Surprised? Don't be. Spying agencies spy. It's what they do. The Electronic Frontier Foundation (EFF) has been warning the public about the NSA's Web surveillance programs for years. There's so much evidence that the EFF even created a colorful timeline explaining all the ways in which the government can track your movements online.
That does raise the question of how the spies got their hand on all that data. So far, the tech companies that are the most logical sources have all denied knowledge of PRISM, in remarkably similar language:
Google: "Google does not have a 'back door' for the government to access private user data."
Apple: "We do not provide any government agency with direct access to our servers."
Facebook: "We do not provide any government organization with direct access to Facebook servers."
Microsoft: "We provide customer data only when we receive a legally binding order or subpoena to do so."
But those denials seem to contradict NSA documents uncovered by The Washington Post and the UK newspaper The Guardian. It's possible that the companies might cooperate with the spy agency without providing direct access to their servers, although the companies later denied that, too. What is clear, however, is that no one wants to talk about it, as noted in this surprising--and just slightly terrifying passage--below the fold in the Post's Thursday story breaking the news about PRISM:
Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM's most sensitive secret, fearing that the companies would withdraw from the program if exposed. "98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don't harm these sources," the briefing's author wrote in his speaker's notes. [Emphasis added]
Friday morning, President Obama addressed the PRISM scandal at a press conference, calling the program "legal and limited" and subject to oversight by Congress and federal judges, which wasn't exactly reassuring for privacy advocates. Then again, public trust in the federal government has been in steady decline since the Kennedy presidency, so it's not surprising that the feds have been the focus of most of the outrage, real and feigned.
The tech companies, meanwhile, have gotten off surprisingly lightly. But this can't enhance their reputations, which have been in retrograde for some time. For example, an AP-CNBC poll reported last year that just 13 percent of Facebook users say they trust the company, while 59 percent "say they have little or no faith in the company to protect their privacy." Google is having similar issues. Last month, The Guardianpolled its readers, asking, Does Google 'Do Evil'? Seventy-eight percent said yes.
That's not something any company wants to hear. Social media was built on a basic transaction: For the price of a bit of personal information, tech vendors give you free access to a world of sharing, messaging, and information. As long as you trust that your personal information is being put to somewhat benign purposes--targeted advertising, for instance--this is a bargain millions of people are happy to take.
But PRISM changes the equation. People may feel fine about sharing their personal data with the government if the data is used to track down terrorists. But it does mean that the price of all that fun and addictive social sharing is just every so slightly higher than you expected. You may decide, after hearing the President's assurances, that you're okay with the higher price. But nobody asked you ahead of time. That won't do much to shore up the level of trust in big online tech.