NSA’s PRISM ‘Has Direct Access To Tech Giants’ Servers’

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

The US is happily spying on foreign citizens, accessing servers at Facebook, Google, Microsoft and others to get hold of data, reports claim

Following yesterday’s revelations on US officials’ access to Verizon customers’ communications data, today it has been claimed they can get hold of information from tech giants including Facebook, Google, Apple and Microsoft by directly accessing their servers.

The operation, known as PRISM, was uncovered by the Guardian and the Washington Post, and is supposed to require collaboration with the tech giants, yet many have denied knowledge of the operation. Yahoo and AOL were also involved, according to a leaked PRISM presentation.

PRISM operation

surveillance cyber crimeGoogle said it handed over data when it deemed a request acceptable, but noted it does not give others any backdoor into its systems. Apple said it had never heard of PRISM, whilst Facebook said it did not provide any government organisation with access to its servers.

From a 41-page presentation document detailing the operation, it appears PRISM granted access to plenty of data, including email, instant messaging logs, VoIP communications such as Skype conversations and photos.

Microsoft appeared to be the first to sign up to PRISM, back in 2007, with Apple the last in October 2012. Twitter was not one of the listed collaborators.

The US has defended its actions, saying US citizens were not targeted – the mass surveillance is designed to detect foreign threats.

James Clapper, director of National Intelligence, said the findings related to “collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act”, claiming the media reports contained numerous unspecified inaccuracies.

Whilst claiming what the US was doing was legal, he also raised concerns about leaks to media, suggesting they could harm America’s operations against foreign terrorists.

“Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-US persons located outside the United States,” Clapper said.

“It cannot be used to intentionally target any US citizen, any other US person, or anyone located within the United States.

“Activities authorised by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress.

“They involve extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimise the acquisition, retention and dissemination of incidentally acquired information about US persons.”

Commenting on the application of FISA yesterday, Clapper said: “All information that is acquired under this programme is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organisation.

“Only a very small fraction of the records are ever reviewed because the vast majority of the data is not responsive to any terrorism-related query… The Court reviews the program approximately every 90 days.”

Privacy activists remain appalled by the actions of the NSA. The Electronic Frontier Foundation said yesterday: “It’s time to start the national dialogue about our rights in the digital age. And it’s time to end the NSA’s unconstitutional domestic surveillance program.”

Are you a security expert? Try our quiz!