prism-slide-4

Last night, news broke of a secret court order from the National Security Agency (or NSA) requiring Verizon Wireless to hand over the call records of millions of US cell phone users. As you can imagine, mayhem ensued.

And then just as things began to calm down, another bombshell dropped this afternoon. The Washington Post claims it has obtained slides from a top secret security presentation that show Verizon’s not the only company sharing your data…

According to the report, there are 9 tech companies involved in a broad, highly classified government program, code-named PRISM, that gives the NSA and FBI a “backdoor” into their systems. This backdoor allows them to collect a range of data from their users—including audio, video, photographs, e-mails, and connection logs.

prism-slide-5

Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple are all named in the slides as participants in the program. Notably, Microsoft was the first to join when it launched back in 2007, and Apple was the last to give in, signing up late last year.

Here’s more from The Washington Post:

“An internal presentation on the Silicon Valley operation, intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the briefing slides, obtained by The Washington Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.”

So just what kind of data is PRISM collecting? Everything.

“According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.”

Is it legal? That’s the topic of the biggest debate right now—whether or not the government should be able to access our private data without a warrant. But on paper, it appears that it’s totally legal, covered under a revision of the Foreign Intelligence Surveillance Act.

At this point, no one has officially commented on the report. A number of low-level spokespersons from the above companies have denied having any knowledge of the ‘PRISM’ program, but it’s hard to imagine any of them giving a different response. “Yes, we definitely hand over all of your data for warrantless browsing.”

It’ll definitely be interesting to see how all of this pans out.

What do you think about all of this?

Update: Several companies have now given official statements about the PRISM report (via TheNextWeb):

Here’s Google:

“Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. We do not have a ‘back door’ for the government to access private user data.”

And Facebook:

“We do not provide any government organization with direct access to Facebook servers.  When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

Microsoft:

“We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Yahoo:

“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”

And finally Apple:

“We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”