NSA taps data from 9 major Net firms

Kevin Johnson, Scott Martin, Jayne O'Donnell and Michael Winter | USA TODAY

Under watch from the National Security Agency and the FBI, Internet traffic of people outside the USA is being closely monitored by Silicon Valley Internet giants in a massive data-snooping agreement.

The National Security Agency and the FBI are siphoning personal data from the main computer servers of nine major U.S. Internet firms, The Washington Post and the London-based Guardian reported Thursday night.

James Clapper, Director of National Intelligence, acknowledged existence of the program Thursday night and blasted the reports as "reprehensible" and inaccurate.

Clapper said the program does not allow the targeting of U.S. citizens or any person in the United States.

He ordered information about the program declassified so that the public can understand what information is being collected.

"I believe it is important for the American people to understand the limits of this targeted counterterrorism program and the principles that govern its use,'' he said. "In order to provide a more thorough understanding of the program, I have directed that certain information related to the 'business records' provision of the Foreign Intelligence Surveillance Act be declassified and immediately released to the public.

"The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans,'' Clapper said in a statement Thursday night.

Clapper said the data collection is authorized by Congress and "is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States.''

"It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States,'' Clapper said.

The agencies are grabbing data from the servers of nine U.S. Internet companies including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, according to the documents. The cloud storage device Dropbox was described as "coming soon," along with other unidentified firms.

"We have never heard of PRISM," Apple spokesman Steve Dowling said in a written statement. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."

Google denied participating in the program and said it is trying to find out more about it.

In a statement, the search giant said it "cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."

"Protecting the privacy of our users and their data is a top priority for Facebook," chief security officer Joe Sullivan said in a statement. "We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law."

Microsoft issued a statement saying, "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data, we don't participate in it."

The surveillance program, dubbed PRISM and reportedly in existence since 2007, has not been publicly disclosed by the government agencies.

Documents intended for senior analysts within the NSA's Signals Intelligence Directorate describe an internal presentation on the covert Silicon Valley operation, according to the Post.

The Post writes that the agencies are "extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person's movements and contacts over time."

PalTalk has hosted "significant traffic" during the Arab Spring uprisings and the Syrian civil war, the Post notes.

The operation was approved by special federal judges under the Foreign Intelligence Surveillance Act. Some members of Congress knew of the operation but could not comment.

The program was outlined in a 41-slide PowerPoint presentation intended for senior intelligence analysts. It was classified top secret "with no distribution to foreign allies," the Guardian writes.

The Post says the technology companies are knowingly participating in the secret program, but the Guardian reports that all denied knowledge of the spying, even though the presentation "claims the program is run with the assistance of the companies."

The Guardian says Microsoft was the first to participate, starting in December 2007. It says Yahoo joined In 2008, followed by Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and Apple last year.

The revelation comes a day after the Guardian reported that the FISA court had ordered Verizon to turn over call information to the NSA.

Marc Rotenberg, executive director of the non-profit Electronic Privacy Information Center, called for Congress to tighten controls over surveillance of American citizens.

"Congress has lost control over the legal authorities that permit electronic surveillance in the United States," Rotenberg said. "Simply stated, the system of checks and balances has collapsed."

Contributing: William M. Welch, USA TODAY