The term ‘direct access’ seems to be the central issue when it comes to the coordinated PR campaign from Silicon Valley, and a new article from The Washington Post seems to clarify it all quite a bit. “Intelligence community sources said that this description [i.e., direct access], although inaccurate from a technical perspective, matches the experience of analysts at the NSA. From their workstations anywhere in the world, government employees cleared for PRISM access may ‘task’ the system and receive results from an Internet company without further interaction with the company’s staff.” This seems to explain why the leaked official documents speak of ‘direct access’ even though the companies themselves deny it. The leaked documentation probably wasn’t written by a technical expert, so he simply used a term that describes the end result (i.e., access whenever, wherever, whatever), but not the actual technical workings (i.e., the system does not directly tap into the companies’ own servers). Update: The Guardian has released a new slide from the NSA slide deck: it speaks of “collection directly from the servers” of several US companies, like Apple, Google, Facebook, Microsoft, and so on. It also mentions directly tapping into the very cables that carry data to and from the US. I wonder how long Silicon Valley will continue to lie and/or legalese around the issue. Man up for once.
The US software companies can only do their best at saving face from all of this. Expect more public denials, but at the same time anonymous source confirmations to the media.
The Washington Post and The Guardian appear to be going tit for tat with the US government with this, likely intentionally holding more on more details as more denials come through.
Meanwhile, individuals and businesses around the world will start considering alternatives to US data providers. This is literally Facebook, Google and cos worst nightmare.
all this kerfuffle, to be honest i’m finding it hard to care, i’m sure it was generally assumed to be going on anyway…
Yeah, the EU already was weary about trusting US corporations with data.
http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-…
Me too. I figured something like this was going on… if not from the government, than from somebody else. As a result, I pretty much assume that any info I give these companies is public knowledge. I think others would be wise to do the same. Doesn’t mean you don’t have to not do business with them, just don’t hand them anything that’s super private.
It would be interesting if someone caught Microsoft/Apple scanning the personal files of its users on their local drives and handing them over to the government. But I don’t think they would be stupid enough to try it
“But I don’t think they would be stupid enough to try it”
I wouldn’t bet money on that.
A set of servers outside the USA and its friends and an email service similar to Gmail would have me for a subscriber today. And goodbye to Google and other branches of the USA government.
You could always use I2P’s email system
http://www.i2p2.de/
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others.
i2P solves point to point anonymity. But this doesn’t solve the anonymity of the data (your personal emails, social networking posts, cloud storage, cloud apps, etc.) stored on the “cloud” server itself.
Edited 2013-06-10 19:48 UTC
Now we get to hear people argue about what “direct access” means. Is the physical act of sitting down at their servers and logging in? Does it mean logging in using a company-owned computer? Does it mean logging in remotely? Does it include the ability for the government to submit a digital request for data via search form where the actual search function accesses the databased directly, but the searcher himself does not?
The debates are about to get really stupid and if you can’t be scared into turning your back on this issue, you’ll be bored into it.
From reading news reports so far, I conclude that NSA is copying and storing all the content data, but not reading it. Then, when they get a court order to examine the content belonging to an individual who is under suspicion, they can start reading it. That way, they will have access to content several years in the past. It’s all legal because they declared it legal.
It’s as if they got a warrant to put a wiretap on somebody’s phone, but instead of recording phone calls starting when they got the warrant, they can listen to phone calls they recorded before they got the warrant.