The U.S. National Security Agency (NSA) has obtained direct access to
the systems of Google, Facebook, Apple and other U.S. internet giants,
according to a top secret document obtained by The Guardian.
The NSA access is part of a previously undisclosed programme called
PRISM, which allows officials to collect material including search
history, the content of emails, file transfers and live chats, the
document says.
The Guardian has verified the authenticity of the document, a
41-slide PowerPoint presentation — classified as top secret with no
distribution to foreign allies — which was apparently used to train
intelligence operatives on the capabilities of the programme. The
document claims “collection directly from the servers” of major U.S.
service providers.
Firms react
Although the presentation claims the programme is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday, June 6, denied knowledge of any such programme.
In a statement, Google said: “Google cares deeply about the security of
our users’ data. We disclose user data to government in accordance with
the law, and we review all such requests carefully. From time to time,
people allege that we have created a government ‘back door’ into our
systems, but Google does not have a back door for the government to
access private user data.” Several senior tech executives insisted that
they had no knowledge of PRISM or of any similar scheme. They said they
would never have been involved in such a programme. “If they are doing
this, they are doing it without our knowledge,” one said.
An Apple spokesman said it had “never heard” of PRISM.
The NSA access was enabled by changes to U.S. surveillance law
introduced under President Bush and renewed under President Obama in
December 2012.
The programme facilitates extensive, in-depth surveillance on live
communications and stored information. The law allows for the targeting
of any customers of participating firms who live outside the U.S., or
those Americans whose communications include people outside the U.S.
It also opens the possibility of communications made entirely within the U.S. being collected without warrants.
Verizon revelation
Disclosure of the PRISM programme follows a leak to the Guardian on
Wednesday of a top-secret court order compelling telecoms provider
Verizon to turn over the telephone records of millions of U.S.
customers.
The participation of the internet companies in PRISM will add to the
debate, ignited by the Verizon revelation, about the scale of
surveillance by the intelligence services. Unlike the collection of
those call records, this surveillance can include the content of
communications and not just the metadata.
Some of the world’s largest internet brands are claimed to be part of
the information-sharing programme since its introduction in 2007.
Microsoft — which is currently running an advertising campaign with the
slogan “Your privacy is our priority” — was the first, with collection
beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009;
YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined
the programme in 2012. The programme is continuing to expand, with other
providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.
The extent and nature of the data collected from each company varies.
Companies are legally obliged to comply with requests for users’
communications under U.S. law, but the PRISM programme allows the
intelligence services direct access to the companies’ servers.
The NSA document notes the operations have “assistance of communications providers in the U.S.”
The revelation also supports concerns raised by several U.S. senators
during the renewal of the Fisa Amendments Act in December 2012, who
warned about the scale of surveillance the law might enable, and
shortcomings in the safeguards it introduces.
When the FAA was first enacted, defenders of the statute argued that a
significant check on abuse would be the NSA’s inability to obtain
electronic communications without the consent of the telecom and
internet companies that control the data. But the PRISM programme
renders that consent unnecessary, as it allows the agency to directly
and unilaterally seize the communications off the companies’ servers.
Range of data
A chart prepared by the NSA, contained within the top-secret document obtained by The Guardian,
underscores the breadth of the data it is able to obtain: email, video
and voice chat, videos, photos, voice-over-IP (Skype, for example)
chats, file transfers, social networking details, and more.
The document is recent, dating to April 2013. Such a leak is extremely
rare in the history of the NSA, which prides itself on maintaining a
high level of secrecy.
The PRISM programme allows the NSA, the world’s largest surveillance
organisation, to obtain targeted communications without having to
request them from the service providers and without having to obtain
individual court orders.
With this programme, the NSA is able to reach directly into the servers
of the participating companies and obtain both stored communications as
well as perform real-time collection on targeted users.
The presentation claims PRISM was introduced to overcome what the NSA
regarded as shortcomings of Fisa warrants in tracking suspected foreign
terrorists. It noted that the U.S. has a “home-field advantage” due to
housing much of the internet’s architecture. But the presentation
claimed “Fisa constraints restricted our home-field advantage” because
Fisa required individual warrants and confirmations that both the sender
and receiver of a communication were outside the U.S.
“Fisa was broken because it provided privacy protections to people who
were not entitled to them,” the presentation claimed. “It took a Fisa
court order to collect on foreigners overseas who were communicating
with other foreigners overseas simply because the government was
collecting off a wire in the United States. There were too many email
accounts to be practical to seek Fisas for all.” The new measures
introduced in the FAA redefines “electronic surveillance” to cover
anyone “reasonably believed” to be outside the U.S. — a technical change
which reduces the bar to initiating surveillance.
The act also gives the director of national intelligence and the
attorney general power to permit obtaining intelligence information, and
indemnifies internet companies against any actions arising as a result
of cooperating with authorities’ requests.
In short, where previously the NSA needed individual authorisations, and
confirmation that all parties were outside the U.S., they now need only
reasonable suspicion that one of the parties was outside the country at
the time the records were collected by the NSA.
FBI as intermediary
The document also shows the FBI acts as an intermediary between other
agencies and the tech companies, and stresses its reliance on the
participation of U.S. internet firms, claiming “access is 100% dependent
on ISP provisioning.”
In the document, the NSA hails the PRISM programme as “one of the most valuable, unique and productive accesses for NSA.”
It boasts of what it calls “strong growth” in its use of the PRISM
programme to obtain communications. The document highlights the number
of obtained communications increased in 2012 by 248 per cent for Skype —
leading the notes to remark there was “exponential growth in Skype
reporting; looks like the word is getting out about our capability
against Skype.” There was also a 131 per cent increase in requests for
Facebook data, and 63 per cent for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM
provider. The agency also seeks, in its words, to “expand collection
services from existing providers.”
Political concerns
The revelations echo fears raised on the Senate floor last year during
the expedited debate on the renewal of the FAA powers which underpin the
PRISM programme, which occurred just days before the act expired.
Senator Christopher Coons of Delaware specifically warned that the
secrecy surrounding the various surveillance programmes meant there was
no way to know if safeguards within the act were working.
“The problem is: we here in the Senate and the citizens we represent
don’t know how well any of these safeguards actually work,” he said.
“The law doesn’t forbid purely domestic information from being
collected. We know that at least one Fisa court has ruled that the
surveillance programme violated the law. Why? Those who know can’t say
and average Americans can’t know.” Other senators also raised concerns.
Senator Ron Wyden of Oregon attempted, without success, to find out any
information on how many phone calls or emails had been intercepted under
the programme.
When the law was enacted, defenders of the FAA argued that a significant
check on abuse would be the NSA’s inability to obtain electronic
communications without the consent of the telecom and internet companies
that control the data. But the PRISM programme renders that consent
unnecessary, as it allows the agency to directly and unilaterally seize
the communications off the companies’ servers.
When the NSA reviews a communication it believes merits further
investigation, it issues what it calls a “report.” According to the NSA,
“over 2,000 PRISM-based reports” are now issued every month. There were
24,005 in 2012, a 27 per cent increase on the previous year.
In total, more than 77,000 intelligence reports have cited the PRISM programme.
‘Unprecedented militarisation’
Jameel Jaffer, director of the [American Civil Liberties Union] ACLU’s
Center for Democracy, that it was astonishing the NSA would even ask
technology companies to grant direct access to user data.
“It’s shocking enough just that the NSA is asking companies to do this,”
he said. “The NSA is part of the military. The military has been
granted unprecedented access to civilian communications.
“This is unprecedented militarisation of domestic communications
infrastructure. That’s profoundly troubling to anyone who is concerned
about that separation.” A senior administration official said in a
statement: “The Guardian and Washington Post articles
refer to collection of communications pursuant to Section 702 of the
Foreign Intelligence Surveillance Act. This law does not allow the
targeting of any U.S. citizen or of any person located within the United
States.
“The program is subject to oversight by the Foreign Intelligence
Surveillance Court, the Executive Branch, and Congress. It involves
extensive procedures, specifically approved by the court, to ensure that
only non-U.S. persons outside the U.S. are targeted, and that minimize
the acquisition, retention and dissemination of incidentally acquired
information about U.S. persons.
“This program was recently reauthorized by Congress after extensive hearings and debate.
“Information collected under this program is among the most important
and valuable intelligence information we collect, and is used to protect
our nation from a wide variety of threats.
“The Government may only use Section 702 to acquire foreign intelligence
information, which is specifically, and narrowly, defined in the
Foreign Intelligence Surveillance Act. This requirement applies across
the board, regardless of the nationality of the target.”
(Additional reporting by James Ball and Dominic Rushe.) — © Guardian Newspapers Limited, 2013
Keywords:
National Security
http://www.thehindu.com/opinion/op-ed/through-the-prism-big-brother-is-watching/article4792108.ece
