Shielding Yourself from the PRISM

Posted by on Jul 2, 2013

In the past few weeks privacy advocates around the world have launched a fury of anger and frustration across the web in response to PRISM and the recent NSA scandal. PRISM is a classified program spearheaded by the United States National Security Agency. The program monitors online data through the governmental data mining of nine major Internet companies like Google, Apple, and Facebook. The PRISM program is under the classified jurisdiction of the Foreign Intelligence Surveillance Court and a leaked PowerPoint presentation exposing the program has kicked off growing international and domestic calls for greater governmental transparency and a global standard for online privacy rights. PRISM surveillance even went so far as to collect data on suspected Europeans, making this monitoring program one of the most extensive in U.S. history.


Image courtesy of vr-zone.net

According to the government, the controversial PRISM program only targets digital information on foreign suspects. Under the program the NSA has gathered data on file transfers, photos, chat records, videos, and e-mails from leading tech giants. Even more disturbing are the allegations of how the NSA accessed such data, with claims from major publications that PRISM has allowed the NSA and FBI to directly mine data from the central servers of some of the most iconic Internet companies in the United States. Such companies have scrambled to justify or refute their compliance with PRISM to try to calm their frustrated consumers.


Image courtesy of electricfeast.com

Recently, Google Chief Architect Yonatan Zunger went so far as to write, “the only way in which Google reveals information about users are when we receive lawful, specific orders about individuals…it would have been challenging — not impossible, but definitely a major surprise — if something like this could have been done without my ever hearing of it…We didn’t fight the Cold War just so we could rebuild the Stasi ourselves.” And as Rob Bell said, “The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false…Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive.” Both of these corporate retorts don’t come right out and deny involvement, they only work to obfuscate the controversy by diminishing the importance of such an unprecedented attack on consumer privacy rights.

Timeline of the PRISM Program

Image courtesy of ABCNews.com

According to iconic Facebook CEO Mark Zuckerberg, “Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers.” And a statement by Microsoft echoed such denial, “We only ever comply with orders for requests about specific accounts or identifiers…If the government has a broader voluntary national security program to gather customer data, we don’t participate in it.” The wave of PRISM denial hit Apple as well, with spokesman Steve Dowling going so far as to say, “We have never heard of PRISM…We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

For consumers, this distancing and categorical denial is confusing and major brands have been severely damaged regardless of the truth of the allegations. Through a leak by whistleblower Edward Snowden, the companies implicated in the PRISM scandal include Google, Skype, Paltalk, AOL, Yahoo!, Microsoft, Apple, and Facebook. According to Scott Cleland, President of Precursor, this rejection of responsibility is routine with corporate policies that seek to keep their executives in a position of plausible deniability. Cleland says, “The companies are smart…They would have broadly delegated authority for their company’s NSA compliance to a very small number of individuals supervised by a company legal official of some kind; and only those few people would get the security clearances necessary to know what is transpiring.” And John Simpson, Privacy Project Director for Consumer Watchdog, echoes the sentiment, “The massive database that Google has is a honeypot for the NSA, and the snoops wouldn’t be using unconstitutional overreaching surveillance tactics if Google didn’t have this data and retain for so long.”

Protecting a brand’s reputation lies in the hands of corporations and enterprises, not the government. In an era in which both citizen and consumer confidence is at a low, it’s important that consumer data stays protected. Those companies that choose to take extra steps to protect their consumers at all costs will be rewarded with consumer trust, brand awareness, and long term relationships. One of the best ways to protect consumer and corporate data is through using a private cloud service for storage and sync.

Securing Consumer Privacy with SpiderOak

Finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy, so even if the government accessed servers all they would get is unreadable blocks of data. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if PRISM continues unchanged, consumers can rest easy knowing that their data is truly protected. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

Leave a Reply