Unless you have been living under a rock, you will have heard the news that the US government is apparently spying on almost every digital bit that passes through the nation’s optical fiber highways or is stored in data centers inside its borders. As we have discussed at some length, though, it isn’t entirely clear just how much of the data leaked by ex-CIA analyst Edward Snowden, the Guardian, or the Washington Post is true. With the newspapers refusing to release the full 41-slide Prism presentation, and companies such as Google swearing blind that the US government doesn’t have direct access to its servers, the situation is certainly a lot more complex than “the government has full, unfettered access to the servers and data centers of the USA’s largest internet companies.”
Where there’s smoke, though, there’s fire. While we can’t be certain of the extent of the US government’s spying on domestic and international citizens, it would be hopelessly naive to believe that no snooping occurs at all. For at least a decade, the telecoms and cryptography communities have presumed that the US’s internet and telephony backbones are being wiretapped by the US government. For many experts, Snowden’s leak of the Prism program did not come as a surprise. In fact, for some of the most cynical experts, the Prism leak actually came as a bit of a relief — it could’ve been a lot worse, you see. Either way, we’re faced with an unpleasant truth: the US government is engaged in large-scale data logging and mining, and whether you’re a citizen of the US or an international user who uses a US-based service, you would be wise to put a few protections in place to protect your privacy.
It’s also important to remember the difference between data logging and data mining. Yes, there’s a possibility that the US government is logging a lot of your data, but in the vast majority of cases that’s it — your data is logged, and then after a certain amount of time it’s deleted. If it turns out that you’re a terrorist, or some other threat to national security, all of your logged data suddenly becomes very valuable indeed — all of those innocuous phone calls and cryptic status updates could be used to track down you and your co-conspirators. It’s no good if the US government only starts logging data after a terrorist commits an atrocity.
Mark Zuckerberg, Facebook :
I want to respond personally to the outrageous press reports about PRISM:
Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.
When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.
We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It's the only way to protect everyone's civil liberties and create the safe and free society we all want over the long term.