Download our in-depth report: The Ultimate Guide to IT Security Vendors
The Guardian is reporting that the U.S. National Security Agency, as part of a secret program called PRISM, has been directly accessing the systems of leading technology companies, including Google, Facebook and Apple, for several years.
A top secret 41-slide PowerPoint presentation apparently details the program's capabilities, including "collection directly from the servers" of U.S. service providers.
According to a PowerPoint slide printed by the Guardian, PRISM collection began for Microsoft in September 2007, for Yahoo in March 2008, for Google in January 2009, for Facebook in June 2009, for Paltalk in December 2009, for YouTube in September 2010, for Skype in February 2011, for AOL in March 2011, and for Apple in October 2012. The presentation also states that Dropbox will soon be added to the program.
Many of those companies, however, say the program doesn't exist.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"We disclose user data to government in accordance with the law, and we review all such requests carefully," Google told the Guardian in a statement. "From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."
A tech executive at another company told the Guardian, "If they are doing this, they are doing it without our knowledge."
Similarly, Apple spokesman Steve Dowling told the Washington Post, "We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."
Still, that may be a matter of semantics -- the Washington Post reports that another classified document describes the system as enabling "collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations," rather than directly to the servers themselves.
Unlike the previously-disclosed court order requiring Verizon to turn over customers' call records, the Guardian reports, the PRISM program provides access to the content of communications as well as the metadata.
A PowerPoint slide dated April 2013 states that while the data accessed varies by provider, it includes, "in general," e-mail, video chat, voice chat, videos, photos, stored data, VoIP, file transfers, videoconferencing, notifications of target activity (logins, etc.), online social networking details, and special requests.
The presentation also states that "access is 100% dependent on ISP provisioning," and that the PRISM program is "one of the most valuable, unique and productive accesses for NSA."
"The PRISM program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders," write the Guardian's Glenn Greenwald and Ewen MacAskill. "With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users."
"Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy," write the Washington Post's Barton Gellman and Laura Poitras. "'They quite literally can watch your ideas form as you type,' the officer said."