A top-secret National Security Agency program gives the federal government surreptitious access to customer information held by Microsoft, Yahoo, Apple, Google, Facebook, and other Internet companies, according to a pair of new reports.
The program, code-named PRISM, reportedly allows NSA analysts to peruse exabytes of confidential user data held by Silicon Valley firms by typing in search terms. PRISM reports have been used in 1,477 items in President Obama's daily briefing last year, according to an internal presentation to the NSA's Signals Intelligence Directorate obtained by the Washington Post and the Guardian newspapers.
This afternoon's disclosure of PRISM follows a report yesterday that revealed the existence of another top-secret NSA program that vacuums up records of millions of phone calls made inside the United States.
Other services that are part of PRISM include PalTalk, Skype, and AOL. Dropbox is listed in the presentation as "coming soon."
The NSA's direct access -- the FBI is used as an intermediary, but NSA analysts perform the searches -- appears to be the result of Section 215 of the Patriot Act, which authorizes secret court orders that force U.S. companies to turn over business records. That sweeps in metadata and also the content of confidential communications, including e-mail, video and voice chat, videos, and photos, the leaked presentation says.
The Washington Post said it received the classified PowerPoint slides about PRISM and other supporting documents from a "career intelligence officer" who wanted to "expose what he believes to be a gross intrusion on privacy." The documents are recent, with dates as recent as April 2013.
PRISM access appears intended to be used primarily for NSA agents to monitor the activities non-U.S. citizens (the majority of Facebook and Gmail users, for instance, live in other countries). But without oversight and other checks, such a powerful capability could be abused.
Here's more from the Post's report:
Analysts who use the system from a Web portal at Fort Meade key in "selectors," or search terms, that are designed to produce at least 51 percent confidence in a target's "foreignness." That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report, "but it's nothing to worry about." ...
Like market researchers, but with far more privileged access, collection managers in the NSA's Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts. For much the same reason, civil libertarians and some ordinary users may be troubled by the menu available to analysts who hold the required clearances to "task" the PRISM system.
There has been "continued exponential growth in tasking to Facebook and Skype," according to the 41 PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook's "extensive search and surveillance capabilities against the variety of online social networking services."
Last updated at 3:48 p.m. PT. More to come...