Friday, 10 January 2014

How the NSA Almost Killed the Internet

Google, Facebook, Microsoft, and the other tech titans have had to fight for their lives against their own government. An exclusive look inside their year from hell—and why the Internet will never be the same.
On June 6, 2013, Washington Post reporters called the communications depart­ments of Apple, Facebook, Google, Yahoo, and other Internet companies. The day before, a report in the British newspaper The Guardian had shocked Americans with evidence that the telecommunications giant Verizon had voluntarily handed a database of every call made on its network to the National Security Agency. The piece was by reporter Glenn Greenwald, and the information came from Edward Snowden, a 29-year-old IT consultant who had left the US with hundreds of thousands of documents detailing the NSA’s secret procedures.
Greenwald was the first but not the only journalist that Snowden reached out to. The Post’s Barton Gellman had also connected with him. Now, collaborating with documentary filmmaker and Snowden confidante Laura Poitras, he was going to extend the story to Silicon Valley. Gellman wanted to be the first to expose a top-secret NSA program called Prism. Snowden’s files indicated that some of the biggest companies on the web had granted the NSA and FBI direct access to their servers, giving the agencies the ability to grab a person’s audio, video, photos, emails, and documents. The government urged Gellman not to identify the firms involved, but Gellman thought it was important. “Naming those companies is what would make it real to Americans,” he says. Now a team of Post reporters was reaching out to those companies for comment.
It would be the start of a chain reaction that threatened the foundations of the industry. The subject would dominate headlines for months and become the prime topic of conversation in tech circles. For years, the tech companies’ key policy issue had been negotiating the delicate balance between maintaining customers’ privacy and providing them benefits based on their personal data. It was new and contro­versial territory, sometimes eclipsing the substance of current law, but over time the companies had achieved a rough equilibrium that allowed them to push forward. The instant those phone calls from reporters came in, that balance was destabilized, as the tech world found itself ensnared in a fight far bigger than the ones involving oversharing on Facebook or ads on Gmail. Over the coming months, they would find themselves at war with their own government, in a fight for the very future of the Internet.
It wasn’t just revenue at stake. So were the very ideals that had sustained the TECH WORLD since the birth of the INTERNET.
But first they had to figure out what to tell the Post. “We had 90 minutes to respond,” says Facebook’s head of security, Joe Sullivan. No one at the company had ever heard of a program called Prism. And the most damning implication—that Facebook and the other companies granted the NSA direct access to their servers in order to suck up vast quantities of information—seemed outright wrong. CEO Mark Zuckerberg was taken aback by the charge and asked his exec­utives whether it was true. Their answer: no.
Similar panicked conversations were taking place at Google, Apple, and Microsoft. “We asked around: Are there any surreptitious ways of getting information?” says Kent Walker, Google’s general counsel. “No.”
Nevertheless, the Post published its report that day describing the Prism program. (The Guardian ran a similar story about an hour later.) The piece included several images leaked from a 41-slide NSA PowerPoint, including one that listed the tech companies that participated in the program and the dates they ostensibly began fully cooperating. Microsoft came first, in September 2007, followed the next year by Yahoo. Google and Facebook were added in 2009. Most recent was Apple, in October 2012. The slide used each company’s corporate logo. It was like a sales force boasting a series of trophy contracts. Just a day earlier, the public had learned that Verizon and probably other telephone companies had turned over all their call records to the government. Now, it seemed, the same thing was happen­ing with email, search history, even Instagram pictures.
The tech companies quickly issued denials that they had granted the US govern­ment direct access to their customers’ data. But that stance was complicated by the fact that they did participate—often unwillingly—in a government program that required them to share data when a secret court ordered them to do so. Google and its counterparts couldn’t talk about all the details, in part because they were legally barred from full disclosure and in part because they didn’t know all the details about how the program actually worked. And so their responses were seen less as full-throated denials than mealy-mouthed contrivances.
They hardly had the time to figure out how to frame their responses to Gellman’s account before President Obama weighed in. While implicitly confirming the program (and condemning the leak), he said, “With respect to the Internet and emails, this does not apply to US citizens and does not apply to people living in the United States.” This may have soothed some members of the public, but it was no help to the tech industry. The majority of Apple, Facebook, Microsoft, and Yahoo customers are not citizens of the US. Now those customers, as well as foreign regulatory agencies like those in the European Union, were being led to believe that using US-based services meant giving their data directly to the NSA.
“Every time we spoke it seemed to make matters worse,” one tech executive says. “We just were not believed.” Zohar Lazar
The hard-earned trust that the tech giants had spent years building was in danger of evaporating—and they seemed powerless to do anything about it. Legally gagged, they weren’t free to provide the full context of their cooperation or resistance. Even the most emphatic denial—a blog post by Google CEO Larry Page and chief legal officer David Drummond headlined, “What the …”—did not quell suspicions. How could it, when an NSA slide indicated that anyone’s personal information was just one click away? When Drummond took questions on the Guardian website later in the month, his interlocutors were hostile:
“Isn’t this whole show not just a face-saving exercise … after you have been found to be in cahoots with the NSA?”
“How can we tell if Google is lying to us?”
“We lost a decade-long trust in you, Google.”
“I will cease using Google mail.”
The others under siege took note. “Every time we spoke it seemed to make matters worse,” an executive at one company says. “We just were not believed.”
“The fact is, the government can’t put the genie back in the bottle,” says Face­book’s global communications head, Michael Buckley. “We can put out any statement or statistics, but in the wake of what feels like weekly disclosures of other government activity, the question is, will anyone believe us?”
At an appearance at a tech conference last September, Facebook’s Zuckerberg expressed his disgust. “The government blew it,” he said. But the consequences of the government’s actions—and the spectacular leak that informed the world about it—was now plopped into the problem set of Zuckerberg, Page, Tim Cook, Marissa Mayer, Steve Ballmer, and anyone else who worked for or invested in a company that held customer data on its servers.
Not just revenue was at stake. So were ideals that have sustained the tech world since the Internet exploded from a Department of Defense project into an interconnected global web that spurred promises of a new era of comity. The Snowden leaks called into question the Internet’s role as a symbol of free speech and empowerment. If the net were seen as a means of widespread surveillance, the resulting paranoia might affect the way people used it. Nations outraged at US intelligence-gathering practices used the disclosures to justify a push to require data generated in their countries to remain there, where it could not easily be hoovered by American spies. Implementing such a scheme could balkanize the web, destroying its open essence and dramatically raising the cost of doing business.
Silicon Valley was reeling, collateral damage in the war on terror. And it was only going to get worse.

No comments:

Post a Comment