Skip to main content

Secret program gives NSA, FBI backdoor access to Apple, Google, Facebook, Microsoft data

Secret program gives NSA, FBI backdoor access to Apple, Google, Facebook, Microsoft data

/

Five-year-old program provides government with direct access to email, messages, browser history, more

Share this story

The US National Security Agency and Federal Bureau of Investigation have been harvesting data such as audio, video, photographs, emails, and documents from the internal servers of nine major technology companies, according to a leaked 41-slide security presentation obtained by The Washington Post and The Guardian. According to The Washington Post, the program's slides were provided by a "career intelligence officer" that had "firsthand experience with these systems, and horror at their capabilities," and wished to expose the program's "gross intrusion on privacy."

The program, codenamed PRISM, is considered highly classified and has never been made public before. The list of companies involved are the who's who of Silicon Valley: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Dropbox, though not yet an official part of the program, is said to be joining it soon. These companies have all willingly participated in the program, says the Post.

According to the leaked presentation, the program has been in action since 2007, and is considered the biggest contributor to the daily briefings given to the president, providing data in 1,477 articles last year alone. Allegedly, nearly one in seven intelligence reports from the NSA contains data from the PRISM program. The NSA has the ability to pull any sort of data it likes from these companies, but it claims that it does not try to collect it all. The PRISM program goes above and beyond the existing laws that state companies must comply with government requests for data, as it gives the NSA direct access to each company's servers — essentially letting the NSA do as it pleases. The program was initiated to overcome what the NSA saw as constraints within the existing FISA warrant program that did not allow the agency to make use of the "home-field advantage" provided by having most of the internet's biggest companies on US soil.

The who's who of Silicon Valley are involved in the NSA's PRISM program

Microsoft was the first company to bow to the government's wishes and join the PRISM program in 2007, while Apple held out for five years before agreeing. Though Google and Facebook are a part of PRISM, Twitter has not yet joined. Apparently, the only members of Congress that knew about PRISM's existence were bound by oath not to speak of it publicly. In a statement provided to both The Washington Post and The Guardian, Google denied that the government had any sort of backdoor access to its systems:

Google cares deeply about the security of our users' data. We disclose user data to the government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'backdoor' into our systems, but Google does not have a 'backdoor' for the government to access private user data.

The training documents for the program reveal that the NSA collects a large amount of data on the American public through the PRISM program. For example, if a specific target is investigated using PRISM, that target's complete inbox and outbox are swept, in addition to anyone who is connected to it. This high level of access was initially given to the NSA by President Bush and was later renewed in 2012 by President Obama.

This report follows the news from earlier this week of the NSA's involvement in collecting call data and records from Verizon in another massive surveillance partnership.

Update: The director of National Intelligence issued a statement today, aiming to clear up "inaccuracies" in reporting on the PRISM program. The DNI argues that only people outside of the United States have been targeted, and that the program “does not allow” the targeting of citizens or others within US borders. “This program was recently reauthorized by Congress after extensive hearings and debate,” said the official, adding that, “information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

The word “target” takes on special significance given what has been reported by former NSA codebreaker William Binney and others. The Stellar Wind program, for which Binney claims to have contributed much of the base code, is said to compile massive amounts of internet traffic, which can then be queried at a later time. According to USSID 18, a top-secret NSA manual of definitions and legal directives, an “intercept” only occurs when the database is queried — when someone actually reads the text on a screen.

Update 2: The Washington Post has backtracked slightly on its original story. Attempting to explain the disparity between its findings and the statements given by the companies involved, it says:

It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing "collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations," rather than directly to company servers.

Today’s Storystream

Feed refreshed Sep 24 Striking out

E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


A
Youtube
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


A
Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.


A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
J
Twitter
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.


T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.


A
External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.


A
External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.