A report from The Guardian reveals for the first time some of the secret costs associated with the National Security Agency's PRISM data collection program, and the statutory financial relationship between the government and tech companies like Yahoo, Facebook, Google, and Microsoft. A top secret NSA newsletter from December, 2012 indicates that PRISM certification costs — costs associated with compliance with the government's procedures and limitations for data collection — amounted to "millions of dollars for PRISM providers to implement."
While the leaked newsletter suggests the government acknowledges responsibility for paying for compliance costs, it's unclear if any of the companies participating in PRISM have actually been reimbursed.
Google and Microsoft declined to provide The Guardian with a comment on the specifics of the report and the costs the companies incurred to comply with the government's demands. Facebook responded, saying that it "never received any compensation in connection with responding to a government data request."
Facebook never received compensation, and Yahoo wants its money back
Yahoo, the only PRISM partner which admitted to resisting the program, says that it has asked the government to pay up for its costs. A Yahoo spokesperson tells The Guardian that "federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law."
The newsletter reveals that the high cost of compliance is related to multiple re-certifications that resulted from the NSA's trouble with the Foreign Intelligence Surveillance Court; a declassified FISA court opinion released this week by the government revealed that the NSA illegally collected thousands of emails and other communications from American citizens with no connection to terrorism. While the issues were related to the NSA's upstream collection, which, in a process distinct from PRISM, pulls data directly from telecommunications cables, the newsletter indicates that the FISA court's decision proved costly for PRISM providers.
It's still not clear what the costs described by the newsletter were specifically related to, and it's possible that the true cost of PRISM data collection is much higher than the millions of dollars cited for compliance costs. A footnote in the FISA court order declassified this week revealed that the NSA used PRISM to collect more than 200 million "internet communications" each year from PRISM participants.