Google claims data given to NSA via secure FTP, by hand

Michael Auslen | USA TODAY

Google disclosed Wednesday that it uses secure FTP servers and occasionally in-person delivery when it complies to National Security Agency requests for user information.

"When required to comply with these requests, we deliver that information to the U.S. government — generally through secure FTP transfers and in person," Google spokesperson Chris Gaither said in an e-mail. "The U.S. government does not have the ability to pull that data directly from our servers or network."

Secure FTP is used to send files through an encrypted digital channel from one computer to another. By technological standards, it's an old tool.

Google's revelation comes on the heels of requests made Tuesday by Google, Facebook and other tech firms to publish further details about requests for user information made by the U.S. government for national security purposes.

Federal law currently prohibits the disclosure of any information about requests made under the Foreign Intelligence Surveillance Act, and permission to report even aggregate statistics about such requests would require an unprecedented declassification of national security information, USA TODAY reported Tuesday.

Since details about the secret government program PRISM surfaced last week, Google has said publicly that it was not aware of the program's existence and has said it took no part in providing the government with direct access to user information.

"We refuse to participate in any program — for national security or other reasons — that requires us to provide governments with access to our systems or to install their equipment on our networks," Gaither said.

The details released Wednesday go further to create separation between Google and PRISM, as FTP servers or in-person delivery of information would not give the government access to Google servers and would require the company's compliance with each request.

Meanwhile, other tech companies — including Facebook, AOL and Twitter, which was not named in the leaks about PRISM — have been unwilling to release information about national security requests in accordance with federal law.

"We are prevented by law from talking about even how these requests come in and how they're processed," Facebook spokesperson Jodi Seth said.

Facebook has said it does not provide any law enforcement agency with access to its servers. The methods it uses to deliver information to other law enforcement agencies varies by case, spokesman Fred Wolens said.

"It will all depend on the request we receive," Wolens said. "We would deliver information on the whereabouts of a missing kid differently than a request for a case that's several months old."

Analyst Eva Galperin at the Electronic Frontier Foundation said the NSA could not have accessed Google and others' servers without the companies themselves knowing. She said even though they've denied involvement in PRISM, companies could still be providing information to the government through other methods not involving direct access to servers.

"What they deny is knowledge of a program called PRISM and direct access," Galperin said. "You can see from the statements from Facebook and Google and Microsoft, all of which talk about transparency reports and getting permission from the government to publish FISA requests, that they were in fact responding to them. Otherwise they wouldn't be getting permission to publish information about these requests."