By Los Angeles Times
WASHINGTON — Over the past six years, the FBI and National Security Agency have tapped directly into the central servers of nine leading Internet companies to search for emails, videos, photographs, audio files and other documents potentially linked to investigations into terrorism, espionage or nuclear proliferation, the Washington Post and the (London) Guardian reported Thursday.
The program, code-named PRISM, involves nearly all the major Internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, the Post reported, quoting from classified documents.
Among major companies, only Twitter has so far been a holdout, the Post said.
Apple, Google, Facebook and Yahoo denied participating in the program. The others did not immediately respond to requests for comment Thursday night.
A senior administration official said the program was governed by the Foreign Intelligence Surveillance Act, which “does not allow the targeting of any U.S. citizen or of any person located within the United States.”
The Foreign Intelligence Surveillance Court, the executive branch, and Congress oversee the program, which “was recently reauthorized by Congress after extensive hearings and debate.”
The official, who requested anonymity to comment on a classified program, stressed its importance: “Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”
James R. Clapper, the director of national intelligence, said the Post and Guardian articles “contain numerous inaccuracies.” He called disclosure of the program “reprehensible.”
In a statement, he said the program, based on Section 702 of the Foreign Intelligence Surveillance Act, “cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.”
The Foreign Intelligence Surveillance Court, the executive branch, and Congress oversee the program, which “was recently reauthorized by Congress after extensive hearings and debate,” he said.
“Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats,” Clapper said.
The latest disclosure, coming as officials separately confirmed a long-running NSA program to secretly collect toll records on nearly all domestic and international telephone calls made by Americans, underscores how U.S. intelligence and law enforcement agencies secretly glean vast amounts of information from communications technology.
Legally, much of the data is considered property of the companies, not of individual users. That limits users’ ability to challenge the government’s data mining operations in court.
The Post said it had obtained information about PRISM from a career intelligence officer who provided PowerPoint slides “in order to expose what he believes to be a gross intrusion on privacy.”
According to the Post, a presentation for senior NSA analysts described PRISM “as the most prolific contributor to the president’s daily brief, which cited PRISM data in 1,477 articles last year.”
The daily brief contains the nation’s most valuable intelligence secrets and goes only to the president and a handful of top aides each morning.
According to the briefing slides, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports, the Post reported.
PRISM analysts can use search terms to delve into computer systems to pull out selected information. The search terms are designed to look for data that is foreign in origin, but, according to the briefing materials, the NSA concedes it inevitably picks up considerable information on Americans.
In most cases, Internet companies have voluntarily cooperated with PRISM in return for immunity from lawsuits, the Post said.
But in 2008, Congress gave the Justice Department the authority to seek a secret court order to force a reluctant company to comply. The Post said that Microsoft became the first corporate partner for PRISM in 2007 and that Apple held out until 2012.
Microsoft and Apple both disputed they had had signed on to any such program.
“We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis,” Microsoft said in a statement on its website. “In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
Apple said, “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
Yahoo issued a similar denial.
“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network,” the company said in a statement.
Google said it “does not have a ‘back door’ for the government to access private user data.”
And Joe Sullivan, chief security officer at Facebook, said protecting users’ privacy and data is a top priority.
“We do not provide any government organization with direct access to Facebook servers,” he said. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”