The Washington Post is reporting that a ”horrified” career intelligence office has provided slides detailing a secret US government spying program in which the US National Security Agency (NSA) and the FBI allegedly have direct access to the servers of Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube and Apple. (Update: NBC says it has confirmed PRISM’s existence with anonymous sources, but “a government official says it is a data collection program rather than a data mining program.” Which may be so, though if one collects data, one can always mine it afterwards at one’s leisure.)
Here are the alleged details, as reported so far by the Post and the Guardian:
- One in seven NSA reports are using data gathered from the system, called PRISM
- Data from the PRISM program appeared in 1,477 articles in President Obama’s daily brief in 2012
- Data is apparently piped directly from the servers of Google, Yahoo, etc. to NSA systems, where it is filtered for “foreignness.” User accounts where security analysts have at least 51% confidence in a target’s “foreignness” may be examined.
- The filter for “foreignness” is imperfect, so data from many US citizens is also examined by intelligence analysts, but, according to one government presentation slide provided to the Post, “it’s nothing to worry about.”
- Without referring to PRISM specifically, Google in a statement appeared to deny involvement. The company said “From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.” (Update: Google has since provided a more specific denial.)
- Facebook has also denied involvement, telling The Next Web that “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
- Apple has denied involvement as well, telling CNBC that “We have never heard of PRISM. We do not provide any government agency with direct access to our servers.”
- Microsoft also appeared to deny involvement, in a statement that said, “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers.”
- Update: Yahoo has added itself to the list of companies denying involvement, telling the Guardian, “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.” Some have wondered about the remarkably similar wording in Facebook’s, Apple’s and now Yahoo’s statements.
- Update: Dropbox, which was alleged to be “coming soon” into PRISM, also says it is “not part of any such program.”
- The report alleges that NSA can access Google services including Gmail, voice and video chat, files stored on Google Drive and photos. Search terms can be monitored in real time.
- Everyone in a suspected terrorist’s email inbox or outbox is effectively swept in with the data gathered on a target
- Microsoft was the first corporate partner of the spying program, beginning in May 2007.
- For unknown reasons and by unknown means, Apple held out for five years after Microsoft joined the program, but is now a part of it. Twitter doesn’t appear to be part of it, according to the documents.
- Growth in use of data from the PRISM program by analysts has been “exponential.”
- “They quite literally can watch your ideas form as you type,” the anonymous intelligence officer told the Post.
See some of the government slides about the program leaked to the Post here.