Documents leaked to The Guardian and The Washington Post suggest that the National Security Agency has been tapped into the biggest tech companies for years. The PowerPoint presentation, whose authenticity has apparently been verified by both news outlets, describes a PRISM program that allows the NSA to collect information "directly from servers" associated with some of the biggest names in the industry.
The program has allegedly been active since 2007, when the NSA first started grabbing data from Microsoft. Yahoo was added in 2008 along with Google, Facebook, and Paltalk the following year. YouTube, Skype, AOL, and Apple have since joined the party, as well. The NSA has access to different data for each provider, according to one slide, but it looks like emails, photos, stored data, file transfers, and chat logs are all up for grabs. The NSA has been taking advantage of its access, too. The Guardian says over 77,000 intelligence reports cite data collected via PRISM.
U.S. Director of National Intelligence James Clapper has issued a statement claiming that the law making such data collection legal expressedly forbids government agencies from targeting "any U.S. citizen, any other U.S. person, or anyone located within the United States." According to Clapper, there are "extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons." I'm sure that makes non-U.S. citizens feel much better about the whole thing.
There seems to be a disconnect between the NSA having direct server access and requiring a court order to target specific users. It may be the case that the NSA is collecting huge troves of data but only examining it once the courts grant permission related to a specific user. While the leaked slides say that "access is 100% dependent on ISP provisioning," the tech companies named in the document have denied providing direct access to their servers. There is no government back door, says Google, and Microsoft claims it only provides user data to comply with court orders.
Clapper goes on to say that "the unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans." Reprehensible is exactly the word I was looking for—but not to describe the leak.
Thanks to the Electronic Frontier Foundation for the source image Cyril expertly modified.