It turns out that for the past roughly 6 years, the US government has been “collecting” or “mining” US citizens’ personal data and communications from telcos and Internet companies — effectively “spying” on US citizens.
Those data, it has been alleged, come in large part from direct access to the servers of most of the Internet’s biggest brands: Google, Apple, Microsoft, Facebook, Yahoo, AOL and others. (Dropbox was apparently cited in leaked documents as “coming soon.”)
These bombshell disclosures follow yesterday’s discovery that the US government was collecting Verizon telephone records “metadata” for millions of Americans on a daily basis. (AT&T has been involved in the past.) The revelations today that Americans’ online data were sought and allegedly obtained by the National Security Agency exposed a wide-ranging national security related program, under the Foreign Intelligence Surveillance Act, called “PRISM.”
There is some limited judicial oversight of PRISM, but “limited” is the key word. And, whatever oversight exists is all conducted in secret: secret letters and requests as well as secret judicial determinations not subject to public or journalistic scrutiny.
Apple this afternoon issued a denial that it participated in PRISM: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers.” Facebook and Google both issued similar denials directly to us this afternoon. Microsoft also issued a general denial of PRISM participation:
“We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
It’s pretty difficult to reconcile these various company denials with the information contained in documents leaked to The Washington Post.
According to those documents, the online data that the US has apparently accessed (and may have “read”) includes email, chat transcripts, social networking activity, photo uploads, videos, file transfers and other activity. Below are two excerpts from a confidential US government slide deck given to the Washington Post.
The first slide above lists the content and activities collected or monitored by the agency. The second slide immediately below indicates the alleged participation of the various Internet companies and the dates they “joined the program.”
Data mining on this kind of national scale, originally, was the brainchild of John Poindexter, a national security official during the Reagan and Bush (II) administrations. In 2002 – 2003, Poindexter was in charge of an initiative called Total Information Awareness (TIA). It arose in the wake of 9/11 pursuant to the PATRIOT Act.
Its objective, according to TIA opponents, was to create a central data repository that “would allow the Department of Homeland Security and the Department of Defense to collect and analyze a combination of intelligence data and personal information like individuals’ traffic violations, credit card purchases, travel records, medical records, [and] communications records.”
There was considerable bi-partisan opposition at the time. The revelations of the past 24 hours indicate that TIA has essentially been realized and operationalized by the Obama administration. Most senators today in Washington indicated prior knowledge of the PRISM program or had a blasé reaction. According to an article in Computerworld:
Senate Intelligence Committee Chairwoman Dianne Feinstein (D-CA) and other committee members, including Sen. Saxby Chambliss, (R-GA), argued that the order is similar to others that have been routinely issued in recent years.
“This is nothing particularly new,” Chambliss told USA Today. “This has been going on for seven years under the auspices of the (Foreign Intelligence Surveillance Act) authority and every member of the United States Senate has been advised of this.”
Privacy advocates and civil liberties organizations commenting on the revelations today (e.g., EFF, ACLU) have called the scale and scope of the data collection “breathtaking” and the surveillance program itself “beyond Orwellian.”
The scandal is massive and, despite the blasé Washington reaction, it’s unlikely to go away any time soon. The slides excerpted above are apparently authentic and provided to the Washington Post by a whistleblower. According to the publication:
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.
See our related story: Google, Apple & Facebook Deny Participating In Alleged NSA “PRISM” Program