The Washington Post is reporting a top-secret National Security Administration data-mining program that taps directly into the Google, Facebook, Microsoft and Apple servers among others. “The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time,” reports the Post.
Details about the highly classified program, Project PRISM, are somewhat vague, but it appears that the NSA allows the Attorney General and Director of National of National Intelligence “to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA.”
“With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s ‘extensive search and surveillance capabilities against the variety of online social networking services,’” explains The Post.
From there, the NSA mines the data for suspects, then “hops” to their potential contacts, exponentially increasing the number of Americans that the NSA can spy on (by mandate, the NSA is supposed to monitor foreigners).
Most of these companies have now denied these accusations.
We reached out to Facebook for comment and they replied: “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
In a statement to TechCrunch, Microsoft said: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
Yahoo told TechCrunch: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”
In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a backdoor for the government to access private user data.”
And Apple gave a statement to CNBC:
Apple to @CNBC: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers.."—
(@CNBC) June 06, 2013
According to the Post’s slides (below), the number of PRISM partners has steadily grown over the years. Microsoft, the first partner, began in 2007, Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and Aol in 2011; and finally Apple, which joined the program in 2012,” explains the Guardian.
This revelation follows yesterday’s exposé by the Guardian on the NSA’s program to monitor phone data of every single U.S. call on the Verizon network.
The Post notes that resistance seems possible, given Twitter’s conspicuous absence from the list of companies. This is an unfolding story and we will post significant updates as we learn more.
*Follow Gregory Ferenstein on Twitter for realtime updates (and occasional wry commentary).
Note: Aol is the parent company of TechCrunch.