Tech companies have been calling on the federal government for more transparency or even an outright end to the PRISM. Now Google has pulled back the curtain on their side of the story, revealing that they delivered requested information to the government via secure FTP or in person:
“When required to comply with these requests, we deliver that information to the US government — generally through secure FTP transfers and in person,” Google spokesman Chris Gaither told Wired. “The US government does not have the ability to pull that data directly from our servers or network.”
The revelation means that federal authorities did not have direct access to tech companies’ servers - one of the more intrusive details to come out when news about the PRISM program first broke. That claim was apparently substantiated by leaked internal NSA PowerPoint slides describing the program.
There are still questions left unanswered, such as: What type of data was requested and transmitted? Were Americans’ Fourth Amendment rights violated? And, perhaps just as important for its implications on America’s national security: Do the folks at the NSA really not understand the difference between pulling information “directly from the servers” (as their PowerPoint claimed they were doing) and downloading files from an FTP?
(Via TechDirt.)
Makes sense; if I was setting up something like this I'd have the companies use sftp (which is really just a front-end on scp, which is powered by ssh) to some obscure IP address controlled by some anonymous entity that my organization controlled. Then I'd have something that ran behind the scenes that would move the data somewhere inaccessible from the public internet.