In the last 48 hours, it has come to light that the FBI and National Security Agency (NSA) have direct, government-mandated, warrantless access to servers at Google, Apple, Facebook, Microsoft, Skype, and other major internet companies. Furthermore, the NSA also requested — and received — data about every domestic call that’s routed through Verizon’s wired telephone network. While we only have proof of this one request made to Verizon, it is almost guaranteed that the NSA also demanded the same information from every other wired and wireless telecommunications company in the US. In short, the last 48 hours have blown the doors off what is probably by far the biggest case of domestic spying on innocent US citizens.

This data came out via two leaks. First, the Guardian newspaper in England got its hands on a top-secret court order, issued by the Foreign Intelligence Surveillance court, demanding Verizon turn over all of its “telephony metadata” — all of the data pertaining to a call, but not the actual content of the call — on a daily basis, for all domestic and international calls terminating in the US. Second, the Washington Post got its hands on slides detailing the US government’s Prism program — a top-secret program that gives the US intelligence community direct access to the servers of nine internet companies, including Google, Microsoft, Apple, Skype, and Facebook. As far as we can tell, both Prism and the collection of telephony metadata has been going on for years — probably since soon after the Patriot Act was enacted in 2001, following the September 11 attacks.

What isn’t known at this point is just how extensive the FBI and NSA’s data gathering antics have been, but it’s fairly safe to assume that the US government’s dragnet is a lot broader than just these two cases. The slides released by the Washington Post say that Prism is the most prolific contributor to the President’s Daily Brief (PDB), with one in seven NSA reports citing data gathered by Prism, for a total of 1,477 articles read by Obama last year.

Perhaps most worryingly, though, there’s no clear evidence that the court orders and Prism are only being used to gather domestic intelligence; as far as we can tell, Prism seems to care little about whether the target is domestic or international.

What does Obama know about you?

So, through these secret court orders and Prism, what data does the US government have access to? Telephony metadata consists of phone numbers, the unique serial numbers of any phones involved in the call, the start and end time, and sometimes the locations of the callers. It does not directly identify any caller by name, but it’s relatively easy to make the jump from a phone number, serial number, or location to an actual name. As long as you’re building up a detailed network of who talks to who, when, and where, names aren’t all that important either. While the Verizon court order excludes the actual contents of phone calls, it’s not unlikely that there have been other secret court orders that also give the FBI and NSA access to the conversations.

The Prism program is potentially a lot more nefarious. According to the slide above, the US intelligence community has access to just about everything that you do, say, or post on Facebook, Google (Gmail, Search, YouTube), Yahoo, AOL, Microsoft (Hotmail, Skype), and Apple. As far as we can tell, there’s no separation between domestic and international citizens, nor innocents or people suspected of wrongdoing: Prism, in a word, appears to give the US government completely unfettered, warrant-free access to almost all of your online activity and communications.

Data… lots of data

One question that remains unanswered is how the US government accesses the servers of these internet companies, or how it receives telephony metadata from Verizon (and probably other phone companies) on a daily basis. Due to the sheer scale of the data involved — probably on the scale of terabytes or petabytes per day — and the distributed nature of the internet, it’s simply not realistic for the US government to have a single mega-hub, where every telco and internet company sends their data.

Back in 2006, a whistleblower reported that the NSA had a secret room in an AT&T switching center in San Francisco, where it could listen in on all phone calls and internet traffic that passed through it. It’s entirely possible that the NSA/FBI/US government has similar rooms at switching hubs and data centers throughout the US. It’s easy to imagine the NSA having an office at Facebook’s data center in Oregon, for example, and then forwarding any interesting information to the Pentagon.

These local offices probably have direct access to the local Facebook/Google/Microsoft servers, probably via a special interface that limits what kind of data they can obtain. The slides mention that each internet company provides different data, presumably as stipulated by each company’s technology and privacy chiefs, so the US government doesn’t have unlimited access to the actual memory and hard drives of these servers. Again, due to the sheer volume of data, we’re probably not talking about human spies leafing through your Facebook photos — your data is probably gathered and analyzed by a computer, with computer vision, voice recognition, and other specialized algorithms sifting out the occasional photo of a homemade pipe bomb out of the millions of food, baby, and lolcat photos.

These threats are probably then packaged up and sent along to FBI and NSA analysts in Washington and Maryland, where actual terrorist threats are picked out and presented to President Obama on a daily basis.

Next page: Is the US government out of control?