learn more by viewing our privacy policy.Ok