2013 06 10 NYT Tech Companies Tread Lightly in Statements on U.S. Spying – NYTimes.com
Tech Companies Tread Lightly in Statements on U.S. Spying
Robert Galbraith/ReutersMark Zuckerberg, chief of Facebook, one of several companies that denied a direct role in government spying.
Someone’s not telling the whole truth.
In the wake of the news leak that the National Security Agency is engaged in a wide-ranging surveillance program of Internet users through a system called Prism, the world’s biggest technology companies responded by unilaterally denying any involvement in the government’s spying apparatus.
Mark Zuckerberg, Facebook’s founder and chief executive, declared: “Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers,” adding that, “We hadn’t even heard of Prism before yesterday.”
Larry Page, Google’s co-founder and chief executive, went slightly further. “The U.S. government does not have direct access or a ‘back door’ to the information stored in our data centers,” he said. Apple, Microsoft, AOL and Yahoo followed with denials as well.
And yet President Obama and the United States director of national intelligence, James R. Clapper Jr., have publicly confirmed the existence of the Prism system, without providing any details about it.
Of course, the news — as well as the responses — raises doubts about who is telling the truth and about how extensive the spying program really may be.
But perhaps just as important, the episode also raises questions about how publicly traded companies with hundreds of millions of consumers — companies that are regulated by the Securities and Exchange Commission and the Federal Trade Commission — can, and should, react to news when pressed about involvement in confidential government programs.
“They are in a very difficult position,” said Thomas A. Sporkin, a former S.E.C. enforcement official and now a partner at Buckley Sandler. “On one hand they want to project an image of protecting your privacy. On the other, they have statutory obligations to keep government programs confidential” or potentially risk criminal charges if they exposed a secret government program.
Companies could also face a problem if their disclosures were misleading to investors, but only if they materially affected the stock price or had some other adverse effect, lawyers said.
These companies did not just say “no comment.” They flat-out denied involvement. Mr. Sporkin said, “They are probably not being completely forthcoming, but they are probably not lying.” He noted that the statements were highly vetted by legal teams.
While the companies might have wanted to stick in “no comment” mode, a version of peer pressure kicked in, said one chief executive who spoke on the condition of anonymity because of the fragility of the situation. Once one company issued a flat denial, the others felt they had to follow suit, he said.
Indeed, the statements that companies like Facebook and Google made are probably truthful if taken literally. I don’t doubt Mr. Page when he said, “Press reports that suggest that Google is providing open-ended access to our users’ data are false, period.” The title of his statement, which appeared on Google’s corporate blog and was also signed by the company’s chief legal officer, David Drummond, was “What the…?”
But I also don’t doubt another part of his statement that was frequently overlooked: “We provide user data to governments only in accordance with the law.”
In other words, when the government makes a legitimate request — and through Section 702 of the Foreign Intelligence Surveillance Act, which was highlighted by the leak, the government can seek vast troves of information — Google and others comply.
It is possible, for example, that Mr. Page and Mr. Zuckerberg had never been told that the government’s program was called Prism. And it is highly unlikely the government has a password granting access to company servers despite early reports quoting a government document that used the phrase “direct access” and now appears as if it overstated the case.
At the same time, however, companies like Facebook and Google have clearly worked with the government to create systems to transfer vast amounts of private data that is sought by the N.S.A. and other government agencies. The New York Times reported last week, based on people briefed on the matter, that Google and Facebook discussed plans “to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers.”
That is different from the idea that the government has “direct access” to corporate servers, but it still means that the companies are providing the government with enormous amounts of data.
One explanation for the distinction between the corporate denials and the leaked presentation was explained this way in The Washington Post, which along with The Guardian posted several slides from a 41-page presentation about the Internet program: “It is possible that the conflict between the Prism slides and the company spokesmen is the result of imprecision on the part of the N.S.A. author.”
Senior executives I spoke with at many of the technology companies cited in the Prism documents said they routinely provided the government with requested data, in some cases months’ worth of e-mail traffic for a certain address. They have teams of people whose entire job is to work with the government to comply with such requests, which come in daily if not more frequently. Once that information is transferred to the government, an agency can store that data and sort it, integrate it with other data to their heart’s content.
Mr. Sporkin, for example, said that when he was at the S.E.C., the agency would regularly make requests for stock trades and then store that information so it could use it later, sorting it and mixing it with other sources of data.
Most technology companies have a “terms of service” agreement that requires users to accept such a provision before signing up. Buried in the fine print of Facebook’s is this: “We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so.”
Theoretically, a clever lawyer could make the case that the companies’ public denials have now become part of the terms of service and that customers are relying on them to be true. If those denials turn out to conflict with actions in the future, the companies — again theoretically — could face trouble with their customers and even possibly another arm of the government, like the F.T.C., setting up a true conundrum.
So while the nation’s biggest technology companies may not be a part of systematic large-scale spying program, it is clear that they are legally required to play a significant role in funneling data to the government. That leaves them on a tightrope balancing what they can say to their customers and investors while complying with their obligations to keep the government’s secrets.