Wow. Nothing is sacred. The Washington Post has discovered that the US' National Security Agency and the FBI have teamed up to tap into the servers of nine US tech companies—Microsoft, Google, Facebook, Apple, you name it—and have extracted e-mails, photographs, audio, video, documents and connection logs. They basically have free reign to take whatever they want. And they've been doing it since 2007.
The classified program is called PRISM and it's absolutely scary how much reach the NSA and FBI have. The companies who are within PRISM's grasp is basically everyone who's ever did anything in technology: Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube, PalTalk and Apple. (PalTalk has been used in the Syrian civil war.)
How does PRISM work? It's terrifying, actually. The Washington Post reports that analysts who use PRISM first key in on 'selectors' (search terms) that are designed to produce at least 51 per cent confidence in a target's 'foreignness'. That's it, just 51 per cent. And after that they can start collecting data.
And what PRISM can pry from these companies is just ridiculous. It can basically watch your every movement on the Internet. For Facebook, PRISM can obtain full access to Facebook's “extensive search and surveillance capabilities against the variety of online social networking services”. For Skype, PRISM can take "audio, video, chat and file transfers". For Google, PRISM can peek in on "Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms." They basically see what you see as you type it.
According to the Guardian, Microsoft first signed up with PRISM back in 2007. Yahoo came around in 2008. Google, Facebook and PalTalk in 2009; YouTube in 2010 and Skype and AOL in 2011. Apple rounded out the nine in 2012. Twitter is a notable holdout. But those nine companies represent pretty much all of the Internet, from search to email to video to any sort of communication.
To be fair, the companies are in a tough spot to be in. If the companies don't comply with PRISM, they can be sued. If they do comply, they can charge the government for their services. It's pretty obvious what most companies would do at that point, right? (Hint: comply.) What's fascinating though is how companies like Twitter (and Apple for five years) have managed to hold out from PRISM. If it's possible to hold out, then why sell out its users? [Washington Post]
Update: Apple denies it.
Apple to @cnbc: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers.."
— CNBC (@CNBC) June 6, 2013
Update: So PRISM totally exists. James Clapper, the Director of National Intelligence, basically confirmed the Washington Post and Guardian report about how the NSA can pry data from Apple, Facebook, Google and whoever else.
"The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."
Okay. Translation: hey, we're doing this because it's all totally legal! And that there are a lot of procedures to get stuff like this done so don't worry! And it's all a secret! And that revealing that we've had access to data from bigwig Internet companies is an awful thing to do! Basically, trust us to keep you safe even if it means we're completely untrustworthy. Ha. [DNI.gov via SFGate, Image Credit: Guardian]
Updated: Perhaps understandably, the likes of Facebook, Apple, Google, Yahoo, Microsoft et al are all flatly denying allegations that they allow the NSA direct access to their servers. Importantly, that's not the same as not sharing data with them.