NSA, FBI Operation PRISM Tapped Into Nine Internet Companies

Since the Guardian story about the NSA seizure of the Verizon phone records of millions of Americans dropped last night, the administration and its allies have been asserting that privacy wasn't invaded because intelligence agencies didn't listen in on those calls.

"The order reprinted overnight does not allow the government to listen in on anyone's telephone calls.  The information acquired does not include the content of any communications or the name of any subscriber. It relates exclusively to call details, such as a telephone number or the length of a telephone call," White House spokesman Josh Earnest told reporters aboard Air Force One today.

“The alleged FISA Court order contained in the Guardian article does not give the government authority to listen in on anyone’s telephone call, nor does it provide the government with the content of any communication or the name of any subscriber," Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) said in a joint statement. "As with other FISA authorities, all information the government may receive under such an order would be subject to strict limitations."

Then, this evening, the other shoe dropped.

In what looks more and more like a revolt from within the intelligence community, the Washington Post broke a story about a secret operation that has gained steam since its inception in 2007 that lets National Security Agency and the FBI tap directly into the servers of nine U.S. Internet companies with access to audio, video, photographs, e-mails, documents and connection logs.

An internal presentation on the Silicon Valley operation, intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the briefing slides, obtained by The Washington Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.

That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.

The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.

And this revelation is thanks to a whistleblower:

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.

UPDATES: Internet companies denied they give the government direct access to their servers:

Google, the Internet's largest search provider, said that, despite previous reports that it had forged a "back door" for the government, it had never provided any such access to user data.

Microsoft said it does not voluntarily participate in any government data collection and only complies "with orders for requests about specific accounts or identifiers."

"We have never heard of PRISM," said Apple spokesman Steve Dowling. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."

Asked whether Apple joined the NSA-FBI data collection program, Apple declined to comment beyond its brief statement.

The Washington Post reported that Apple held out for more than five years after PRISM enlisted its first corporate partner, in May 2007, for "unknown reasons."

That would put the compliance of Apple after the death of Steve Jobs.

The Wall Street Journal reported that the phone-tracking extended beyond Verizon to AT&T and Sprint as well as credit-card companies.

Director of National Intelligence James Clapper released a statement slamming both the Guardian and Washington Post, saying "the unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."

The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act.  They contain numerous inaccuracies.

Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States.  It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.

Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.

Section 702 was recently reauthorized by Congress after extensive hearings and debate.

Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.