Google Apps, PRISM, and the NSA

With media attention and hype, leaked documents, Congressional hearings, and a great deal of explanation and back-peddling, the world now knows that the United States government spies on people.

Okay, we already knew that.

So, we learned that about a secret “FISA” court that can issue secret subpoenas letting the government look at information about us.

Okay, we already knew that, too (many of us just did not pay attention or really seem to care very much).

So, we learned that the Government had issued subpoenas for huge amounts of data about phone calls from Verizon as part of secret program called PRISM.

Now must be the time to panic?

As our 24-hour, instant, news machine struggled to find alleged experts on this top-secret program, we began hearing reports that the National Security Agency has direct, unfettered, complete access to all of the data on all of the servers of all of the major public cloud providers, and that they were capturing, recording, and saving all of this information.

Unfortunately, the cloud service providers are prohibited by law from disclosing the the number of FISA subpoenas and/or the number of users subject to those subpoenas.  We do know, however, that all of the service providers deny any direct connection between their systems and the NSA.

Without accurate information, myths become ‘facts’.

For those of us that promote and rely on the cloud, including those of us running Google Apps for Business, Education, or Government, we want assurances that our data remains private.

Google Apps and Your Privacy

On June 7th, Google posted this statement on the Official Google Blog regarding the matter.  In short:

  1. The NSA and other agencies do not have unfettered access to customer data
  2. Google was not participating in, nor aware of the PRISM program
  3. Google actively works to limit the number and scope of FISA requests

Coincidentally, CIO Magazine reported on June 4th (before the FISA/PRISM revelations in the media) about Google’s efforts to modify or restrict FISA subpoenas.  You can see the article here.

Media reports have been largely inaccurate about the scope of the PRISM program and FISA warrants and its use on American citizens on US soil.

Google is not allowed to release the numbers and scope of the requests by law.  On June 11th, Google made public an official request to release that information so that Google customers will have a more accurate picture and will understand that their data remains secure.

Conclusion

The Terms of Service and Privacy Policy for Google Apps for Business, Education, and Government have very specific rules for how private Google keeps your data and how Google responds (and lets you respond) to subpoenas Google receives for customer data.

There is no evidence, or any indication, that Google has acted outside the bounds of these terms and conditions, even as Google vigorously defends the privacy of customer data in court.