On Thursday, the Washington Post dropped some pretty serious allegations, reporting that the U.S. government had been tapping into the servers of numerous Internet companies, including Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube and Apple, in order to, essentially, spy on American citizens.
The government, it was reported, was "extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets," using a previously unknown program called PRISM to do so. And they apparently did so with the consent of the companies involved.
The PRISM program, or Section 702 of the Foreign Intelligence Surveillance Act, "is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States," James Clapper, Director of National Intelligence, wrote.
"Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons."
Any information that was collected, he said, "is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats."
"The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."
What exactly the "inaccuracies" in the report were, Clapper did not illuminate, but it could be that the companies named in the report were aware of the data extraction, as nearly all of them have issued statements to various news outlets, saying that they had not even heard of the program.
"“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook, said. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”"
"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it," Microsoft said in a statement to the Verge.
“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”
Apple also denied any knowledge of the program to CNBC:
Apple to @cnbc: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers.."— CNBC (@CNBC) June 6, 2013
Obviously there are still a lot of unanswered questions with regards to this story, including whether or not the government was extracting this data without the knowledge of the companies involved, and, if so, why it was reported that they did.
I have a feeling this is a story that is going to have some legs.
(Image source: http://commons.wikimedia.org)