Why isn't Twitter part of the NSA PRISM snooping program?

Microsoft was the first to partner with the NSA in 2007, according to the once-secret PRISM PowerPoint deck. Other big-name tech companies followed, and even the obscure PalTalk joined the fray. But, quite conspicuously, Twitter never joined the government snooping program--there's no reference to the company in the NSA document.

Twitter was founded in 2006, and certainly over the course of PRISM's development, Twitter has evolved into a major platform. You would expect it to catch the attention of the NSA--along with Facebook, Google, Yahoo, Apple and other companies that apparently gave the government their buy-in.

So, why wasn't Twitter among the who's who of PRISM partners? While much is unknown about the NSA program, we spoke with digital privacy experts to explore three possible reasons for this notable omission.

Twitter is a low priority

"Whenever spies start sifting, they develop an insatiable thirst for data," John M. Simpson, the director of Consumer Watchdog's privacy project, told TechHive. "But they may also be prioritizing. Much of what is available on Twitter is publicly accessible. There really isn't much in the Twitter business model that incorporates much private back and forth."

Of course, Twitter does have ways to transmit information privately, such as communicating via non-public direct messages, or maintaining a "locked" account that would only be accessible to those with approved access. However, even with these privacy controls in place, Twitter's minimalist nature isn't very suitable for transferring large sets of information.

"The [other companies included in the Prism program] make up a larger, richer, more substantive base of information than Twitter," says Jeramie Scott, the National Security Fellow for the Electronic Privacy Information Center (EPIC). "Given the limits [of what] you can input for any particular tweet, the amount of information is lower than what you can access in other services," Scott told TechHive.

The fact that Twitter only allows for a single beefy nugget of information in any particular tweet may have made it a low priority for the NSA. Indeed, if a terrorist (or anyone the government wants to snoop on) funnels his most sensitive information into emails, phone calls, and video chats, it would make sense that PRISM would first partner with platforms for those avenues of communications.

Twitter is more privacy aware

For its part, Twitter has proven itself far more willing to defend the privacy of its users from government requests than other technology companies.

"Twitter does have a history for protecting users' privacy. They went to bat when the government wanted information on Occupy Wall Street or Wikileaks. They've offered more pushback than most tech companies," says Scott of EPIC.

In July of 2012, Twitter notably appealed a court order to turn over the once-public tweets of an Occupy Wall Street protester. After a lengthy court battle, the company eventually relinquished the tweets under threat of a fine and contempt-of-court action.

Of the 18 tech companies evaluated by the Electronic Frontier Foundation for their records in protecting user data from government snooping, Twitter was one of only two companies to receive a six-star rating out of a possible six (the other was Sonic.net). "If [Twitter] was in fact asked to be part of the program, I'd like to think that they rejected for the right reasons" says Simpson. "The others companies that did take part should be ashamed of themselves."

Twitter is involved with the NSA (we just don't know it yet)

As of writing this, Twitter has not released an official comment on PRISM, nor did it respond to comment for this story. The usphot is that Twitter isn't implicated in the NSA PowerPoint deck, but we really don't know what is going on behind closed doors (or closed server rooms).

The slides obtained by The Guardian were dated April 2013, so we can assume that they are fairly up-to-date as to the status of the program. But that doesn't mean Twitter hasn't been approached by the NSA.

"Just because the PowerPoint slides featured in the Guardian and Washington Post reporting had a timeline of when each tech firm signed up, it does not preclude that others are involved in the program," says Simpson. "So we don't know for sure that Twitter is not being used for something. My cynical worldview is that the Orwellian government agents may simply not have gotten around to it."


Join the CSO newsletter!

Error: Please check your email address.

Tags AppleYahooConsumer WatchdogGoogleMicrosoftsecuritytwitterFacebook

More about AppleElectronic Frontier FoundationElectronic Privacy Information CenterFacebookGoogleMicrosoftNSAPalTalkPrismScott CorporationSonicWall StreetYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Evan Dashevsky

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts