Wall Street Journal Says Google Transfers Data to the NSA via Secure FTP
The Wall Street Journal says Google transfers data to the NSA via FTP — but please note that they’re talking about SFTP (Secure FTP), an extension of the SSH protocol that uses strong encryption: How Google Transfers Data to NSA - Digits - WSJ.
How does Google hand over data to the government? By old-fashioned secure “file transfer protocol,” or FTP. And sometimes even by hand.
That detail, which Google disclosed for the first time late Tuesday, contrasts with earlier reports that claimed the government had special access to its network and to those of other technology companies.
Chris Gaither, a Google spokesman, said that when the company receives court orders to provide information to the government, it usually does so with secure FTP, a method of sending encrypted files over the Internet.
And occasionally, Google hands over files to the government in person, he said. (He declined to say when and why they use the manual approach.)
In other words, Google “pushes” information for the government rather than allow the government to “pull” information directly from Google’s system, Gaither said. He said the company has pushed back on attempts by governments to get more direct access, but he didn’t provide details.
Also note that this somewhat confirms the limited scope of Google’s data sharing, because a dedicated SFTP account on a Google server would only show the logged-in user what Google makes available in that user’s private directory.
In other Google-related news, the Internet giant is asking the US government to allow them to Publish More National Security Request Data.
Dear Attorney General Holder and Director Mueller
Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.
We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.
Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.
We will be making this letter public and await your response.
David Drummond
Chief Legal Officer