Tech companies fret over loss of consumers' trust after NSA revelations

The country’s most prominent tech companies, including Google and Facebook, are scrambling to save their reputations with users following the revelations over a National Security Agency surveillance program that monitors Internet traffic to thwart terrorist attacks.

Since the reports broke, tech companies have mobilized into full-on damage control mode in hopes of maintaining their users’ trust. The companies immediately ushered out statements denying claims that they gave the secretive spy agency direct access to computer servers that store their users’ personal data and handed over the contents of emails, documents and video chats. The Internet surveillance program, known as PRISM, came to light after former government contractor Edward Snowden leaked classified documents about it to the media.

ADVERTISEMENT
The revelations put tech companies in an awkward position because they run counter to the Silicon Valley-embraced principles of openness and Internet freedom.

But as far as public relations headaches go, the claims are particularly damning for tech companies whose business models largely rely on the handling of people’s personal information and leveraging this data to sell online advertisements.

“It's very concerning because you don't want your customers walking away from your services because they're being monitored,” said Ron Bonjean, a Republican strategist and partner at public affairs firm Singer Bonjean Strategies. “It would be very alarming internally for these companies to lose their customers over NSA monitoring.”

In recent days, Facebook, Microsoft, Apple and Yahoo have published figures on the aggregate number of government requests they’ve received for user information as a way to show users they’re not transferring buckets of data to the National Security Agency.

This is the first time Facebook, Apple and Yahoo have released such figures. Yahoo even committed to publishing a full transparency report this summer with the number of government requests it receives for user data from the first half of the year and promised to update bi-annually.

House Intelligence Chairman Mike Rogers (R-Mich.) predicts the outcry over the surveillance programs will subside once more information becomes available about them, which may pave the way for tech companies to recover from the public relations flap.

“We're all going to let the dust settle. We're going to get the right information and I think people are going to come around to feeling a lot more comfortable about what really was happening versus what was reported,” Rogers told The Hill.

Out of all the companies linked to the PRISM scandal, Google has been the most aggressive in fighting back against claims that it participated in the surveillance program.

Shortly after the leaks became public, the search company pressed the government to give it permission to publish the number of requests it receives under the Foreign Intelligence Surveillance Act (FISA) for user information.

Google already publishes figures on the number of government requests it receives for user data in its Transparency Report, but wants to publish the number of FISA requests separately from criminal ones. Unlike the data released by the other companies, Google provides numbers for national security letters separately from criminal requests for user information in its report. It also breaks down the requests it receives via search warrant and subpoena.

The Mountain View, Calif.-based company argued that sandwiching the number of FISA requests in with other types of government requests for user information would be "a backward step" for its consumers.

In an unprecedented move, Google filed a petition to the FISA Court last week that asked for permission to publish the aggregate number of national security requests for user information it receives, citing its First Amendment rights. Google asked to publish the total number of FISA requests it receives, if any, and the number of users or accounts tied to those requests.

Companies are barred from even acknowledging that they’ve received a FISA request under current law, as well as whether they’ve complied with them.

In the petition, Google argued that its reputation has been sullied by the “false or misleading” reports in the media about its alleged involvement in the surveillance program and wants to publish those figures to defend itself against those claims.

A day after the company filed the petition, Google’s top attorney, David Drummond participated in an open-ended Q&A session on The Guardian’s website and confronted criticism from skeptical users. During the roughly hour-long Web chat, Drummond declared the company is “not in cahoots with the NSA.”

One participant in the Web chat slammed the move as a “face-saving exercise” to repair the search giant’s reputation with users. Undeterred, Drummond kept denying that Google is involved with PRISM and attempted to convince users that privacy is a top priority for the company.
 
"We hope that our actions, in pushing for more transparency and legal reform and in continuing to take steps to protect our users, will win you back," Drummond told one Web chat participant.

While tech companies have worked hard to distance themselves from the NSA after the leaks surfaced, the two have a history together. The tech industry relies on help from the spy agency to combat the rising number of cyberattacks on its networks. On the other hand, the NSA benefits from the companies’ technological advances and expertise.

The TechAmerica Foundation, the non-profit educational arm of the Washington, D.C., trade group Tech America that represents tech companies like Google and Microsoft, gave NSA Director Gen. Keith Alexander its “Government Executive of the Year” award last Thursday for his efforts on cybersecurity and protecting the U.S. from hacker attacks.

Alexander has also traveled to the annual Defcon conference in Las Vegas to recruit skilled hackers to work for the agency.

Rep. Adam Schiff (D-Calif.), a member of the House Intelligence Committee, acknowledged that tech companies are “in an awful situation where they’re subject to public concern and criticism and they’re not able to fully defend themselves.’”

“I’m sure it’s the worst of all worlds for them at the moment,” Schiff said.

But at the same time, the California Democrat noted that the PRISM scandal also brings up questions “about what they’re doing with their own data — not just whether they’re providing it to the government in terrorism cases, but are they providing it to advertisers?”

It’s a question that privacy advocates have been asking tech companies for years.

Amie Stepanovich, director of the Domestic Surveillance Project at the Electronic Privacy Information Center (EPIC), noted that tech companies’ current business model of leveraging user information to sell online ads has also opened the door for the government to ask for this valuable package of data.

“The problem is [companies are] using this information for their own financial means, which means it's vulnerable for government interception,” Stepanovich said. “I think that's really the basic point that needs to be made here.”

Companies can encrypt electronic communications when they’re being transmitted from one user to another, so that content is not stored in a readable format, according to Stepanovich. That would reduce the government interception of that data.

“There are technological solutions that these companies could start looking at and engaging in ... [and] change their business models to lead to greater privacy protections for all users,” she said.

This post was updated at 11:56 a.m. to clarify that the TechAmerica Foundation, the non-profit educational arm of the trade group TechAmerica, gave Alexander the award.