Can We Trust Tech Companies In A Post-PRISM World?

    June 15, 2013

Trust is something that’s earned, not given. Over the past decade, we’ve come to trust tech companies with our data because they promised to keep it secure. That trust was called into question earlier this month.

In early June, it was revealed through a number of leaks that that NSA was spying on phone and Internet communications. The latter was most troubling as the leaked document alleged that the tech companies we have come to trust – Google, Facebook, Microsoft and more – were handing over data to the U.S. government. Since then, these same companies have been trying to repair the trust between themselves and the consumer. The question now is whether or not it’s working.

Can you trust tech companies with your private information anymore? Let us know in the comments.

To better understand this issue, we first have to look at the kind of information that’s allegedly being collected, and how that information is being used. The NSA allegedly collects email, chat logs, videos, photos, stored data, VoIP logs, file transfers, video conferencing logs, notifications and online social networking details from services belonging to Microsoft, Google, Yahoo, Facebook and more.

It’s a little scary, but the official line is that not all of this data is used. According to the NSA, the information is only used to target “non-U.S. persons outside of the U.S.” The agency also says that it tries to keep the collection of what it calls “incidental data,” as in data collected from Americans, to a minimum.

In the week since the NSA spy program was revealed, Google has provided us with a little more information on how the agency collects information. The tech giant says that the leaked documents allegations that Google provides a back door to its servers are untrue. Instead, it delivers requested information to the NSA either through secure FTP servers or by hand. Both delivery methods are incredibly outdated, and would require the NSA to submit a request to Google each time it wanted something. It’s incredibly inefficient, but it also tells the NSA that Google is only begrudgingly doing this.

What’s disturbing about this, however, is that Google is the only one to come forward with exact details on how it interacts with the NSA. Every other tech company allegedly working with the NSA have only denied their involvement and some have even said they have no knowledge of PRISM. That may be true, but Google’s admittance of begrudgingly working with the NSA causes one to doubt whether or not these other companies are actually telling the truth.

One case in particular that was just made public makes it seem like these companies knew what the NSA was up to and at least attempted to fight back. One of the few FISA court opinions that has been made public details the fight between a redacted tech company and the government request for data. The company fought against government requests for data arguing it was a violation of Americans’ Fourth Amendment rights. In the end, however, it was forced to comply with the data requests. Many are now reporting that the company in question was Yahoo. Here’s what it said after the PRISM documents were leaked:

“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”

Direct access – that’s the keyword used in a lot of these statements. Google said the same thing, and has reiterated multiple times since that it does not give the NSA direct access to its servers. So is Yahoo doing the same as Google? Is it making the NSA jump through every hoop possible for data while delivering said data via outdated methods? We don’t know, but Yahoo would stand to gain quite a bit if it shared more details on how it interacts with government.

In fact, every tech company listed on the leaked PRISM documents would be doing themselves a major favor by detailing how it interacts with the government requests for data. It may not immediately restore trust lost, but transparency is an important first step.

Google and Facebook have both recognized this with their latest move. Both companies are now asking the government to be more transparent by allowing them to publish data requests. In the case of Google, the company asks the government “to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures – in terms of both the number we receive and their scope.” The company then says that its “numbers would clearly show that our compliance with these requests falls short of the claims being made.”

As for Facebook, the company says it “would welcome the opportunity to provide a transparency report that allows us to share with those who use Facebook around the world a complete picture of the government requests we receive, and how we respond.”

The cynics among us would see the above statements as nothing but a PR move. In a way, they’re absolutely right. Google, Facebook and others have much to lose if they can’t be forthright with their consumers on how they respond and comply with government requests with data. As long as these court orders remain secret, people are only left to assume the worst.

Do you think Google and Facebook should be allowed to publish more detailed transparency reports? Would you trust them more if they did? Let us know in the comments.

Assume the worst the people did. Earlier this week, private search engine DuckDuckGo announced that it broke its traffic record by serving 2 million direct searches. The search engine didn’t elaborate on the traffic spike’s cause, but we can only assume that it’s somewhat related to fears of NSA spying. There are few search engines not affiliated with major tech companies so people may be turning to other services.

The above is just one example, but other privacy minded alternatives may start seeing more traffic in the coming weeks as well. In fact, one developer has made it easy for others to make the switch with PRISM Break, a guide to all the privacy-first services currently available.

Trust is something that’s earned, and the trust that tech companies have been earning over the years is slowly disintegrating. That’s not an entirely bad thing though. With a renewed push to earn our trust, tech companies and their mighty lobbying forces may be able to achieve something that almost a decade of court challenges have not – government transparency.

Will you ever trust a major tech company again? Would you trust them if they seriously fought for transparency? Let us know in the comments.