Tech Companies 'Gob-Smacked' To Find NSA Collecting Data
AUDIE CORNISH, HOST:
Changes are coming soon to the way the National Security Agency gathers information about people all over the globe. President Obama is slated to speak next Friday about what action he'll take to revamp the NSA surveillance programs, which were revealed in news leaks from former NSA contractor Edward Snowden. The president has been meeting with stakeholders for several months, including executives from some of the biggest technology firms.
Wired senior writer Steven Levy has also been talking to tech execs about the Snowden revelations. He wrote an article called "How the NSA Almost Killed the Internet." Levy says tech companies have been pushing the president to get them off the hook.
STEVEN LEVY: They were really gob-smacked. They got a phone call from The Washington Post. The Guardian was also calling, chasing the story. They have the same leaks. And they were saying, what is this thing about this program called PRISM that gives the NSA access to your servers there? And they'd never heard the word prism in that. And, of course, there was a program that they were cooperating with that didn't give direct access to the servers, but it did require them to hand over information, sometimes without warrants to the government.
CORNISH: But this is going to sound surprising to people who are under the impression, after all these leaks, that these companies very much were cooperating with the NSA. So for them to say, hey, we didn't know what was going on doesn't seem plausible.
LEVY: Well, they did hand over the certain information from what I'll call the front door. What really surprised them a little later on was that the NSA was also getting a lot of information from the back door, without permission basically by hacking their systems there. And this is what really enraged the companies.
CORNISH: Tell us a little bit about your visit to some of these tech firms. What did you learn from them that surprised you?
LEVY: I think the most surprising thing really was how now that the U.S. government was their biggest adversary there. I think that they hadn't expected to have to fortify themselves against the most sophisticated attacker, if you will, in the world.
CORNISH: But aren't they doing it against international hackers all the time?
LEVY: Yeah. But as sophisticated as, you know, the top international data thieves and dark-side hackers are, they are no match to governments. And the fellow from Google, who's head of security of Google told me, well, first, we were fighting these dark-side hackers there, these very sophisticated criminals. And then we had to step up after China attacked us. And now we're up essentially against the A-team, you know, the most sophisticated attackers in the world there.
CORNISH: Now, isn't this essentially disingenuous? I mean, as long as they're gathering and storing this amount of data, isn't there always going to be a privacy problem? And I ask because many privacy activists have talked about companies retaining too much data for too long, collecting too much for no good reason. I mean, they've made themselves vulnerable.
LEVY: That's right. The companies do have a lot of information about us. Some of them are more transparent than others about the amount of information they have. In some cases, like a company like Dropbox, it's just information that we very consciously say, OK, we're going to store our data on your servers there. So we'll put it in a cloud. But this is a continuing concern. And the companies have faced regulation on their own. This is one reason why they're somewhat reluctant to really go full tilt against the government because the same government could turn around and regulate them on that.
CORNISH: So it's not that the companies have lost customers, right, because I don't get the sense that people have been dropping their email accounts left and right.
LEVY: No, they haven't. And right after the revelations came out, the companies did a lot of testing. And they found that after initial drop in trust, that things came back up there. But as these revelations came one after another, they became more and more concerned, particularly among overseas customers. You know, President Obama within a couple of days after the first revelation said, don't worry, Americans, we're only spying on people overseas.
And since most of the companies have over half their business overseas, this was a big concern to them. And then there's this other threat called balkanization, that some countries are so outraged they're now saying that they don't want the information of their citizens stored on U.S. servers, that information has to stay within their borders. And this balkanization of the Internet is really a threat to the way the whole net operates.
CORNISH: Balkanization meaning every country will have its own Internet, in effect?
LEVY: That's right. Or at least the countries that demand this. And Brazil is actually far along on this. We've heard this from Germany, India. Other countries are threatening to limit the data to service inside their borders.
CORNISH: You know, at the end of the day, is there, at this point, any real expectation that there's privacy on the Internet, I mean, between the companies that trade on your information and a government that's interested in it?
LEVY: I came to kind of a pessimistic conclusion there. The fact is that we're in this rush of digitizing everything and getting all this information into the cloud, you know, where it can be accessed there. And both the NSA and the technology companies are taking advantage of these amazing technological advances that just changed the way information is stored but also the amount of information we generate that can be accessed there.
And it's irresistible to an agency like the NSA to somehow get access to that in its effort to protect us, just as it's irresistible to these companies to make use of this in building their businesses there.
CORNISH: Steven Levy is a senior writer for Wired magazine. Thanks so much for talking with us.
LEVY: My pleasure.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.