Tech firms' responses to latest NSA disclosures cloud the truth, experts say

The NSA paid millions to compensate companies' surveillance costs, new documents claim

Technology companies may be hiding behind legal jargon to avoid being more forthcoming in their responses to new documents on government surveillance that were disclosed Friday, some experts say.

Internet and software companies including Microsoft, Yahoo, Google and Facebook "are legally compelled to lie," said security expert Bruce Schneier, citing national security letters that companies are prohibited from disclosing.

Some similar statements were made in interviews with the IDG News Service following a report published Friday in The Guardian alleging that the National Security Agency paid millions of dollars to companies such as Google and Facebook to cover costs involved in surveillance.

The tech companies incurred these costs in fulfilling tighter certification requirements after a 2011 court ruling said the government's data collection was unconstitutional, according to documents obtained by The Guardian.

That ruling, which was handed down by the Foreign Intelligence Surveillance Court and was made public on Wednesday, said that the way the NSA collected data violated the Fourth Amendment because the agency did not effectively design its collection efforts to target only foreigners of interest to national security.

The NSA was "misusing its authority" by collecting the digital communications of U.S. citizens for years, the ruling said.

The documents revealed Friday describe the problems that the agency experienced after that ruling and the resulting efforts required to bring companies into compliance, according to The Guardian. The list of involved companies includes Google, Yahoo, Microsoft and Facebook, its report said.

The documents were passed on to The Guardian by former NSA contractor Edward Snowden, the man behind the original leaks of various government surveillance programs such as Prism. The documents provide the first evidence of a financial relationship between technology companies and the NSA, the Guardian report said.

The FISA court is required to sign annual certifications that provide the legal framework for surveillance operations, the report said. After the 2011 ruling, those certifications were only being renewed on a temporary basis as the NSA worked to fix its data collection methods that the court deemed unconstitutional.

This adjustment process entailed huge costs, according to a 2012 NSA newsletter entry, excerpts of which were published by The Guardian. "Last year's problems resulted in multiple extensions to the certifications' expiration dates which cost millions of dollars for Prism providers to implement each successive extension," the newsletter said.

The Guardian did not give an exact figure for the costs.

The latest disclosure raises serious questions around the use of taxpayer money to finance government surveillance, the Guardian said. But another issue is the growing discrepancy between the information contained in leaked government documents and technology companies' responses to it.

Snowden's original leaks revealing Prism described a program aimed at the mass collection of data owned by U.S. citizens through direct access to company servers. Google and other tech companies have denied cooperating with the NSA to allow the mass collection of data.

They gave similar denials on Friday in response to questions from the IDG News Service.

"Facebook has never received any compensation in connection with responding to a government data request," a Facebook spokeswoman said.

"We think the continued misreporting on this matter by The Guardian and others is troubling," she added in an email.

Google said it has "not joined Prism or any government surveillance programs."

"We do not provide any government with access to our systems and we provide user data to governments only in accordance with the law," a spokeswoman said.

Both Yahoo and Microsoft offered more legalistic, complicated responses. Their responses make it clear that the companies' deals for government compensation are more complicated than something they can simply confirm or deny.

"Microsoft only complies with court orders because it is legally ordered to, not because it is reimbursed for the work," a spokesman said. "We could have a more informed discussion of these issues if providers could share additional information, including aggregate statistics on the number of any national security orders they may receive," he said.

Microsoft asked for permission in June to aggregate statistics about the number of requests for data it receives under the U.S. Foreign Intelligence Surveillance Act.

Currently, companies can reveal the number of FISA requests they receive only if they lump them together with all other requests from U.S. law enforcement agencies.

Yahoo said it had nothing to add beyond the statement that the company supplied to The Guardian, which said "federal law requires the U.S. government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government."

"We have requested reimbursement consistent with this law," the company said.

Semantics are at play in companies' responses, experts said.

Friday's leaked documents "say that these companies cooperate with bulk NSA data collection," said Schneier. "The companies deny it, but their denials are precisely worded with a lot of wiggle room," he said.

Also, if companies are compelled by a National Security Letter to comply, they are prohibited from talking about their compliance, Schneier said.

In its response Friday, Google said it continues to await the government's decision on the company's petition to publish more national security request data, "which will show that our compliance with American national security laws falls far short of the wild claims still being made in the press today."

Roger Kay, an IT analyst and founder at Endpoint Technologies Associates, said he was not surprised by the documents that were revealed Friday. Though the companies don't say whether they provided information to the government, the legalistic language in some of their responses suggests they did, he said.

Also, companies' responses to the growing number of leaks, whether they are flat-out denials, chock full of complicated legalese, or just plain vague, are probably damaging some users' trust in the companies, Kay argued.

But for Internet users with short attention spans, disclosures like the ones revealed Friday may just blow over, he added.

Still, many questions remain about the type of data collection that was paid for in the millions of dollars in compliance costs that companies reportedly incurred.

It's not clear how the NSA gathers data from companies, Kay said. "Is it like a direct stethoscope into the main artery, or a broader snapshot?"

Getting answers to those kinds of questions may also boil down to semantics. "Perhaps different people mean different things by 'direct access,'" said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation.

In another new development, The Guardian and The New York Times announced on Friday that they would work as partners to give the U.S. paper access to other documents leaked by Snowden. Both papers will be working together to publish more stories tied to the documents.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessocial networkingsocial mediadata protectioninternetsearch enginesprivacyFacebookYahooGoogleMicrosoftsecuritylegal

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zach Miners

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?