An open letter!
Oh man, is the NSA in trouble now.
posted by fullerine at 8:06 AM on December 9, 2013 [28 favorites]

The next escalation? Defriending!
posted by tittergrrl at 8:08 AM on December 9, 2013 [17 favorites]

Now this - THIS is theatre. My guess is unless they make a show of this, users who want privacy will start making it for themselves.
posted by Mooski at 8:08 AM on December 9, 2013 [3 favorites]

Corporate surveillance still OK though.
posted by Rob Rockets at 8:09 AM on December 9, 2013 [15 favorites]

Amazon very much missing from the list of Tech giants.
posted by Faintdreams at 8:12 AM on December 9, 2013 [1 favorite]

Funny, Google complaining about unwarranted surveillance by the government.

Just last month, Google agreed to pay $17 million to the government for unwarranted surveillance by Google.
posted by mark7570 at 8:12 AM on December 9, 2013 [8 favorites]

From Robert Reich on Facebook:

I'm glad Google, Microsoft, and six other major tech companies are today launching a huge public-relations campaign to urge President Obama and Congress to limit online spying. But wouldn't it be nice of these companies made as much effort to protect our privacy from themselves and from their advertisers and marketers? I dislike the idea of Google scanning my emails almost as much as I do the NSA, or going down my street photographing every house, yard, car, and whatever else they can record. We need privacy rights both from big government and big tech.

posted by Etrigan at 8:13 AM on December 9, 2013 [22 favorites]

Imho, our most effective protest against the NSA is precisely creating our own privacy. As a start, switch your IM client to Jitsi, Adium, etc. for their off-the-record messaging (OtR) support, generate yourself a private key, and see if any friends have done the same. Ain't nearly so hard as using GnuPG. And even Facebook chat (XMPP) works from these multi-protocol IM clients.
posted by jeffburdges at 8:14 AM on December 9, 2013 [4 favorites]

If the government responds by mobilizing tanks against LinkedIn... I'm going to have mixed feelings.
posted by Wolfdog at 8:14 AM on December 9, 2013 [16 favorites]

Comparing a tech company selling your profile to advertisers to the government wantonly finding new ways to scan your communications for breaches of the law is... well it's certainly hyperbole.
posted by Potomac Avenue at 8:19 AM on December 9, 2013 [16 favorites]

Corporate surveillance still OK though.

Of course, then they can sell it to the government.
posted by Alexandra Kitty at 8:28 AM on December 9, 2013 [2 favorites]

the companies urge the government to reform its digital spy apparatus.

... except of course where those companies can be part of that apparatus. For profit.
posted by ZenMasterThis at 8:35 AM on December 9, 2013

It really annoys me (but I suppose is entirely predictable) that the tech companies want to paint themselves as the oppressed parties here when only a *few months ago* they were happily collaborating with government surveillance, getting paid for it, and lying to the public about it. Their principled stance would have gone a lot further if it hand't come after them being totally exposed as part and parcel of the program.

Also, these demands are totally wimpy. The administration could argue -- indeed, has been arguing -- that it is doing all these things already. It seems like a perfect setup for all parties involved to put on their serious face for a minute to mollify the public before declaring victory and going back to their old habits. The fact that they penned an open letter (which apparently many major news services ran with as a story) rather than twist arms behind the scenes only adds to my suspicion.

For those who think there is some kind of bright line between corporate and government surveillance: one of the major lessons of all of the recent NSA (etc.) disclosures is that there is very little distinction between the two. Corporate surveillance is a subpoena (or a wiretap) away from government surveillance, and the rampant economic espionage that the government performs proves that data flows in the other direction of the public/private divide as well.
posted by Noisy Pink Bubbles at 8:35 AM on December 9, 2013 [15 favorites]

"Stop, or I'll say 'stop' again."
posted by entropicamericana at 8:37 AM on December 9, 2013 [11 favorites]

Comparing a tech company selling your profile to advertisers to the government wantonly finding new ways to scan your communications for breaches of the law is... well it's certainly hyperbole.

No, it's not at all. If Google didn't collect that shit in the first place, the NSA couldn't go, "Hey, can we get a copy of that?"

These companies are the problem.
posted by Sys Rq at 8:44 AM on December 9, 2013 [11 favorites]

mark7570: "Funny, Google complaining about unwarranted surveillance by the government.

Just last month, Google agreed to pay $17 million to the government for unwarranted surveillance by Google."

The two topics, while both concerning privacy rights, are very different. Surely you can see a difference between a company overreaching in its marketing attempts, and a government overreaching in its monitoring of citizen activities.

An awful lot of tu quoque going on in this thread... If only the pure-at-heart can fight for us, our ranks will be thin indeed.
posted by IAmBroom at 8:47 AM on December 9, 2013 [25 favorites]

I understand the frustration about these companies being in some cases willing partners to widespread surveillance but I think it's also critical to note that in many cases the use of surveillance also threatens the very nature of their industries in that it's quite likely to lead to increased balkanization of the internet because many countries will likely adopt more stringent privacy requirements which might be difficult for US based companies to adhere to.

This will probably mean that companies like Google might have to restructure their company to meet competing regulatory framework. This tends to create a degree of inefficiency (which most businesses view as a negative) plus it reduces the communication and collobaration and innovative aspects of the internet because if your friend won't use Facebook because of privacy concerns that results in a potential loss of revenue and also the synergistic effect of communication with collegues.

Yes you can probably start encrypting everything but that just results in a net loss of efficiency because you have to train people to use encryption and that becomes a barrier to entry. Plus omnipresent surveillance simply isn't that useful because seperating the wheat from the chaff is simply too hard.
posted by vuron at 8:48 AM on December 9, 2013 [2 favorites]

An awful lot of tu quoque going on in this thread... If only the pure-at-heart can fight for us, our ranks will be thin indeed.

Do you honestly believe anything will come of this letter? It's a face-saving PR stunt.
posted by Sys Rq at 8:48 AM on December 9, 2013 [5 favorites]

An awful lot of tu quoque going on in this thread...

you too.
posted by quonsar II: smock fishpants and the temple of foon at 8:50 AM on December 9, 2013 [2 favorites]

I honestly believe it's an attempt to generate more public discussion, and build groundswell support, about the abuses.

This issue is a lot more complicated than many of you are implying. This isn't Mad Men, folks.
posted by IAmBroom at 8:50 AM on December 9, 2013

In a side note, Snowden won Person of the Year from the Guardian. And 28 morons voted for Kanye West. Mind boggling.
posted by dobbs at 8:50 AM on December 9, 2013 [1 favorite]

quonsar II: smock fishpants and the temple of foon: "An awful lot of tu quoque going on in this thread...

you too."

Funny. Incorrect; I didn't use it. But ironically funny.
posted by IAmBroom at 8:51 AM on December 9, 2013 [1 favorite]

I'm convinced there is no getting rid of the NSA at this point without something incredibly drastic happening. They're like J. Edgar Hoover on a steady diet of growth hormones, steroids, and crystal meth. The NSA has a file on everyone now and if you get out of line, they will use it to discredit, discourage, or disempower you. Snowden's seemingly non-stop appalling revelations have convinced me no matter how paranoid you are, it's never enough to keep up.
posted by entropicamericana at 8:56 AM on December 9, 2013 [2 favorites]

"Stop, or I'll say 'stop' again."

I largely agree with Noisy Pink Bubbles, but it's worth pointing out that Google and Microsoft now seem to understand that their compliance is a significant business liability. In the past month:

Microsoft: US government is an 'advanced persistent threat'

Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic

Hoping to avert “collision” with disaster, Microsoft retires SHA1

Google encrypts data amid backlash against NSA spying

Google finishes 2,048-bit security upgrade for Web privacy

Some context:

NSA Surveillance Fallout Costs IT Industry Billions

Bruce Schneier: A Fraying of the Public/Private Surveillance Partnership
posted by ryanshepard at 8:57 AM on December 9, 2013 [6 favorites]

Meanwhile, World of Warcraft reports mysterious and unexpected subscription increase...
posted by kythuen at 9:00 AM on December 9, 2013 [2 favorites]

"Oh no", said Brer Rabbit, "Whatever you do, don't throw me into that briar patch of collusion and under the table payments."
posted by Jakey at 9:00 AM on December 9, 2013 [2 favorites]

As soon as someone trying to sell me yet another thing I neither want nor need disappears someone to an unknown location and tortures them to death I'll see comparisons of Google+ and Facebook to the US Security apparatus as something other than false dichotomy.
posted by Kid Charlemagne at 9:01 AM on December 9, 2013 [5 favorites]

Maybe they could recognize Snowden and Greenwald and Poitras as leaders and not scum?
posted by bukvich at 9:01 AM on December 9, 2013 [2 favorites]

Look everyone, circular during squads are terrific fun and all, but do we want the government to stop its totalitarian tendencies? Corporations fighting against government is a step away from fascism at least.

It's worth pointing out that even though these corporations were collaborating with court orders when turning over information, they were simultaneously getting hacked and data stolen wholesale. Because apparently the secret courts were not enough.

Even those who thought they were complicit were shocked at the magnitude of deception and spying.

Well. Mostly they're just afraid of the economic consequences, but let's use their fears for something good.
posted by Llama-Lime at 9:03 AM on December 9, 2013 [4 favorites]

They have a very serious stake, and the Microsoft representative's letter has spelled it out:

"“People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it.” —Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs, Microsoft"

If it must absolutely be some association with no self-interest at stake that will comment, um, I'm sure the East Nowhereland Macrame Association will say what they can, but---no, never mind. They probably use Ravelry, too.

Notable omissions: Any telcos whatsoever; Amazon; Apple.

(On preview: What IAmBroom and ryanshepard have said.)
posted by seyirci at 9:03 AM on December 9, 2013 [2 favorites]

Yeah, compliance with NSA surveillance wasn't exactly cool when it wasn't also negatively impacting the bottom line but now that it's public knowledge it's really starting to impact their bottom line. Want to change a company? It's not through appealling to their best natures but rather appealing to their desire to maintain a high degree of profitability.

If people aren't adopting core products and services from these companies because of privacy and data mining concerns that will undermine their viability as companies and they want to change that because the alternative is of course a competitor operating in a different country without such draconian surveillance.
posted by vuron at 9:04 AM on December 9, 2013 [2 favorites]

I don't know if I would be strong enough, in their shoes, to say "no" when the NSA came knocking and said "do this for us, or everything you've built goes away." I'd like to think so, but I'm not so sure, especially when it sure sounds like the thing the NSA said they wanted isn't the whole of what they got, because once they were let in the door to ask a few questions they looted the place. So while I feel that, at this point, an open letter is very weak tea, I'm not entirely willing to write off the companies as simply 100% collaborators without much harder evidence. These things work so well for the NSA because you don't have to be 100% on board with collaborating, you just have to have to crack the door open a little and when they're in, they're in. You're part of it now. They're like vampires, you can't just let them in to borrow a cup of sugar.

That said, there's an awful lot of resources these companies have that could be put to use helping an awful lot more than an open letter can. If they're really serious about this, all the things they can legally say about it in protest should have been plastered across their websites from leak day one. Like the SOPA blackout.
posted by jason_steakums at 9:10 AM on December 9, 2013 [1 favorite]

Seyirci, Apple signed on. Hopefully Amazon will too.

I have absolutely no degree of confidence that the Telcos and CLECs are ever going to speak up against the surveillance state as they seem like they can pass responsibility for encrypting and securing data on to their customers.

Yeah it would be helpful if the networks were secure from surveillance but that's never going back into the bottle so the better solution would be encrypting the end points but if you can't trust the endpoints (either as a user or as a provider) you are in a crappy position.
posted by vuron at 9:11 AM on December 9, 2013 [2 favorites]

The Telcos have way more leverage over them, too. Subsidized to hell and back, and propped up with government-sanctioned monopolies - local governments, sure, but they'd definitely crack if they were pressured and throw that contract someone else's way.
posted by jason_steakums at 9:13 AM on December 9, 2013

mark7570: "Funny, Google complaining about unwarranted surveillance by the government.

Just last month, Google agreed to pay $17 million to the government for unwarranted surveillance by Google."

Yup - mass data collection of that type is only ok when done by corporations.
posted by symbioid at 9:23 AM on December 9, 2013

So much cynicism on Metafilter. Well placed, in some ways, but also not very helpful. Like it or not companies provide essential Internet services. Their asking governments to reign in spying is a helpful step.

The letter is sincere. I personally know people at Google and Twitter who've shaped their policies and they have just as much of a liberty / freedom of speech / Internet nerd background as you could hope. And all of these companies have a commercial interest in preventing spying, to protect their international businesses. For example, NSA spying on Gmail is a significant threat to Google's business plans in Europe. They have a self-serving reason to want to stop NSA overreach.

My concern is they don't have any real hope of succeeding in what they're asking. This request strikes me as particularly naïve: "governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.". Bulk data mining is a hugely valuable intelligence asset, there's no way NSA is just going to stop collecting everything they can just because we ask.

I think the requests for oversight and transparency are more realistic. Since the Snowden documents started coming out I've wavered between being appalled and impressed by NSA's capabilities. I accept at some level the US government needs an agency that, say, is hoovering up everyone's cell phone movements as a way to track bad guys. The problem is that it's illegal for NSA to collect that data against US citizens, the Constitution still exists. And the workaround for the Fourth Amendment is this current ridiculous system with no meaningful judicial or legislative oversight.

The current state of surveillance has to be fixed or else our democracy is threatened. The good news is some of America's most powerful corporate interests also want to have it fixed.
posted by Nelson at 9:43 AM on December 9, 2013 [14 favorites]

I'm taking a moment to reflect on the fact that the internet, which did not exist as a household commodity until about 20 years ago, has now become so ubiquitous in our lives that the idea of simply not using the internet any more to strangle this problem at the root (or at least make it a lot more manageable) is considered an impossibility.

I don't think that's what the solution should be, and I'm not sure to what extent it's possible. But I find it interesting that it's more like protecting a homestead from government intrusion after we built it with our bare hands - and there's no way that we're giving it up - than we are without means to take more drastic action to actually protect our privacy interests. Either that, or we're so psychologically enmeshed with what the internet has provided for us that no other way of life dawns on us as a possibility.
posted by SpacemanStix at 9:53 AM on December 9, 2013 [3 favorites]

I think the idea is more "why should we have to give up using the internet?" It's not unreasonable to demand that we don't have to give up our technological advances just because some dickwads want to abuse them.
posted by jason_steakums at 9:58 AM on December 9, 2013

Is the actual website down for anyone else? I'm getting a "This page is generated by Parallels Plesk Panel" page. Way to go titans of the tech industry!
posted by antonymous at 10:01 AM on December 9, 2013

I think the idea is more "why should we have to give up using the internet?" It's not unreasonable to demand that we don't have to give up our technological advances just because some dickwads want to abuse them.

For sure, I tried to imply that (e.g., homestead reference). What I find interesting is that this problem is on such a life wrecking scale due to something that we invented and integrated into our lives in the very recent past. It's fascinating how pervasive and intertwined it is into what we consider to be a necessary quality of life such that we can't imagine fighting on any other front other than to preserve it.
posted by SpacemanStix at 10:04 AM on December 9, 2013

Comparing a tech company selling your profile to advertisers to the government wantonly finding new ways to scan your communications for breaches of the law is... well it's certainly hyperbole.

I don't know. Have you heard about how some companies are using/mining/selling private/personal online data to help create HR black lists? Because that is some damn creepy stuff right there, knowing that your private personal online activities might get your name put on a list that keeps you from consideration for certain jobs you'd otherwise be considered for.
posted by saulgoodman at 10:05 AM on December 9, 2013

Corporations fighting against government is a step away from fascism at least.

Google and Facebook, in particular, both have a track record of trading your privacy for cash.

This letter is mostly about taking out a business competitor, plain and simple, to be able to keep selling a global product to countries and persons that are less and less interested in the US government snooping on their affairs.

To quote Mark Zuckerberg:

The trend has Silicon Valley on edge. “I think the government blew it,” Facebook Chief Executive Mark Zuckerberg said of handling of the NSA eavesdropping revelations at the TechCrunch Disrupt conference in San Francisco earlier this month. “(They said) don’t worry, we’re not spying on any Americans. Wonderful, that’s really helpful for companies trying to work with people around the world.”

How can Zuckerberg do business overseas if the US gets caught spying on his userbase? That's what this letter is really about.

The Zuckerbergs of the world don't give two shits about your privacy.

"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches," [Google CEO Eric Schmidt] said. "We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about... We can look at bad behavior and modify it."

It seems some are stuck with the idea that fascism can only come out of governments, but corporations — specifically, government-corporate partnerships of the kind these companies have formed over the years — are really good at fascism.
posted by Blazecock Pileon at 10:17 AM on December 9, 2013 [7 favorites]

How do national HR black lists not exist already? I figure that's something Experian and LexisNexis would have been developing for the past 10 years already.
posted by crapmatic at 10:47 AM on December 9, 2013

Google and Facebook are against mass surveillance? What's next, defense contractors protesting war?
posted by avian carrier at 10:54 AM on December 9, 2013 [1 favorite]

I feel like there is a difference between making an intelligent decision to give up personal privacy to a company in order to have a better experience with that company's products, and the NSA tracking my cell phone in order to create a profile on me and the people I hang around in real life, especially if I am part of a activist group that is critical of the government.
posted by gucci mane at 10:54 AM on December 9, 2013 [4 favorites]

"“People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it.” —Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs, Microsoft"

So if the NSA keep on with their nefarious ways, people will stop trusting Google and Microsoft and Apple and Facebook.

Why the fuck are people trusting Google and Microsoft and Apple and Facebook?
posted by fullerine at 10:56 AM on December 9, 2013

How do national HR black lists not exist already?

What do you think a credit report is nowadays?
posted by pjern at 11:02 AM on December 9, 2013 [6 favorites]

It's so odd that people can be very suspicious and cynical about state institutions and simultaneously credulous about corporate ones.

Corporations this size are no more driven by the values and goals of employees than governments. Of course this is a PR move / business decision.

It may be the case that this business decision happens to align with other goals and preferences, of course. But that'd only be because of a fortunate coincidence of circumstance.
posted by graphnerd at 11:08 AM on December 9, 2013 [1 favorite]

I'm troubled by the omission of Amazon. Not for the electronics store, but for Amazon Web Services. You know, the datacenter for half the interesting Internet startups in the world? A whole lot of companies are trusting Amazon's network and computers. It's a shame they don't join the discussion, I imagine they're trying to lay low and hope to avoid it.

One possibly related topic: Amazon signed a $600 million contract with the CIA to build a private version of AWS. Historically the US government has used the carrot of large DoD and CIA contracts as a way to get companies to cooperate with their surveillance requests. I'll note IBM isn't on the list of signatories, nor Cisco nor most of the other old school tech infrastructure companies.
posted by Nelson at 11:12 AM on December 9, 2013

This debate about supporting the corps vs govt or being "pure" really does present an interesting question of praxis for those who fall on the left-libertarian side of the spectrum, even more left-authoritarian (not "liberal" -- communist). There's a divide and conquer strategy here that's plain as day. That's basically what COINTELPRO did - provide the seeds of distrust within a unified group.

So - wasn't one of the things that Assange wrote about, making the gov't paranoid? As a more right-wing libertarian, he doesn't like the in-bededness of the gov't in corps and vice-versa. But we (well I, as a lefty) have a different concept when it comes to economics. But... That doesn't mean I don't see the value, and in a sense, you could say that his strategy of inducing paranoia within the government might actually be taking effect, if not WITHIN the government, then between the Public/Private partnership.

As a lefty- the question is - how do you prevent Corps from using this to their own advantage, while using their rancor and anger to fight against the gov'ts surveillance. How do you use political jiu-jitsu to get them to tussle each other?
posted by symbioid at 11:16 AM on December 9, 2013 [1 favorite]

They should have published an 'opened letter' instead.
posted by srboisvert at 11:21 AM on December 9, 2013 [3 favorites]

(BTW, right now the open letter web site is acting very weird for me. Without SSL http://www.reformgovernmentsurveillance.com is giving me a redirect to http://97.74.205.113/. That has the expected page content, apparently hosted at GoDaddy. With SSL https://www.reformgovernmentsurveillance.com/ is serving me a bogus self-signed SSL certificate. More info in this tweetstream. Maybe someone's playing ironic games on a high profile site?)
posted by Nelson at 11:22 AM on December 9, 2013 [1 favorite]

I know it's fashionable to hate Google and Facebook on Metafilter, but there's some serious bullshit being thrown about in this thread. Neither of them are harvesting your information to sell the governments. Yes there is a program where companies are compensated for the costs of handling legal requests for data access, however the amounts involved are trivial for a large company and are not money makers.

But I get it, you sound so sexily world weary and cynical when you throw about canards about how Google and Facebook and Amazon are JUST LIKE THE NSA.
posted by aspo at 11:32 AM on December 9, 2013 [6 favorites]

Anyone who thinks that surveillance is OK for corporations but not for governments should read The Circle by Dave Eggers. The Google-like corporation in the book is hardly benign. (previously)
posted by mark7570 at 11:36 AM on December 9, 2013 [1 favorite]

Neither of them are harvesting your information to sell the governments.

Well, no, but that's only because the government can get around paying the market rate.
posted by Etrigan at 11:36 AM on December 9, 2013 [3 favorites]

Well, no, but that's only because the government can get around paying the market rate.

Wow, look how sexy and world weary you are!
posted by aspo at 11:42 AM on December 9, 2013 [2 favorites]

Oh, please. Do you think Google and Facebook have Boards of Purchaser Respectability? Some criteria of whom they'll sell harvested information to that Zynga passes but the U.S. government doesn't?
posted by Etrigan at 11:46 AM on December 9, 2013 [1 favorite]

I know it's fashionable to hate Google and Facebook on Metafilter, but there's some serious bullshit being thrown about in this thread. Neither of them are harvesting your information to sell the governments.

It is impossible for you to know if this is true unless you are the head of the CIA or NSA or both Google and Facebook.
posted by fullerine at 11:50 AM on December 9, 2013 [5 favorites]

There is a distinct difference between "But wouldn't it be nice of these companies made as much effort to protect our privacy from themselves and from their advertisers and marketers?" and "Google and Facebook and Amazon are JUST LIKE THE NSA."

An appreciation of nuance is very sexy.
posted by Etrigan at 11:50 AM on December 9, 2013 [1 favorite]

I'm not 100% on how facebook works (although I suspect it's very similar) but Google doesn't sell your data to third companies. They do use your data to target ads, but the people buying ads don't get your data. Google is not like a credit bureau, collecting information and then selling it to interested buyers.
posted by aspo at 11:52 AM on December 9, 2013 [1 favorite]

Google doesn't sell your data to third companies

You said "to the government".
Also, you simply do not know this.

It's not that I believe they are evil lizardmen enslaving us through our Gmail but I am simply tired of the "accepted wisdom" being claimed as irrefutable fact when every time there's another document drop it turns out what we thought was accepted wisdom turned out to be complete bollocks.
posted by fullerine at 12:00 PM on December 9, 2013 [1 favorite]

Which is why the companies above are pissed off and making so much noise. (Well in addition to the fact that the people running at least some of them probably actually care about this stuff.)

New technologies often make it easier to spy on larger percentages of the population. In the past there have been significant abuses that have been lessened by regulation and court oversight. It's not prefect, but it does help, dramatically. Right now the tide has turned pretty massively towards blind acceptance of large scale surveillance over the internet. Turning back that is important.

Having the population's wills and the corporation's wills align is a good thing.
posted by aspo at 12:09 PM on December 9, 2013

Just wondering: Any proof that this site is actually affiliated with any of the companies listed?
posted by andreaazure at 12:11 PM on December 9, 2013

graphnerd: "Corporations this size are no more driven by the values and goals of employees than governments."

Counter-evidence (companies that make major business decisions based on personal dislikes of top employees over business data): 1, 2-8

If it's possible for a company to be anti-gay, then it is de facto possible for a company to pro-VALUE-X or anti-POLITICAL-ISSUE-Y. I know this implies that some corporations might not be entirely and completely evil in nature, but that's the breaks.
posted by IAmBroom at 12:31 PM on December 9, 2013

If tech companies really cared, they would refuse to cooperate, not pay lip service.

They could tear out the racks of surveillance equipment and ship them back to Fort Meade. They could respond to sketchy requests for information with "Please kindly fuck off". They could violate gag orders and let people know precisely what's been going on.

They are big enough that if they threw their weight around, it would mean something. They are not going to imprison Mark Zuckerberg.
posted by anemone of the state at 12:42 PM on December 9, 2013

anemone of the state, some of the things you're suggesting would undoubtedly results in someone going to jail. Perhaps not Zuckerberg, but pretty much everyone down the line from him is at-risk.

Some refusal is easy - the equivalent of paying in pennies (which is illegal in many cases, BTW). Some is very dangerous - ignoring court orders.

They aren't the city-states you imagine them to be.

Act like a monopoly?
Your company might lose a court case five years down the road, and have to pay a hefty fine.
Violate a federal court's gag order?
Somebody is going to jail.
posted by IAmBroom at 12:52 PM on December 9, 2013

Set yet another precedent that large companies can stare down the government until the government blinks whenever they don't like the law: priceless.
posted by jason_steakums at 12:53 PM on December 9, 2013 [1 favorite]

Which isn't to say it's the wrong thing to do, but the road to hell, good intentions and all.
posted by jason_steakums at 12:54 PM on December 9, 2013

Any proof that this site is actually affiliated with any of the companies listed?

Here's Microsoft's press release. Here's a tweet from Google.
posted by Nelson at 1:03 PM on December 9, 2013

If tech companies really cared, they would refuse to cooperate, not pay lip service.

They could tear out the racks of surveillance equipment and ship them back to Fort Meade.

The highly visible Google case wasn't Google cooperating. It was the NSA spying on Google by tapping their fiber lines. And Google did refuse to cooperate, they started encrypting all data running on internal networks.

So if they cared, they'd do what they are doing?
posted by aspo at 1:16 PM on December 9, 2013 [3 favorites]

Following on to what aspo says: The big companies have large teams of lawyers and non-lawyers who closely examine every demand they receive and send it back if it isn't up to their standards. I know they do this in the criminal context because I've met the people that do it. It now seems likely that they do it in the national security context too, thought we don't know for sure yet. By the way, the companies are suing the government in the FISA court for the right to tell you whether or not they do, so its my bet that they are at least some of the time.

anemone of the state: When was the last time you stood up to a duly passed law and blatantly refused to comply with it? I'm not saying its impossible, particularly for a singular person (the coordination required to get an organization made up of 50k people to do so is mindboggling to me, but whatever), but I question the truth of your seemingly cavalier attitude.
posted by Inkoate at 3:11 PM on December 9, 2013

Counter-evidence (companies that make major business decisions based on personal dislikes of top employees over business data): 1, 2-8

Ummm. What? Twenty years ago Fox fired someone for embarrassing/angering powerful people and a HuffPo listicle with only one major publicly-traded company? And the issue there was that they refused to offer same-sex benefits (which would certainly cost them many, many millions of dollars?)
posted by graphnerd at 3:30 PM on December 9, 2013

The highly visible Google case wasn't Google cooperating. It was the NSA spying on Google by tapping their fiber lines. And Google did refuse to cooperate, they started encrypting all data running on internal networks.

But why did the NSA do that? Because why spy on people when other people are already spying on those people and you can just piggyback on those spies?

This would not be an issue if Google et al. didn't spy on everyone in the first place. Encrypting their spy network doesn't make them heroes.
posted by Sys Rq at 5:40 PM on December 9, 2013 [2 favorites]

That's just nonsense. NSA has been intercepting private Google traffic between theire datacenters, at the point just after a user request comes in and is decrypted by the web frontend. Those requests were then sent unencrypted(*) via private network lines between data centers. This attack affects pretty much all their web hosted services. The only "spying" Google did in this circumstance was offer web services to users.
posted by Nelson at 6:11 PM on December 9, 2013 [2 favorites]

The only "spying" Google did in this circumstance was offer web services to users.

Are there perhaps other circumstances you haven't cherry-picked?
posted by Sys Rq at 7:18 PM on December 9, 2013 [1 favorite]

It's definitely time to switch away form stock Android to CyanogenMod or similar :
CyanogenMod to have built in text message encryption system (via)
posted by jeffburdges at 2:14 AM on December 10, 2013

And all of these companies have a commercial interest in preventing spying, to protect their international businesses.

Disagree. They have a commercial interest in the perception of preventing spying. I say this not as a world-weary cynic, but as a realist: you do not destroy alternate revenue streams or put yourself in the way of the government's fist by closing doors previously opened. However, you also have to get people to buy into the fact that you're on their side, otherwise the primary revenue streams dry up.

The only way this changes is if it becomes unprofitable enough, and I don't see that happening. I believe the 'open letter' is a course correction for public opinion, little more.
posted by Mooski at 7:14 AM on December 10, 2013 [1 favorite]

This would not be an issue if Google et al. didn't spy on everyone in the first place. This is basic ridiculousness. Do you use Gmail? Do you love Gmail as much as basically everyone I know does, including myself?

So, o wise engineer you... how do you propose to create Gmail without Google keeping your mail on a server for you somewhere?
posted by Inkoate at 9:08 AM on December 10, 2013

Ideally, they could encrypt the messages so that only you could read them whenever they received the messages :

- You create an account with an email provider : You enter a password and your computer generates a private-public key pair. Next, it encrypts the private key using a hash derived form your password and creates a second distinct login hash from your password. Finally, it uploads the second login hash, the encrypted private key, and the unencrypted public key to the email provider.

- Your provider receives an email : First they quickly do any ad serving related processing, carefully avoiding anything too specific. Second, they encrypt the message with your public key and save the encrypted version for you. Third, they delete the original message.

- You login to your email account : You enter your password. You computer computes the second login hash and logs you in. Finally, your computer downloads your encrypted private key and computes the first hash to decrypt it.

- You read an email : You already entered your password during login, which your computer used to download and decrypt your private key. Now all your computer needs to do is download individual messages and decrypt them.

Except, if you create a webmail client using javascript, then anyone with a compromised CA could easily man-in-the-middle your client download to steal the user's real password.

Almost every nation has compromised CAs, including places like Iran, so nations could easily compromise this. Except, MitM attacks are potentially noticeable, not so much in the browser, but risky still.
posted by jeffburdges at 9:43 AM on December 10, 2013

Omnivore: Surveillance and the problem of freedom
posted by homunculus at 9:59 AM on December 10, 2013

There are many ways to create a fully end-to-end secure email system. Gmail does not provide that and has never claimed to provide that. They store your email in cleartext on their servers. Controversially, they even target ads to you based on the content of that email, something disclosed in great public detail. None of this is "spying" and none of it has anything to do with NSA.

BTW, you'll find it significantly harder to provide an end-to-end secure email service with full text search. And I can't think of a way to do fully encrypted email that includes the convenience and reliability of a cloud hosted service. People who need that level of email security generally accept a less convenient system. Sadly, the best known providers of secure email services have just shut down, because the secret NSA laws aren't allowing them to operate safely.

Are there perhaps other circumstances you haven't cherry-picked?

I don't know, are there? Please cite other instances where we know the NSA has successfully attacked Google's services. I'd love to know if any of them exploited "Google's spying on users". There is the possibility NSA has stolen data from Google and Google can't tell us about it because of a secret court order. That's the exact legal problem Google is addressing with this Reform Government Surveillance campaign.

I understand some segment of the Metafilter Brigades hates Google. That's OK, sometimes I hate Google too. But I can't think of any large tech company that does a better job of trying to protect users from intrusive government surveillance. Product design, software engineering, legal measures, in every single way Google is leading the way in trying to resist NSA intrusion. Here, see what the EFF has to say on the topic.
posted by Nelson at 9:59 AM on December 10, 2013 [1 favorite]

As much as I dislike Google when they do overstep their bounds, and they do sometimes, I don't really get the hate about Gmail mining your email to target ads - it's always been the cost of using the service. They've been nothing but up front with that. MetaFilter literally sells a t-shirt that explains the concept succinctly. There are so many other options for email service out there that don't do that.
posted by jason_steakums at 10:31 AM on December 10, 2013 [1 favorite]

And fuuuck Microsoft for their "scroogled" ads where they pretend they're any different.
posted by jason_steakums at 10:38 AM on December 10, 2013 [1 favorite]

As much as I dislike Google when they do overstep their bounds, and they do sometimes, I don't really get the hate about Gmail mining your email to target ads - it's always been the cost of using the service.

Many of us are at least a little concerned about the fact that there are essentially zero controls over what they do with any information you "provide" to them, save what they feel like imposing upon themselves. Kind of like how no one objects to the NSA in general -- it's unquestionably a good idea for the U.S. government to at least have the capability to monitor electronic communications -- but what they're doing specifically crosses a lot of lines that people assumed would not be crossed because of faith in their government.

TL;DR: I trust Google to the exact extent I trust any other large entity with a lot of power -- only if there's something external that can check it.
posted by Etrigan at 10:40 AM on December 10, 2013

Right, but you can't opt out of the NSA, and you can very easily opt out of using Google's products. Even if you run Android!
posted by jason_steakums at 10:44 AM on December 10, 2013 [1 favorite]

And that's not to say that I think they should be able to do whatever. They should have limits. But it's not the same situation as the NSA running unchecked.
posted by jason_steakums at 10:45 AM on December 10, 2013

No one's saying it's the same -- people are saying that there are similarities, and that similar lacks of controls over large companies should also be looked at askance.
posted by Etrigan at 10:48 AM on December 10, 2013

I forcefully disagree with any equivalence between what NSA does and what Google does. The difference is people opt-in* to using Google, they choose to sign up for Gmail or use Google Search or Google Maps. And Google does disclose what data they collect and, broadly, how they use it. NSA doesn't do any of that. NSA collects all data on every human being on the planet, without permission, in defiance of any sort of notion of privacy or of the Fourth Amendment. They deliberately don't say what they do with that data. There is no opting out of NSA. Worse, there's no oversight or disclosure of what NSA does. That makes an important difference in kind.

* You can argue whether people always opt-in to Google. I may send someone an email not knowing it ends up in a Gmail account. And Google is nearly ubiquitous, it is remarkably hard to use the Internet without some trace of that usage ending up noted by Google somehow. But I stand by the statement that it's still a difference of kind.

I guess it's predictable, but here we are in a thread talking about companies saying "Hey, NSA, stop spying on our users!" and we're arguing about whether Google is a threat to user privacy. Please don't lose sight of the threat NSA poses to privacy.
posted by Nelson at 10:48 AM on December 10, 2013 [1 favorite]

No one's saying it's the same -- people are saying that there are similarities, and that similar lacks of controls over large companies should also be looked at askance.

I definitely agree with that. I was more addressing the complaints about them targeting ads to you based on your email text, initially. Like I said, I do think they overstep sometimes, and I do think there should be limits on what they can do, but in this thread there's a bit of conflating the way Google pays for and profits off of Gmail, which they're up front about, with them overstepping. I don't trust them as far as I can throw them either, but there's a pretty clear line between the invasive stuff they've always been up front about as the price you pay for using their services, and the invasive stuff they aren't, and I don't think the two should be lumped in together.
posted by jason_steakums at 10:54 AM on December 10, 2013

From the Washington Post today:

Many mobile devices and smartphones also use WiFi and GPS signals to fix their locations. These signals also reveal their location in a variety of ways including leaked location information from their IP address, mobile apps and built-in location based services. To help the NSA pinpoint the exact location of surveillance targets, a program called HAPPYFOOT intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks.

posted by RobotVoodooPower at 2:43 PM on December 10, 2013 [1 favorite]

Etrigan: "Many of us are at least a little concerned about the fact that there are essentially zero controls over what they do with any information you "provide" to them, save what they feel like imposing upon themselves. "

So.
Don't.
Use.
Google's.
Services.

Is that really so hard to understand?

I don't like how much Ferrarri charges for their cars, either, but they aren't evil for doing so. Likewise, I'm not a real fan of the US Marines' "basic training"... so I've decided not to join the Marines.

I don't understand why some of you don't see a fundamental difference between this, and covert NSA spying.
posted by IAmBroom at 3:06 PM on December 10, 2013

Oh, gosh, now that you've explained it to me slowly, it's finally sunk in.

How about another option:
Google.
Gets.
A.
Better.
Privacy.
Policy.

Why are you so patronizingly against the mere suggestion that Google might be somewhat imperfect?
posted by Etrigan at 3:12 PM on December 10, 2013 [1 favorite]

So.
Don't.
Use.
Google's.
Services.

There are two Google services powering this page. The same is true of many, many, many other websites. The ability to even figure that out is beyond most people's grasp.

Got any realistic suggestions?
posted by Sys Rq at 3:14 PM on December 10, 2013

Nope, you're just doomed.
posted by Nelson at 6:04 PM on December 10, 2013

Please cite other instances where we know the NSA has successfully attacked Google's services.

Man, you ask and the Internet delivers. Just hours after I posted this, a Washington Post blog reveals NSA uses Google cookies to pinpoint targets for hacking. There's evidence NSA is somehow acquiring targets' Google PREF cookie and using that to track / identify individuals. The article talks a lot about how Google uses that cookie for ad tracking, but IIRC it's also used for more basic things like whether you want SafeSearch and what language you prefer. The article also talks about mobile geolocation risks.

One thing not stated is how NSA is seeing the Google cookies. They're supposed to be private, only sent to Google servers, and I'm pretty sure Google does what it can to SSL encrypt the cookies in transit. But of course NSA is hoovering up traffic all over the Internet, and is subverting SSL in various ways, so it's hard for Google to defend against this kind of thing.
posted by Nelson at 6:40 PM on December 10, 2013

I keep Chrome configured extremely strictly and keep FireFox configured more permissively, Sys Rq.

Both get the friendly extensions AdBlock+, Ghostery, and HTTPS Everywhere. And special AdBlock+ rules prohibit facebook from interacting with other sites, breaking all third party facebook apps.

Chrome has Vanilla Cookie Manager, but otherwise retains information between sessions. FireFox deletes all history, cookies, etc. whenever the session ends, no bookmarks even.

Chrome has the unfriendly extensions JavaScript Blacklist and ScriptSafe, that make even buying anything online challenging. And no Flash or similar extensions. FireFox allows full JavaScript and even Flash with a click.

Any regular sites like metafilter and facebook happen through Chrome, although stackexchange really hates my cookie management. All regular Google services are accessed through safer protocols like IMAP and XMPP. I use a clean FireFox session anytime I require a web login to Google, rare.

I allow metafilter access to chatbeat for some reason, but not quant-serve or google-analytics. Ideally, I'd switch Chrome's default search off Google and use OpenStreetMaps over Google maps.

All this comes off slightly backwards because most security extensions for Chrome come out weaker than similar ones for FireFox, due to Google's inconveniencing ad blockers. Chrome has better sandboxing when running however. And Chrome has far better performance characteristics, just kill individual processes. We need a Chromium mod that offers better built in security, like forbidding all cross site cookie access without explicit permissions.
posted by jeffburdges at 6:44 PM on December 10, 2013 [2 favorites]

Anyone know any anonymous sms receiving services similar to receive-sms-online.com but with more numbers? Google wants a phone number when creating new accounts, which I must do when I switch to CyanogenMod. And receive-sms-online.com's numbers all get banned by Google. Just ask some dude on 4chan, IRC, etc.? Or just find a payphone or pick up an almost free sim card?
posted by jeffburdges at 6:49 PM on December 10, 2013

Noisy Pink Bubbles, that article about the PREF cookie is great, thanks. It's from Feb 2012; it'll be interesting to see how Google responds to the news their cookie has been hijacked by NSA. I expect Google will try to find some technical measure to remove the need for the cookie from Safe Browsing or else otherwise make it safe.

My understanding of the NSA cookie attack is it would work on almost any frequently used cookie. A Google cookie is a good target because it's so common, doubly so because of the link to safe browsing. But my reading is the attack would also work against a Facebook cookie delivered by those ubiquitous "Like" buttons, or any of a number of other common sites like Sina Weibo, Microsoft, Apple, etc.

It's amazing how hard it is to protect against the US government as Advanced Persistent Threat.
posted by Nelson at 9:19 AM on December 11, 2013

Etrigan: "Why are you so patronizingly against the mere suggestion that Google might be somewhat imperfect?"

I've never even faintly suggested such a thing, nor has anyone in this discussion (aside from your strawman right there).

I'm suggesting that the idea that 'Google is the problem' is banal and false. Likewise, there is no direct equivalence between the government and corporations like Microsoft, Google, Facebook, et al. Those corporations aren't the CIA nor Blackwater/Xe; they don't kill, torture, kidnap, assassinate, and so forth as part of their daily functioning.

The bank is not the bankrobber. If your money keeps getting stolen, you need a new bank, but the bank is not the bankrobber.
posted by IAmBroom at 10:26 AM on December 12, 2013

Sys Rq: "There are two Google services powering this page. The same is true of many, many, many other websites. The ability to even figure that out is beyond most people's grasp.

Got any realistic suggestions?"

Believe it or not, the interwebs weren't created by Google, and if Google went down, it would continue to exist.

In fact - and this is going to completely blow your mind - I've actually designed webpages that don't use any Google services. Swear to god.
posted by IAmBroom at 10:28 AM on December 12, 2013

The bank is not the bankrobber. If your money keeps getting stolen, you need a new bank, but the bank is not the bankrobber.

The existence of bankrobbers does not invalidate the need to regulate banks.
posted by Etrigan at 10:48 AM on December 12, 2013

Believe it or not, the interwebs weren't created by Google, and if Google went down, it would continue to exist.

In fact - and this is going to completely blow your mind - I've actually designed webpages that don't use any Google services. Swear to god.

Good for you. Keep at it.

Unfortunately, you seem to be practically alone in that, which leaves us humble users in Google's (and Facebook's and Microsoft's and Amazon's and whatever's) deathgrip unless we're proactive enough to learn enough to know enough to do enough to a) detect that deathgrip in the first place, and b) avoid it. Actually opting out with any real effect is beyond most users' skill sets. That's a problem.

I'm suggesting that the idea that 'Google is the problem' is banal and false. Likewise, there is no direct equivalence between the government and corporations like Microsoft, Google, Facebook, et al. Those corporations aren't the CIA nor Blackwater/Xe; they don't kill, torture, kidnap, assassinate, and so forth as part of their daily functioning.

Actually, I think you'll find that an accessory to a crime is every bit as guilty as the principal.
posted by Sys Rq at 9:06 PM on December 12, 2013

Etrigan: "The bank is not the bankrobber. If your money keeps getting stolen, you need a new bank, but the bank is not the bankrobber.

The existence of bankrobbers does not invalidate the need to regulate banks."

No, but those are two completely different concerns. That's the point.
posted by IAmBroom at 3:23 PM on December 13, 2013

Sys Rq: "Actually, I think you'll find that an accessory to a crime is every bit as guilty as the principal."

So now Google is somehow responsible for waterboarding? Do tell...
posted by IAmBroom at 3:24 PM on December 13, 2013

Show us a better way than collecting metadata, NSA director says to critics

Why bother? How about we design new protocols and tools that not only encrypt their contents but make traffic analysis difficult by integrating with Tor? So not only halting the NSA's collection of metadata, but also halting the collection by Facebook, Google, etc. too. I'd love it if the NSA ultimately causes the death of much targeted advertising.
posted by jeffburdges at 3:22 AM on December 14, 2013

So now Google is somehow responsible for waterboarding? Do tell...

Oh, for fuck's sake. You're the one who brought up that over-the-top bullshit in the first place. I had assumed you were using an analogy; if you weren't, then what exactly were you doing?

Anyway, point is, if Google et al. are aiding and abetting the NSA's criminal acts, then Google et al. are also guilty of those criminal acts. This is very basic Law 101 stuff.
posted by Sys Rq at 6:18 AM on December 14, 2013

Google is not aiding and abetting the NSA's criminal acts. They are resisting them in every way they can.
posted by Nelson at 6:52 AM on December 14, 2013 [1 favorite]

Sys Rq: "Oh, for fuck's sake. You're the one who brought up that over-the-top bullshit in the first place. I had assumed you were using an analogy; if you weren't, then what exactly were you doing?

I'm not clear what "over-the-top bullshit" you're referring to; I said:

I'm suggesting that the idea that 'Google is the problem' is banal and false. Likewise, there is no direct equivalence between the government and corporations like Microsoft, Google, Facebook, et al. Those corporations aren't the CIA nor Blackwater/Xe; they don't kill, torture, kidnap, assassinate, and so forth as part of their daily functioning.
AND
So now Google is somehow responsible for waterboarding? Do tell...

The CIA & Blackwater have waterboarded; that's not bullshit. The Intelligence community is explicitly devoted to identifying targets for imprisonment and interrogation by our government; in the past this included waterboarding of captives. That's not bullshit.

You've stated that these social network corporations, by cooperating with the government (which isn't a proven fact, but your opinion), they are guilty of those results of their actions:

Sys Rq: "Actually, I think you'll find that an accessory to a crime is every bit as guilty as the principal."
AND
Sys Rq: "Anyway, point is, if Google et al. are aiding and abetting the NSA's criminal acts, then Google et al. are also guilty of those criminal acts. This is very basic Law 101 stuff."

"Accessory to murder" is not the same charge at all as "murder". In English Common Law, it generally carries the same punishments, but in the US (where all of these actors are based):
U.S. jurisdictions (that is, the federal government and the various state governments) have come to treat accessories before the fact differently from accessories after the fact.

If you took "Law 101" in the United States, you should go back and review your class notes.
posted by IAmBroom at 9:45 AM on December 16, 2013

Did you even read that?

All U.S. jurisdictions have effectively eliminated the distinction between accessories before the fact and principals, either by doing away with the category of "accessory before the fact" entirely or by providing that accessories before the fact are guilty of the same offense as principals.

...which seems to be exactly what I said.
posted by Sys Rq at 2:38 PM on December 16, 2013

(And that "over-the-top bullshit" is "over-the-tope bullshit" because it has nothing at all to do with this discussion. You seem to be suggesting that anyone who is not torturing prisoners is therefore completely innocent of all wrongdoing, which, no.)
posted by Sys Rq at 2:44 PM on December 16, 2013

A
posted by homunculus at 11:48 AM on December 18, 2013

Wired: How The NSA Almost Killed The Internet

Google, Facebook, Microsoft, and the other tech titans have had to fight for their lives against their own government. An exclusive look inside their year from hell—and why the Internet will never be the same.

really fascinating. highly recommended.
posted by the man of twists and turns at 2:19 PM on January 8, 2014 [1 favorite]

Facial recognition app matches strangers to online profiles

Every time I think the Internet can't get creeper, it outdoes itself.
posted by entropicamericana at 2:24 PM on January 8, 2014

Wired took it way too easy on the NSA by painting them as "out of touch" rather than criminal. (tl;dr)
posted by jeffburdges at 2:31 PM on January 8, 2014 [1 favorite]

Wired: How The NSA Almost Killed The Internet

really fascinating. highly recommended.

Agreed. That deserves a FPP, in my opinion.
posted by homunculus at 2:43 PM on January 8, 2014