I wonder how legit it would be for an US company to set up an internal gag order? Running on compromised hardware is practically a nuclear meltdown (pun intended) and publicly admitting to it as well.
The trick seems to be having sufficiently uninformed people in all positions that might get to write that kind of response. No need to feign ignorance when you can have the real thing.
Qualification is no hindrance to being or of the loop though, deliberately or not. It just makes it more embarrassing. Ignorance itself is still easily attainable, just "shoot the messenger" (this will make you seem tough and thorough to your higher ups) a few times when bad internal news escalate to your level and you will remain in blissful ignorance for the rest of your tenure.
How does that actually work? How far down the chain of related facts to the national security incident are parties allowed/required to lie? If facts can be used to triangulate the secret, that can't be disclosed, right? Are incidents like this like a little fact-bomb which can be used to legally hide other institutional facts under its cover?
I assume it’s like national security letter. Only people in the company that has knowledge would be the ceo, general counsel, and people working directly to mitigate the issue. PR and corporate communication wouldn’t have any knowledge on the incident. I wonder how you collect insurance for these types of incidents if you can’t disclose them.
I mean what are they gonna say? "Yes, we have been aware that an unknown but possibly huge number of our servers have been compromised, but decided to keep our customers in the dark"?
I think the point is that actual honesty from these megacorps would be so surprising that even raising the possibility of it happening is so absurd it feels like parody writing.
This may be the first time in the history of the internet a statement from Facebook has ever been held up as an example of honesty and transparency from a corporation in America.
Mostly because I believe that, while it's important to maintain healthy skepticism around privacy and security issues, I also believe that we don't benefit from cynical hyperbole.
The Snowden leak confirmed Apple's statement. It showed that Apple worked with the FBI on a system to process court ordered user data requests. Apple would obviously have no knowledge of the code name of a downstream NSA system that processed that data.
https://en.wikipedia.org/wiki/Gag_order