LONDON It appears the National Security Agency's sweeping surveillance is not something only Verizon customers should be concerned about. The agency has also reportedly obtained access to the central servers of major U.S. Internet companies as part of a secret program that involves the monitoring of emails, file transfers, photos, videos, chats and even live surveillance of search terms.
The Washington Post disclosed Thursday that it had obtained classified PowerPoint slides detailing the program, code-named PRISM, from a career intelligence officer who felt "horror" over its privacy-invading capabilities. "They quite literally can watch your ideas form as you type," the source told the newspaper.
Participating in the PRISM program, according to a selection of the leaked slides, are Internet titans including Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube and Apple.
It was established in 2007 and is used by NSA analysts to spy on Internet communications as part of the agency's foreign intelligence-gathering work. The analysts use PRISM by keying in search terms supposedly designed to "produce at least 51 percent confidence in a target's 'foreignness.' "
However, the Post notes, training materials for the program instruct new analysts to submit "accidentally collected" U.S. content for a quarterly report, "but it's nothing to worry about."
According to the Post, the system enables NSA spies to monitor Google's Gmail, voice and video chat, Google Drive (formerly Google Docs), photo libraries and live surveillance of searches.
If agents believe a target is engaged in "terrorism, espionage or nuclear proliferation," they can use the spy system to exploit Facebook's "extensive search and surveillance capabilities." And PRISM can monitor Skype, the article notes, "when one end of the call is a conventional telephone and for any combination of 'audio, video, chat and file transfers' when Skype users connect by computer alone."
In order to receive immunity from lawsuits, the participating companies are obliged to accept a directive from the attorney general and the director of national intelligence to "open their servers to the FBI's Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA."
The story will add to the controversy surrounding a leaked court order detailing the NSA's mass snooping on Verizon customers' phone records, which lawmakers have said has been going on for at least seven years. The PRISM program is far more extensive and intrusive than the Verizon phone records grab because it reportedly includes communications content and seemingly unfettered access to the internal servers of the world's largest Internet companies.
Under the Foreign Intelligence Surveillance Act, the NSA can obtain a secret court order to lawfully intercept communications from foreign targets, and in some cases the agency admits that it can sweep up Americans' communications incidentally. But spy agencies having direct access to the servers of companies like Microsoft and Google, which privacy advocates have previously warned about, raises major questions about the extent of companies' undisclosed complicity in government surveillance.
In a recent transparency report, for instance, Microsoft claimed that it had received "no requests" requiring it to hand over communications content for Skype users which is cast into serious doubt if it has allowed the NSA direct access to its servers to mine chats apparently at will.
It is also worth noting, though, that some of the claims in the Post's report are disputable. It claims that the NSA has the ability to mine Google communications by gaining access to the company's central servers, but the FBI has said that U.S. authorities have difficultly monitoring Gmail and other Google services in real time, which is central to the bureau's push to upgrade a 1994 surveillance law.
In response to the story, Google said in a statement that it "does not have a back door for the government to access private user data."
Either way, the significant disclosure shines an unprecedented level of light on the NSA's shadowy surveillance operations, which are very rarely talked about publicly due to the extreme secrecy that shrouds them.
Earlier this year, it was revealed that the NSA was operating a program called Ragtime, an effort similar to PRISM in which as many as 50 undisclosed companies were said to be participating as part of a domestic-data-collection initiative. Now we may know at least a few of those companies' names.
Ryan Gallagher is a London-based journalist who reports regularly on surveillance technology for Slate.