US Government Denies Tech Companies’ Request for NSA Transparency

Posted by on Oct 7, 2013



Image from http://www.theguardian.com


In a previous post, I had discussed how high-profile tech companies like Google, Facebook, Yahoo and LinkedIn are teaming up against the NSA’s request for mass collection of digital data, and seeking the court’s permission to report the exact number of user data requests made by the NSA. In response to the requests made by the tech giants, the US government has filed a court brief denying the release of surveillance request details. The government has said that allowing the companies to release such detailed information “would be invaluable to our adversaries,” providing a clear picture of where the government’s surveillance efforts are directed and how its surveillance activities change over time.

The tech companies often received surveillance requests from the NSA with a gag order, which says it is illegal for them to disclose any information regarding the government’s request to their customers or anybody else. As per these companies, “the gag order violates First Amendment as it interferes with the public’s right to get truthful information about a matter of public debate and service provider’s right to publish such information.” They wanted to publish a transparent report to correct the inaccuracies in the news and to assure the customers that only a tiny fraction of their accounts are subjected to legal orders.

According to the government, however, releasing such information would harm national security interests and allow the adversaries to shift communication platforms to avoid surveillance. The government also dismissed the tech companies’ argument of violation of the First Amendment, saying the information they want to disclose is classified and not covered by the Amendment.


Privacy Issues

Image from http://gizmodo.com/


Here are some of the responses of the tech firms regarding the government’s decision:

Google said in a statement: “We’re disappointed that the Department of Justice opposed our petition for greater transparency around FISA requests for user information. We also believe more openness in the process is necessary since no one can fully see what the government has presented to the court.”

And Microsoft: “We will continue to press for additional transparency, which is critical to understanding the facts and having an informed debate about the right balance between personal privacy and national security.”

Under these circumstances, where the government is preventing companies to disclose the exact statistics of surveillance requests and will continue to snoop around user data for national security, how can we make sure that our data remains protected? So far it has been seen that it is difficult on NSA’s part to break into properly implemented encryption technologies. NSA has managed to penetrate some systems having poorly implemented and outdated encryption technologies, but getting into properly encrypted systems still remains difficult. Security researchers suggest that implementation of strong encryption standards like AES (Advanced Encryption System) can help in protecting your data from PRISM revelations. AES is the strongest encryption algorithm till date, and is extremely difficult to break.

True Privacy with SpiderOak


Image from https://spideroak.com/

 At SpiderOak, we protect sensitive user data using 256-bit AES encryption so that files and password remain secured. SpiderOak encrypts the files in your computer before uploading them to the server. As a result you and only you have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belongs to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. SpiderOak’s encryption is comprehensive — even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data. In this way, we are not capable of betraying our customers.

The secret that keeps your data accessible to you alone is your SpiderOak password, which is never transmitted to SpiderOak in its original form. SpiderOak generates a key from your password using derivation/strengthening algorithm PBKDF2 (using sha256), with a minimum of 16384 rounds, and 32 bytes of random data (“salt”). This key is then used to encrypt/decrypt a series of strong encryption keys that are used to encrypt/decrypt your data. So, a user who knows her password can generate the outer level encryption key using PBKDF2 and the salt, then decipher the outer level keys, and be on the way to decrypting her data. Without knowledge of the password, however, the data is unreadable. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected.form. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.


Interested in SpiderOak Products?

SpiderOak carved its niche as the top choice for those most concerned with privacy.The engineering goal was simple – devise a plan where users’ files, filenames, file types, folders, and/or any other personal information are never exposed to anyone for any reason (even under government subpoena). This describes SpiderOak’s ‘zero-knowledge’ privacy environment.

SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Hive keeps all your files in sync across your computer and mobile devices. Here the end-user has the ownership of data and is the only one with the keys to unlock and look at plaintext data. You can signup for this product now. SpiderOak Blue works seamlessly in your enterprise environment. To resolve authentication it deploys a virtual appliance that resides behind your firewall and integrates with Active Directory / LDAP for single sign-on. SpiderOak Blue is compatible in Mac, Windows, Linux, iOS and Android platforms. SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please

2 Responses to “US Government Denies Tech Companies’ Request for NSA Transparency”

  1. Dave says:

    But can Spideroak be compelled to install a backdoor into its system that would allow the U.S. government to spy on Spideroak users?


    I love the idea of Spideroak, just like I loved the idea of lavabit email, but we see what happened to the owner of that site. How is Spideroak different? What’s your defense against a U.S. National Security Letter that demands you to install a backdoor into your system without notifying the public?

    • Kalyani M. says:

      Hi Dave,

      Thanks for your comment. A very similar question was raised in the recent NSA surveillance conference at CATO University last week. In response to that question David Dahl from SpiderOak said that SpiderOak does not have any keys or plaintext data that it can hand over to the government. All the data stored in the SpiderOak server is completely encrypted. “All our data is literally garbage,” he said. “With our text and phone we have nothing to give” the government. SpiderOak’s encryption is comprehensive — even with physical access to the storage servers. SpiderOak encrypts the files in your computer before uploading them to the server. As a result you and only you have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belongs to you. For more information on SpiderOak encryption you can go to https://spideroak.com/engineering_matters.

Leave a Reply