The question at the center of the NSA’s data-mining program: What the heck is PalTalk?

The question at the center of the NSA’s data-mining program: What the heck is PalTalk?

Reports by the Washington Post and the Guardian on PRISM, a top-secret National Security Agency program that directly mines digital data from the servers of major Internet companies, raises big questions about the proper balance between privacy and national security, the true nature of the terrorist threat facing the United States, the role leaks play in a free press, and the legality of government surveillance. But they also bring an admittedly more minor question to mind: What in the world is PalTalk?

Let me backtrack a bit. Thursday’s reports include a slide from a PowerPoint presentation for senior NSA analysts that charts when the nine tech companies complying with the program signed up. A murderers’ row of Silicon Valley giants appears — with PalTalk sandwiched inexplicably in the middle.

The Washington Post and the Guardian don’t go into detail about why PalTalk is on the list, but the Post does offer this clue:

PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.

So what is PalTalk? Here’s how the (mostly) free instant messaging service, which was founded by Jason Katz in 1998, describes itself on its website:

Paltalk is the world’s largest video chat community, with more than 4 million active members. Paltalk provides video and chat capabilities that can facilitate virtual face-to-face interactions between individuals and between groups. It is the only provider that can support hundreds of thousands of users simultaneously, including thousands of people within a single chat room.

The Washington Post mentions that PalTalk has received substantial traffic during the Arab Spring and Syrian civil war, but people have also raised concerns for years now about terrorists using its chat rooms (in 2012, for instance, the British press reported that four men plotting to bomb the London Stock Exchange had made contact with each other through the service). In 2009, the year PalTalk reportedly began participating in the NSA’s program, a U.N. report on the “Use of the Internet for Terrorist Purposes” expressed concern about al Qaeda propaganda spreading in “debate groups such as Yahoo and PalTalk.”

That same year, PCWorld reported that terrorist networks were harnessing PalTalk for recruitment purposes:

Cyberterrorists are using a series of online forums and at least one social-networking site, PalTalk, to recruit people to their cause, Evan Kohlmann, a senior investigator and private consultant for Global Terror Alert, said at the International Conference on Cyber Security 2009 in New York. Many of these people never actually meet in person, but conspire online to launch both cyberterrorist and physical terrorist attacks such as suicide bombings, he said….

[P]eople have actually used PalTalk, a chat-room hosting site, to host a live question-and-answer with people they alleged to be Al-Qaeda leaders, Kohlmann said. He said that he’s not sure if the company “actually realizes what is going on with their chat rooms,” but that the chat room in question is well known among members of jihadi forums.

“In this case, we are particularly talking about a single chat room, with a slightly-changing-but-mostly-static identifiable name, accessible via the official PalTalk chat room index,” he said via e-mail a day after his presentation in New York. “This chat room has been routinely advertised on jihadi Web forums, and it is used on a day-to-day basis to trade download links for Al Qaeda propaganda videos [and] terrorist instructional manuals … If the company hasn’t gotten a hint of any of this by now, then they really need to start re-considering their security policies.”

At the time, PalTalk responded to the charge that jihadists were exploiting its chat rooms, highlighting its constraints in taking down forums:

When asked if the company is aware of Al-Qaeda chat rooms, Judy Shapiro, vice president of marketing for New York-based PalTalk, said the company is aware that there are many political-discussion forums. However, if the chat occurring within those rooms does not violate the company’s terms of service for troublesome language, freedom of speech applies.

“We absolutely shouldn’t discriminate,” she said. “We can’t constrain people’s ability to say what they want. If someone says, I am the head of Al Qaeda, come talk to me, that’s perfectly legal.”

In its terms of service, PalTalk lists “unacceptable conduct” that would violate those terms as “threatening, harassing, or intimidating another user” or “transmitting any unlawful, threatening, abusive, profane, offensive, defamatory, or hateful text or voice communication or images or other material, or any racially, ethnically or otherwise objectionable material, or any material that violates or infringes the intellectual property or privacy or publicity or other rights of any other party,” among other kinds of behavior.

PalTalk will take down a chat room with no warning if users report trouble to its moderators. “If someone said, how do I create a bomb I can [detonate] in Times Square,” that would obviously raise a red flag, Shapiro said.

In cases where “the level of language” would warrant an investigation, PalTalk would take whatever steps necessary to cooperate with law-enforcement officials or take down the site or both if there is good reason, she said.

(For what it’s worth, PalTalk’s terms of service don’t appear to have changed much since the report.)

All of which is to say: the NSA appears to have had its reasons for reaching out to PalTalk.

Update: PalTalk has issued a statement to the Wall Street Journal denying knowledge of the PRISM program — a stance several other tech firms referenced in the NSA slides have also taken. “We have not heard of PRISM,” the company told the paper. “Paltalk exercises extreme care to protect and secure users’ data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers.”