Yearly Archives: 2013

Compliance vs. Complicity

It is further ordered that no person shall disclose to any other person that the FBI or NSA has sought or obtained tangible things under this Order.

There’s an old saying that it’s far better to ask for forgiveness than for permission. I’ve seen the many, many statements by Google, Microsoft and everyone else about how they really want to tell everyone just how bad these government demands for information are, but they can’t because it would be illegal to do so.

Today we saw it again. Microsoft and Google continue their lawsuits and negotiations with the government, and ask for credit for fighting the good fight – for example, “The purpose of our litigation is to uphold this right so that we can disclose additional data.”

But at the same time they argue that they already have the legal right to disclose – “We believe we have a clear right under the U.S. Constitution to share more information with the public.”

Ok. So do it. You believe you have the right. You know it’s the right thing to do. Forget the lawsuit. Just release the damn information.

Do it.

Bloggers Fail To Molest John Doerr At YC Demo Day

unmolestedJohnDoerr

I was at Y Combinator Demo Day today (it was a very good batch of companies). At one point during a break I went over to talk to the gaggle of TechCrunch reporters there to cover the event.

We were talking about the various companies and what not when John Doerr walks by. Apparently to have a phone call in a quiet corner of the room.

“That’s John Doerr right there,” I said.

They looked at me.

“He’s all alone, probably on a secret phone call,” I added.

Stares.

“Go get ’em! Get your iPhones out and start the video and ask him hard questions!”

“That would be quite rude,” said Colleen Taylor (or something similar), pictured far left.

“Yeah but he’s practically begging to be attacked by you guys. HE’S HAVING A SECRET CONVERSATION RIGHT BEHIND ALL THE BLOGGERS. IT’S LIKE HE’S MOCKING YOU!”

Nada.

So I watched, yearning for my younger years when I would have made a nuisance of myself while performing an unwanted and impromptu video interview of one of the most important people in Silicon Valley.

I think it was better back then, when sources were at least a little afraid of the bloggers.

🙂

Digital Ocean v. AWS: 10x Performance For 1/3 Cost

DO

Cloud hosting startup Digital Ocean announced its first round of funding today – $3.2 million from IA Ventures, CrunchFund and TechStars. See TechCrunch, GigaOM and Pando Daily for coverage of the news (and see the comments on Hacker News).

The company is growing revenue and customers by 30% a month, and had 50x growth from December 2012 to May 2013. Thousands of customers have been grabbed from competitors like Amazon and Rackspace. When Netcraft called Digital Ocean’s growth “meteoric,” they weren’t kidding.

I first heard about Digital Ocean from Nik Cubrilovic. Nik urged me to take a look and try to invest in the company if we could. Digital Ocean has crushed the traditional price/feature tradeoff for hosting. From Nik:

I first heard about Digital Ocean almost a year ago and its name kept coming up every few weeks, which prompted me to finally take a look. It took me 30 seconds to signup, and I immediately realized what they had done – they broke the traditional price/features tradeoff and were somehow offering a great control panel, a great API and a great service with features usually reserved for high-end services at a low VPS price. They were outside of the traditional hosting tradeoff quadrant of price/features. I fired up one server to test them out and the benchmarks came back with numbers that were as good as what other IaaS providers were charging 3-5x the price for.

They have combined the low costs of low end commodity VPS providers with the features of high-end IaaS providers, it seems so obvious now but nobody has been able to pull it off until Digital Ocean.

I have cancelled two low-end VPS services and 30% of my AWS servers so far, with a view of also migrating PaaS hosted apps at Heroku and AppEngine (such as my own personal website) to Digital Ocean as well. The great recent news is that like AWS, Digital Ocean is now available as a provider in Vagrant:

http://www.vagrantup.com/

Digital Ocean provider plugin:

https://github.com/smdahlen/vagrant-digitalocean

If you are a developer who deploys apps to servers and aren’t using Vagrant I strongly recommend you check it out. It sets up virtual servers for development that can then be pushed to the cloud. After initially setting up Vagrant and provisioning with either shell scripts, Ansible, Chef (solo or server) or Puppet (apply or agent) it is a single command to push your development environment up to a new Digital Ocean instance. You will need to scale it automatically and provide your own load balancing using either DDNS or nginx, but you get very close to building your own Heroku or AppEngine type stack with your own customizations, no lockin and at a fraction of the price.

This combination has changed the way I work and has made it easier for me to drop in and out of other projects with developers without spending time on servers configuring. I can’t recommend Digital Ocean enough to other developers, my tip would be to start small with non-critical apps to get a feel for the platform and then work from there – especially by using Vagrant or any other tools (even in-house continuous integration or deployment scripts using their very simple to understand and use API) to automate. Digital Ocean allows you to assemble cloud stacks like lego bricks rather than the completed tool Heroku or AppEngine give you, and you get service as good as more expensive options, for what they do, at low end VPS prices.

Just how much better is Digital Ocean than its competitors? For the lowest end hosting, we’re talking about 10x the performance for 1/3 the cost:

The 512MB server at Digital Ocean, which is the smallest size they have, is $5 per month or $0.007 per hour. Its UnixBench score is 1060.5 on average, IO is 279MB/sec and bandwidth 21MB/sec. Here are the details:

http://serverbear.com/1988-512mb-ssd–1-cpu-digitalocean

To get the equivelant performance on AWS from a single server, you have to step up all the way to an extra-large instance, which is $374 per month (!), compare the scores and graph here:

http://serverbear.com/240-extra-large-amazon-web-services

The cheapest AWS server is the Micro, which is $15 per month, its performance scores are approximately 10% of the cheapest digital ocean server:

http://serverbear.com/166-micro-amazon-web-services

some might complain that AWS isn’t suited to benchmarks, especially the Micro instance which is throttled, but the difference is just too large to ignore.

Digital Ocean was founded by Ben Uretsky, Mitch Wainer, Jeff Carr and Moisey Uretsky. We are extremely happy to be investing in the company – saving developers a ton of money on hosting while also giving them a product they adore is a surefire recipe for success.

Feds Arrive In Force After Someone Googles Pressure Cookers

Do you have any bombs, they asked. Do you own a pressure cooker? My husband said no, but we have a rice cooker. Can you make a bomb with that? My husband said no, my wife uses it to make quinoa.

We are so fucked.

via

Rover, The Dog Owner’s Dream Startup, Partners With Petco

roverGreat news from CrunchFund startup Rover earlier today – They’ve raised a new round of financing led by Petco, and the deal includes a really nice strategic partnership arrangement as well to promote Rover in Petco’s 1,400 physical locations and on their website.

More on the news (including lots of details I don’t mention here) at: TechCrunch, Next Web, Pando, Geekwire and TechMeme.

This is a company we were lucky enough to invest in early on and we continue to invest more money in each new round as well.

But that’s not the end of my relationship with Rover. Pet sitting has always been a hassle with my heavy travel schedule. We’re now Rover customers and it has solved the problem.

Often my parents pitch in, but with (now) three dogs that weigh a combined 350 pounds, it’s just not fair to throw the problem in their lap. Especially since I’m being literal here – Kennedy, the youngest and weighing in at 80 pounds, really likes laps.

He likes laps so much, and I’m not kidding, I’ve seriously considered finding some way to protect myself from these attacks.

Anyway, back to Rover. We used to put Kennedy in the local dog hotel (which is better than the vet’s cage).

He seems to like it at the dog hotel, although he gets lonely and doesn’t get to interact with other dogs at all or people very much. And it’s expensive – Minumum $25/night plus all kinds of taxes and fees for things like “extra walks” (how can you say no), etc.

Rover fixes all that. It’s a very Airbnb type experience. You look through listing of people who live nearby who take in dogs through the service. You read their reviews and chat with them and make a decision.

Your dog will now be staying with real people, and probably other dogs, in an environment that welcomes them.

From there things are a little different than Airbnb. With Airbnb you just show up at the place at the time, figure out keys and go from there. But you aren’t going to feel good about just showing up somewhere for the first time, meeting the people and then leaving your dog there. If they creep you out you’re in trouble, because presumably you’re leaving on a trip and don’t have time to start looking for a new Rover sitter.

Rover’s fixed that by strongly suggesting people meet with the dog(s) beforehand. Usually this is at a local dog park to keep the sitter’s address confidential for now. If that meet goes well then the stay is confirmed.

After you find a sitter you like you’ll tend to use them repeatedly. There’s a business problem there for Rover that is less prevalent at Airbnb – people could just work directly with the sitter from then on and bypass Rover. One sitter we used suggested this, actually. We declined.

Rover has some good ideas for adding value besides the initial hookup to keep people using them even if the keep using the same sitter repeatedly. Insurance, 24/7 vet care, pet geo tagging and, best of all, videos.

About those videos – the site suggests sitters take lot of pictures of the dog while the owners are away. They can be shared on the Rover site and app and are a real comfort when you’re worried about your pet. But they also automatically create a really cool video compilation of the pictures at the end of the trip as well. It’s a great way to end the transaction.

And that’s still not it…We’ve now become Rover sitters as well and care for local dogs when the owners are away. It’s always interesting to drop what I’m doing for CrunchFund and drive over to the local dog park (with our three dogs in tow) to meet a dog and its parents.

Rover makes it really easy to donate all or part of the money you receive as a sitter to various dog and pet organizations. I wish they would speed up their efforts to get more local organizations (like my local Humane Society), but there are still plenty to choose from.

So, yeah, I love Rover. I’m an investor, a sitter and a customer. I’m really glad to see Petco working with them, too. We’ve seen a great increase in the number of Rover sitters available in our area out in the sticks. A few months ago it was just 1-2. Now it’s 10. I imagine that soon there will be lots more.

Startups Hyperfocus on iOS 7, Send Android To Back Burner.

ios7Last week’s announcement of iOS 7 really shook things up in silicon valley. And it may not be what you think.

Yes, people are excited to get to work on it. But app developers aren’t just putting a fresh face on their existing products. They’re rethinking their apps from the ground up, say a bunch of startups I’ve spoken with. They’re looking at this as a whole new platform, as they should, and they know that first movers have all the advantages.

Most people I’m talking to agree with Marco Arment, who says “iOS 7 is different. It isn’t just a new skin: it introduces entirely new navigational and structural standards far beyond the extent of any previous UI changes.”

So how are startups responding to the news? They’re “tearing up their Q3 product roadmap” and “starting from scratch,” say a few of the startups I spoke to. “There are subtle but profound changes” says one.

Daniel Raffel, Snapguide CEO (a CrunchFund company), says Android likely took a big hit with the announcement of iOS 7. Leading up to WWDC there had never been a better time for developers to invest big in Android. Now that investment is on hold, he says, as teams repriortize resources to develop for the iOS 7 launch.

Another CEO I spoke to off the record today said that he’s leaving his Android client engineers on task (they’ve released both iOS and Android apps), but all UI/UX designers and engineers are focusing 100% on iOS 7.

And another startup founder: “Android is no longer on our 2013 product roadmap.”

And finally, the worst news of all from yet another mobile startup – they’re canceling all summer vacations.

Journalists Need To Start Asking About Storage, Not Access

It’s becoming pretty clear, particularly from today’s Snowden Q&A and the partial transcript from President Obama’s Charlie Rose interview, that we’re zeroing in on how the government accesses private individual data.

If you’re not a “U.S. person,” there are few restrictions on what the U.S. government can do to monitor you. If you are a U.S. person then there are at least some restrictions, and the involvement of at least the secret FISA court, before that data can be accessed.

What’s also clear are that these are just policy decisions, as Snowden puts it, and that things may have been different in the past and can be different in the future.

My guess is that most journalists will continue to dig into the FISA court stuff. This quote alone is a gold mine for arguing that there is no true judicial oversight on any of this stuff:

Charlie Rose: But has FISA court turned down any request?

Barack Obama: The — because — the — first of all, Charlie, the number of requests are surprisingly small… number one. Number two, folks don’t go with a query unless they’ve got a pretty good suspicion.

In other words, “trust us.”

But here’s what journalists should be asking at this point: What data does the government store? How long have they been storing it? Do they ever delete it?

All of the government arguments around 4th Amendment protections center on policy decisions regarding what the NSA and FBI can look at. But as they make these arguments they imply that the data is already sitting on government servers. Snowden, of course, doesn’t imply this, he says it flat out.

This is what scares me the most. Not that today’s government is using this data improperly today (although the IRS scandal certainly shows that the government is quite willing to use data improperly). Rather, I’m much more concerned with what the government will do with this data down the road.

Knowing that the government will start surveillance on you if you do something wrong is one thing.

But knowing that you are constantly being watched, with everything you do being stored in a database somewhere, is something else. It doesn’t matter if anyone is looking at it today. Knowing that anything you do now, innocently, may be evidence of a crime in 5, 10 or 30 years, is the opposite of freedom. No matter how you look at it.

I don’t understand how the government can argue that storing, possibly forever, every phone call and every email and our location and everything else can somehow be consistent with the rights acknowledged under the 4th amendment. Until journalists start asking these questions, however, they won’t even be forced to make those arguments.

Connecting The PRISM Dots: My New Theory

The PRISM story firmly changed course yesterday when The Guardian published a video interview with NSA whistleblower Edward Snowden. If you haven’t watched the interview, you should. It’s historic and fascinating.

The media has all but forgotten about just how the NSA gathers all this information from the companies listed in the presentation. After the story first broke, the denials happened. Then the NY Times connected some dots, and there were then further denials (“the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box”). Then Snowden happened.

At this point there are a lot more things we don’t know than we do. But there are still a lot of dots to connect. So I’m watching the Snowden developments out of one eye while I continue to find peace in my soul for the PRISM stories that can’t find a way to merge into one believable narrative.

I’m working from the assumption that every statement by the companies involved is true, or at least arguably true. Besides the fact that I don’t think these people are liars, with all the leaking going on, they just don’t know what other information is going to explode onto the scene, and they have to hedge.

But still, unless you think the original PRISM document is a fake, or so completely muddled in how it explains things that it might as well be, there are some big questions unanswered.

thenine

All of the denials and statements admit that the companies turn data over to the government “only in accordance with the law” along with various versions of how the companies review orders before complying.

I’ve spent a good number of hours researching these government orders, and talking to experts, over the last few days. I’m embarrassed to say that this was just not an area that I was particularly interested in, despite all the writing on the wall. To the best of my ability I’ve remedied that and am starting to push forward into some seriously grey area stuff. I am thankful to Wired’s Threat Level blog which has long focused on these issues. David Kravets work has been particularly edifying.

Here’s where we stand. I believe that #3 in my original post is still the most likely truth: “The presentation is real, and the companies are carefully drafting responses so that they aren’t technically lying.”

The government has a variety of tools under FISA and the Patriot Act to get the data they want (which is all of the data). We know a little about how National Security letters work from Google’s willingness to share data around those and the recent judicial challenges.

The Verizon vacuuming of all data over to the NSA, while horrifying, doesn’t apply to internet companies. Those companies must still comply with National Security Letters and FISA order, however.

The NY Times article changes the original allegations from The Guardian and Washington Post. There is no direct access allegation any more. The focus is now on special hardware lockboxes at company datacenters where requested data is moved for pickup by the NSA.

At first glance that sounds like a good idea. The government gets a court order, serves the order onto the company. The company reviews it and then sends the requested data into the lockbox. The NSA gets that data and the transaction is completed.

The only problem with this theory (from the NY Times story) is that Drummond afterwards said it’s not accurate – “not directly, or via a back door, or a so-called drop box.”

So let’s put Google aside for a moment and look at all the internet companies not on the Hot 9 list. Twitter, Amazon, Salesforce, for example. When they get a secret FISA order in they still must comply, without question. But they aren’t on the “direct access” slide. Clearly they are doing things, or not doing things, that make the process of getting their user data more complicated or just slower.

These Super 9 companies, in contrast, are doing something that makes them a headliner in the presentation deck. Twitter didn’t make the cut. Google did.

So again, taking Drummonds statements as true, what is Google doing that’s different than Twitter, and why is that thing making the NSA really happy?

I don’t know, but I have a guess.

My guess is that Google and the others have agreed to receive FISA requests in an automated way, process them in an automated way, and fire off the data in an automated way. That whole process could take a very small amount of time. Milliseconds for small sets of data, easy. Anything beyond that is from any human intervention at Google to read the order and decide whether to accept it. From what I’ve seen, it’s extremely rare for companies to push back on orders, since the secret FISA court always, without exception, tells them to settle down and get that data over to the NSA, pronto.

So Google complies, and the whole thing has been handled “in accordance with the law.” Given how important the Super 9 are to PRISM, it seems clear that responses from queries must come back pretty quickly, almost as fast as a normal search engine, for example.

That tells me there’s a lot of automation going on in a server or two (just don’t call them back doors or drop boxes).

Now here’s something new (to me at least) that also fills in some boxes. The NSA can begin surveillance on a subject for a full week before going to the secret FISA court for an order. In the last year every one of those orders have been granted, so it’s just a formality.

If I had been paying attention in May, David Kravets was already answering the questions I had last weekend. From his article Secretive Spy Court Approved Nearly 2,000 Surveillance Requests in 2012, he says:

The legislation does not require the government to identify the target or facility to be monitored. It can begin surveillance a week before making the request to the secret court, and the surveillance can continue during the appeals process if, in a rare case, the spy court rejects the surveillance application.

See section (g) here for the law behind his statement that the NSA can surveil someone for a week before going to the secret rubber stamp court.

So back to that “in accordance with the law” stuff that the Awesome 9 keep relying on. It appears to be quite legal to begin surveillance a week before getting a secret court order. That gives them time to determine if they’re barking up the wrong tree.

So, sitting around the NSA office one day an analyst has an idea. Like, “Hey, let’s find Republicans in Wyoming who have Facebook or Twitter friends with someone outside of the U.S. And then cross reference that with concealed carry permits. I think these guys might be gun running. Can I get a high five!?

Our guy fills out a form in PRISM, I imagine, with his query. The damn Twitter doesn’t do Prism and needs a more formal order, probably requiring someone to wake up the secret judge and tell him to get that stamp ready. And then they send off the order in a variety of ways and demand a response in 24 hours or something.

Meanwhile things are rocking on Prism. The Verizon data is all locked in and can map out his location over time as a map overlay, easily. Our analyst filled out the form, checked the “FISA approved” box (knowing this is legal because they have a week to go to court), waits a few seconds….and then boom there it is. Lots of data on gun owners in Wyoming with overseas friends. It went through the express line at Google, who noted the FISA approved stamp, and rushed that data right back down the pipe to the NSA.

Hey, bring up those Verizon records and see where this guy’s been. Damn, he goes to the range nearly every day. I wonder if he’s complying with every single Federal and state gun law. Let’s send an agent down to chat with him. And if he gives you any shit just show him this picture of his mistress Verizon sent over. That’ll shut him up.

WAIT! Here’s a frickin video! oh man, I’m sending this to myself. No, hold on guys, I’m doing this. Ok, now, show him this video of himself in a compromised position with his girlfriend and ask if we should sent it to his wife at their home address, it’s right here.

So after a day of looking at pictures of naked girlfriends and wives and ranking the top ten porn searches our perp Googled in the last year, our NSA guys still can’t find a NSA-type crime or figure out how they might stop a major terrorist event. Time to delete this data (which probably means shoving into an archive for later analysis and cross checking). And no bother going to the court on this since the surveillance ended before the week was up.

A few days after that a big package comes in from Twitter with 40,000 printed pages of information. They’ve complied with FISA, with a big middle finger. That stuff gets tossed into the scanning room and forgotten.

My scenario is ridiculous above, but it squares with the slides, it squares with the Snowden interview, and it squares with the many denials we’ve heard.

WE KNOW THIS: These nine companies have done something (we don’t know what) to make the NSA’s lives easier. So easy that agents are told to just focus on these companies (not Twitter or Salesforce or Amazon) for FISA orders.

WE KNOW THIS: The NSA can begin surveillance on someone(s) for a full week before they have to get the rubber stamp from the secret court (which has never said no).

WE KNOW THIS: The NSA routinely talks about mitigation efforts to purge U.S. people data; however, they always talk about these measures being taken after they have control of the data. What they should be doing is proving the data is clean before they grab it. But it’s way more efficient (and also evil) to dragnet everything and then try to cut the good data away from the bad. This is self evident from them taking all call data from all Verizon customers, even calls beginning and terminating in the U.S. They get the data, then make promises to the court that they’ll treat that data appropriately. Huge, Huge, HUGE incentives for misuse here based on efficiency arguments.

I GUESS THIS: The NSA “request” is fired off to Google and others as soon as these guys see a thread to pull, and they mark the request as FISA ordered (they have a week to actually get the order, which will be backdated). Google greenlights it as a legal order and fires over the data. If the data is useful the NSA wakes the secret judge up again to stamp it good. Otherwise they toss the data out and nobody ever talks about it again.

This is the world described to me by people I’ve spoken with who seem to have the best grasp of how FISA orders work, and how they might work in connection with PRISM. It makes sense when you realize that the NSA can order surveillance without court approval for a full week. Since surveillance needs data I assume that Google and the others send that data pronto to comply with the law. I doubt they ever see or hear about the actual FISA order a week later.

There’s a lot of educated speculation here, but if this is mostly right then we’ve got a system that works much like the PRISM slides say – it feels like direct access to a server. There are some things going on in between, like checking a box that the order is FISA compliant, but it seems to me that any request for data under FISA is looked at as a FISA order, as it looks like the companies have no ability to delay or object to the seven day period where surveillance can occur without the actual secret court order.

Thus, under this conspiracy theory, PRISM works just as planned, and just as efficiently, as it was described in the presentation.

Now, the only way for this to stop is for someone in one of these companies to pull an Edward Snowden, download some FISA orders and hop on a plane to Hong Kong. And then call me and I’ll fly over and do a really kick ass interview with you where you can tell the world the rest of the PRISM story. I’ll even start your legal defense fund for you and solicit donations, because you’re going to need it.

You’ll definitely want to plan ahead to avoid the fate of other patriots who tried to do what’s right with government demands. There are usually short trials followed by long prison sentences. See Joseph P. Nacchio as a sad example of a man doing what he thought was right and then being torn apart by the government for saying no to them.

This time it’ll be differen’t, though. Ecador, Iceland, China, they all got your back.

Rules For Living In The Total Surveillance State

Snowden says, I and I agree, that we have a short window of time to dismantle the government’s surveillance machine. If we wait too long it’ll be too late, and nothing the people of the world can do will be able to stop it.

But let’s say it’s already too late, and some of us make the decision to just live with it (I say this only partly tongue-in-cheek).

We don’t fret over the government knowing everything about us by collecting our online activities from willing corporate partners. We just live and enjoy our life, and try to avoid doing anything that might catch the attention of our government.

Like Robert Scoble, we simply revel in being surveilled. Hey, at least we know someone’s paying attention.

We just fade into the masses, so to speak. Don’t even think about things that might get you in trouble.

It’s not totally impossible. I visited the Soviet Union in 1980 with my parents, and there was some joy in that country. People find a way to survive.

But my biggest problem with all this is we don’t get a rule book, and the rules will constantly change. The Russians had it easy, all they had to do was support a single political party, without fail and for their entire lives.

We don’t have it nearly so easy.

We know that under this administration we shouldn’t associate with the Tea Party, oppose abortion, join the NRA, or make donations to the President’s political opponents.

That’s pretty clear. I can live with that.

But what if a republican gets into office next? The rules will change. People getting abortions may be targeted next. Or who support “common sense” restrictions to the Second Amendment. Or who donate to that president’s political opponents.

Sure, we can probably see some of that coming and change our positions on key issues deemed important by the new government. We’re not stupid, after all! We can see the writing on the wall and change our core beliefs right as the new administration takes power.

But we won’t be able to go back and change our history. They’ll see that a decade ago we donated to Planned Parenthood and voted for President Obama. Suddenly, going out and buying a gun or two won’t be enough. The new government will know we’re not true believers in the cause. We’re secret left wing or right wing extremists, and guilty of a new crime – engaging in personal behavior designed to fool the surveillance state.

Yes, I can easily see a future law that prohibits us from engaging in behavior that is designed to trip up the surveillance machine.

Knowing this, we know that we need to start being careful today in order to ensure our ability to live tomorrow.

That means the only rule to living in our particular kind of surveillance state (where the machine is permanent, but the targets swing wildly over time with the whims of democracy) is this – be completely apathetic. Support nothing and condemn nothing.

Do nothing to draw attention to yourself. Think carefully about every email, phone call, Facebook like and Twitter favorite and make damn sure that doesn’t conflict with our government’s goals either today or tomorrow.

And in the meantime, support the only political party that really matters, the NSA. Follow them on Twitter and Facebook now. It might get you a little lenience later on when they’re tracking you for buying that Prius.

The NSA is good. The NSA protects us. The NSA knows what’s best. They’re here, and they’re here to help.

Cowards

Will not one tech CEO stand up and tell the truth?

The NSA story of the secret assassination of the Fourth Amendment continues to unfold. Today we heard from Google CEO Larry Page and Facebook CEO Mark Zuckerberg.

Page was confused (the title of his post is “What the…?). Zuckerberg claimed the press reports were outrageous. Both made strong denials of specific allegations (“direct access,” “back doors”). Both were technically telling the truth. Both were also overtly misleading people.

So…much…false…indignation.

Those denials now look ridiculous, sitting below a new top headline story with yet more information. I’m guessing Page and Zuckerberg would like to rewrite those statements after reading Claire Cain Miller at the New York Times blowing the lid off with allegations that not only are these companies knowingly working with the NSA, they’re even finding ways to make data transfers more efficient.

In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

and

But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.

In case you missed it, Miller spells it out for you: “While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not.”

Or to put it another way, who the hell needs “direct access” or “back doors” when companies are building “secure portals” for them instead?

We could quibble all day about whether these men lied (no), or simply misled (yes). But what I really want to know is this:

What has these people, among the wealthiest on the planet, so scared that they find themselves engaging in these verbal gymnastics to avoid telling a simple truth?

We understand the law – these companies can’t acknowledge FISA orders, let alone discuss them – the Verizon document said as much:

It is further ordered that no person shall disclose to any other person that the FBI or NSA has sought or obtained tangible things under this Order.

But why is that stopping them? Do they really see themselves being dragged away, Bradley Manning style – to sit for years in a prison before even being given the dignity of a trial?

Because that’s not going to happen.

If just one of them stood up and told us what’s really going on, as the EFF has urged, we could start to have a real discussion in this country about freedom v. security.

Stand up, I say, and tell us about these FISA orders. Publish them all. Tell us everything. Let us understand the true scope of the evil we are facing.

Because their lawyers might be telling them what they are required to do. But their soul should be telling them what they must do.

At the end of the day, when it comes to government snooping on the phone records and Internet activity of millions of Americans, it doesn’t matter in the least if it’s legal or if procedures were followed. What matters is that the privacy of millions of people has been violated without probable cause or suspicion of wrongdoing, simply so the government could scoop up data on the off chance of finding something interesting.

Will you do it, Marissa? Or you, Ballmer? Or you, Armstrong? Will anyone stand up and say the truth? Will anyone stand up to the secret organization with the secret courts and, simply, do what’s right? Despite the consequences? Despite what your lawyers tell you?

Perhaps you could all get on a conference call tonight and double dare each other to do it all together, at the same time.

“The NSA makes us do things that crush our Constitution, and then they make us never talk about it.”

I hope one of them does. History will not be kind to the people who say nothing. And it will be even less kind to those that mislead us.

  • Privacy