WASHINGTON—The U.S. National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, emails, documents and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.

According to the document, the NSA extracts data “directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

Jameel Jaffer, deputy legal director for the American Civil Liberties Union, called the program “very disturbing. . . . These companies have an obligation to their subscribers and their customers to protect sensitive information.”

“I’m completely astonished,” said Leslie Harris, president of the Center for Democracy & Technology. “It’s hard to think of what remains of privacy in this country.”

The revelation came even as officials confirmed they had been compiling a vast library of Americans’ phone call records in the fight against terrorism. A court order, first disclosed Wednesday by The Guardian newspaper in Britain, requires the communications company Verizon to turn over on an “ongoing, daily basis” the records of all landline and mobile telephone calls of its customers, both within the U.S. and between the U.S. and other countries. Intelligence experts said the government, though not listening in on calls, would be looking for patterns that could lead to terrorists — and that there was every reason to believe similar orders were in place for other phone companies.

The Internet data collection program, code-named PRISM, was launched from the ashes of former president George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority. Congress obliged with two acts in 2007 and 2008 that immunized private companies that co-operated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy.

The program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another.

A senior administration official said Thursday that information collected through the surveillance program targets only non-Americans living outside the United States.

“This program was recently reauthorized by Congress after extensive hearings and debate,” the official said, speaking on condition of anonymity. “Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

Several companies contacted by The Post, including Facebook, Google and Apple said they had no knowledge of the program and responded only to individual requests for information.

“We have never heard of PRISM,” an Apple spokesman said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior NSA analysts, described the new tool as a key source of intelligence information. According to the slides and other supporting materials obtained by The Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports. That is a remarkable figure in an agency that measures annual intake in the trillions of communications.

It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.

The technology companies that knowingly participate in PRISM operations include most of the dominant global players of Silicon Valley, according to the document. PalTalk is much smaller than the other companies named, but it has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.

Loading... Loading... Loading... Loading... Loading... Loading...

Dropbox, the cloud storage and synchronization service, is described as “coming soon.”

The PRISM program is not a dragnet, exactly. From inside a company’s data stream, the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a web portal in Fort Meade, Md., key in “selectors,” or search terms that are designed to produce at least 51 per cent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report but add that “it’s nothing to worry about.”

Even when the system works just as advertised, with no American singled out for targeting, The NSA routinely collects a great deal of American content, described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially.

According to the PRISM slides, with a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy.

“They quite literally can watch your ideas form as you type,” the officer said.

With files from Star wire services

Read more about: