On the heels of yesterday's revelation that the NSA is bulk collecting call logs from Verizon Business customers, the Washington Post is reporting tonight on another initiative, code named PRISM. According to the report, it gives the FBI and NSA access to "audio, video, photographs, e-mails, documents and connection logs" from the central servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL (parent company of Engadget), Skype, YouTube and Apple. Another program called BLARNEY sniffs up metadata as it streams past "choke points" on the internet, continuing the theme of bulk scooping of data most would think is private. The Post's knowledge of these programs comes from PowerPoint slides (like the one shown above) provided by a "career intelligence officer" driven to expose how deep it goes.
So what can the project see? Analysts based at Fort Meade use search terms to determine at least 51 percent confidence in a subject's "foreignness" before pulling data, which can include that of people found in a suspect's inbox. On Facebook, they can utilize the service's built in search and surveillance capabilities, monitor audio, video, chat and file transfers or access activity on Google's mail, storage, photo and search services. So... are you still logged in?
Update: We've contacted several of the companies listed, and so far have heard directly from Facebook and Google. Both companies statements are available in full after the break, where Google reiterated its stance that it does not have or provide "back door" access to anyone, while Facebook Chief Security Officer Joel Sullivan states "We do not provide any government organization with direct access to Facebook servers." Apple has made a similar statement to CNBC denying any knowledge of or participation in such a program.We will add any other response or updates as we receive them.
Update 2: Microsoft has also responded, similarly claiming that it only provides customer data under specific requests such as subpoenas, and if there is any broader program then it does not participate in it. Its full statement is after the break with the others.
Update 3: The latest to chime in is Director of National Intelligence James Clapper, stating "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies." His response goes on to point out that such actions cannot be used to "intentionally" target American citizens. Finally, he calls the disclosure of information about the program "reprehensible," and a risk to the security of Americans. You can check out that full statement (a more detailed version is available here) after the break and decide which part makes you feel less secure on your own.
Filed under: Internet, Apple, Microsoft, Google, Facebook
Source: Washington Post, Office of the Director of National Intelligence]]>