Senior execs at the affected companies deny all knowledge of the PRISM program.
According to a Guardian newspaper reveal, the US National Security Agency (NSA) has been collecting user data directly from the servers of internet giants such as Google, Facebook and Apple via its PRISM program. PRISM apparently allows the NSA to collect material such as search histories, email contents, file transfers and live chats. So far, though all the allegedly affected companies have said they would comply with government requests according to the law, none of them have said that they were aware of PRISM or allowed that level of access. Google’s statement says it “does not have a back door for the government to access private user data,” and Apple says it has “never heard” of PRISM. According to the Guardian document, the NSA intends to add other providers – Dropbox is specifically mentioned – and “expand collection services from existing providers.”
The reveal comes from a classified NOFORN top secret power point document, intended for training purposes. The document states, among other things, that PRISM – “one of the most valuable, unique and productive accesses for NSA” – is heavily reliant on the participation of US internet firms, and “100% dependent on ISP provisioning.” PRISM began as a Bush administration program, since renewed by the Obama administration. The NSA is a branch of the US Department of Defense, which means that – if true – the US military has effectively been granted unprecedented access to civilian communications.
A senior administration official has since stated that PRISM “is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.” However, it would seem that the NSA needs only reasonable suspicion that one of the parties in the targeted communication is outside the US at the time the records are collected as per the Foreign Intelligence Surveillance Act (FISA), amended, renewed in December 2012. Currently, the PRISM program has been cited as an information source in 77,000 intelligence reports.
At the affected companies, senior executives claimed to be confused by the NSA power point document. All of them said that they did as required by law, and received requests for information every day. They were used to that, but not to PRISM. Some, like Microsoft, said that information was only provided when a legally binding court order or subpoena was provided. “If the government has a broader voluntary national security program to gather customer data,” said Microsoft, “we don’t participate in it.”