I, too, would like to use this opportunity to declare that I was not aware of PRISM until the story broke and that the US government does not have any backdoors installed on my private servers (to the best of my knowledge, certainly not with my participation).
I will make sure to include this information on my annual Christmas cards, possibly becoming the first individual to do so.
Now that PRISM has been exposed, the NSA should consider outsourcing data collection to China. They already have a huge team of elite hackers with a proven track record of breaking into top tech companies. Chances are, the Chinese hackers already have a backdoor on your servers. And with their low labor costs, we could save US taxpayers millions!
These companies could write a 500 bullet point list of every possible denial variation, and people would still say there's weasel wording.
If they said not a single packet of customer data is sent to the NSA, they'd say that's because it is laundered through the FBI first. Or, they'd say it could be sent by sneakernet. Or they'd say that it is sent to GCHQ so that the UK can snoop domestically on US citizens to avoid the NSA legal restrictions.
It's simply not possible to construct a denial to which there is no "workround". At this point, no matter what the NSA or the companies say, or Congress says, no one will believe them.
If we can't even get nuts to stop calling the moon landing a hoax, or the 9/11 truthers who think the building was a controlled detonation, there's no way this conspiracy will ever end, even if it turns out to be something much more mundane than first leaked.
(Heavily redacted, to make it smaller and highlight the more relevant points.)
Information we share
[...]
* With your consent
[...]
* For legal reasons
We will share personal information [...] if we
have a good-faith belief that [...] disclosure of the
information is reasonably necessary to:
- meet any applicable law, regulation, legal process
or enforceable governmental request.
- [...]
In spite of what you want to do, you can't ignore a enforceable governmental request, so Google can't say "We never share anything with the government." . Most sites have similar privacy policies.
Well yeah, I wasn't arguing against that point. But that's separate from the point which the OP raised. I was merely stating that you can write a privacy policy which doesn't sound like you're trying to weasel out, and posted a very basic one-liner to demonstrate that point. I could also add the following to cover your point as well:
"In the instance where a court order is raised to provide your information, we release only as much as we are legally obliged to and will inform you of the order"
"In the instance where a gag order prevents us from notifying you of the requested data, then you are probably heading for Guantanamo Bay regardless of what information we leak :p"
"we have not joined any program that would give the government for any country whose name begins with a vowel direct access to ports 81-49152 on any of our servers" -- so they're using FTP or just plain HTTP? On a more serious note, the big problem with PRISM and these new developments is that even if you were to participate, you could not tell us (without going to prison). So, all these "we don't do it, trust us" notices ring hollow since we can't really trust them; sorry...
False. All participants have admitted it in their statements (turning over specific user data in response to court orders). PRISM just turned out not to be as nefarious as initially reported.
While there's a framework in place that forces you to deny what you've done we cannot believe "denials". As long as there's a gun to their head, whatever they say is irrelevant. This is the true cost of surveillance and oppressive governments; the loss of trust.
Sigh! This is almost a very predictable blog post. But, I find one part quite amusing.
Google - We are the first company to be open about data requests from governments.
Easy Post - We are the first company to be open about data requests from governments.
So who is the first after all? I guess this is turning out to be one of those commercial stints where each product claims itself to be the No.1 in the world.
Given the number of people that missed it, I kinda think the government could flat out issue statements that "We are in fact watching everything you do" and just hide it in enough nuance that no one knows any better.
They likely already do this. Somewhere. In a drawer in a file cabinet in a closet with a sign that says beware the cheetah.
They did. Listen to when Bush signed the Patriot Act on TV. He straight out said "this new law will allow surveillance of all communications used by terrorists, including emails, the Internet, and cellphones":
The sad part about it all, is that I can imagine what people thought back then when listening to that, especially since he said "by terrorists", which I bet in people's minds it made them forget about all the previous "surveillance on all communications" part of the comment.
Plus, they also must've thought that he "only" means that he will target the communications by some specific terrorists, not that he will spy on everyone to find those terrorists. Most people probably thought he was just referring to the "normal" type of wiretapping certain targets (with a warrant).
That's why Ron Wyden said 2 years ago in Congress that "if the public really knew the secret interpretation of the Patriot Act and FISA, they would be very angry about it", which is exactly what's happening now, because they misled the public about how far this program goes. I don't think most "normal" people actually thought the government is collecting all of their emails, chats, video-talks, and even phone call records.
Hey, that's great--but were they accused of anything?
From my perspective, this seems more like a grab for attention than anything else.
I work for a technology company too, and we also didn't provide data to the NSA. We're not releasing a statement, though, because no one accused us of doing so.
Forgive me if EasyPost was included somewhere and I missed it.
Unknown startup, headline grabbing PR based on facetious response to trending scandal, thousands of hackers asking what on earth is EasyPost, well played.
I get that this is a joke, but could EasyPost assure us with a statement that it doesn't divulge its users' private information and communication to everyone who asks for it? In their Privacy Policy page (which I assume is genuine), all I see are "weasel" words that allow EasyPost to give away user data for every reason under the sun:
> The User’s Personal Data may be used for legal purposes by the Owner of the Application in court or in the stages leading to possible legal action arising from its improper use or that of related services by the User.
> The User’s Personal Data may be further used in ways and for purposes required for Application maintenance.
edit: this should go without saying, but I'm obviously not arguing to call for the pitchforks. EasyPost has a privacy policy that is in line with anyone else's (and one of the best organized ones, IMO)...but using the standard that they seem to judge the statements by the alleged PRISM participants, their privacy policy is full of vague "weasel" words and does not contain enough full-throated support for privacy and/or Patrick Henry quotes. In fact, the word "never" doesn't exist on EasyPost's privacy page...as in "we will never give your private data to...[such and such]"
Does that mean the EasyPost staff are weasels? Or is it just that they have a competent lawyer and that they realize that no number of words and power of rhetoric can satisfy every skeptic?
48 comments
[ 4.6 ms ] story [ 80.1 ms ] threadI will make sure to include this information on my annual Christmas cards, possibly becoming the first individual to do so.
For actual answer to your question, there was a comment about it yesterday: https://news.ycombinator.com/item?id=5842769
That's what we make out of this.
If they said not a single packet of customer data is sent to the NSA, they'd say that's because it is laundered through the FBI first. Or, they'd say it could be sent by sneakernet. Or they'd say that it is sent to GCHQ so that the UK can snoop domestically on US citizens to avoid the NSA legal restrictions.
It's simply not possible to construct a denial to which there is no "workround". At this point, no matter what the NSA or the companies say, or Congress says, no one will believe them.
If we can't even get nuts to stop calling the moon landing a hoax, or the 9/11 truthers who think the building was a controlled detonation, there's no way this conspiracy will ever end, even if it turns out to be something much more mundane than first leaked.
(Heavily redacted, to make it smaller and highlight the more relevant points.)
In spite of what you want to do, you can't ignore a enforceable governmental request, so Google can't say "We never share anything with the government." . Most sites have similar privacy policies."In the instance where a court order is raised to provide your information, we release only as much as we are legally obliged to and will inform you of the order"
"In the instance where a gag order prevents us from notifying you of the requested data, then you are probably heading for Guantanamo Bay regardless of what information we leak :p"
Google - We are the first company to be open about data requests from governments.
Easy Post - We are the first company to be open about data requests from governments.
So who is the first after all? I guess this is turning out to be one of those commercial stints where each product claims itself to be the No.1 in the world.
They likely already do this. Somewhere. In a drawer in a file cabinet in a closet with a sign that says beware the cheetah.
http://youtu.be/NLYZn1MXS8s?t=6m57s
The sad part about it all, is that I can imagine what people thought back then when listening to that, especially since he said "by terrorists", which I bet in people's minds it made them forget about all the previous "surveillance on all communications" part of the comment.
Plus, they also must've thought that he "only" means that he will target the communications by some specific terrorists, not that he will spy on everyone to find those terrorists. Most people probably thought he was just referring to the "normal" type of wiretapping certain targets (with a warrant).
That's why Ron Wyden said 2 years ago in Congress that "if the public really knew the secret interpretation of the Patriot Act and FISA, they would be very angry about it", which is exactly what's happening now, because they misled the public about how far this program goes. I don't think most "normal" people actually thought the government is collecting all of their emails, chats, video-talks, and even phone call records.
Not every relatively-unknown company can be as lucky as PalTalk.
qotd 17/tcp? gopher 70/tcp?
From my perspective, this seems more like a grab for attention than anything else.
I work for a technology company too, and we also didn't provide data to the NSA. We're not releasing a statement, though, because no one accused us of doing so.
Forgive me if EasyPost was included somewhere and I missed it.
direct access to ports 81-49152 on any of our servers.
Obviously they could use a port outside that, etc, etc.
https://easypost.com/privacy
> The User’s Personal Data may be used for legal purposes by the Owner of the Application in court or in the stages leading to possible legal action arising from its improper use or that of related services by the User.
> The User’s Personal Data may be further used in ways and for purposes required for Application maintenance.
edit: this should go without saying, but I'm obviously not arguing to call for the pitchforks. EasyPost has a privacy policy that is in line with anyone else's (and one of the best organized ones, IMO)...but using the standard that they seem to judge the statements by the alleged PRISM participants, their privacy policy is full of vague "weasel" words and does not contain enough full-throated support for privacy and/or Patrick Henry quotes. In fact, the word "never" doesn't exist on EasyPost's privacy page...as in "we will never give your private data to...[such and such]"
Does that mean the EasyPost staff are weasels? Or is it just that they have a competent lawyer and that they realize that no number of words and power of rhetoric can satisfy every skeptic?
"We include this information in our anual Christmas card whenever possible."
Was that meant to be ironic?