Skip to main content

National Security Agency reportedly has total access to servers of nine major tech firms

Should you think twice about posting that photo to Facebook? According to a new report from The Washington Post, the National Security Agency (NSA) is tapping directly into the servers of nine US Internet firms, including the popular social network.

Many of the firms named in report, however, deny that government has access to their networks.

The Post published slides from a presentation that covers a programme known as PRISM, which reportedly collects data from Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. An unnamed "career intelligence officer" provided the information to the paper to shed a light on what this person considered to be a serious invasion of privacy. "They quite literally can watch your ideas form as you type," the officer told the Post.

What the NSA collects from those companies "varies by provider," the slides say, but in general, it covers email, chat logs, videos, photos, stored data, VoIP, file transfers, video conferencing, logins and social-networking details.

The programme dates back to 2007, with Microsoft being the first company profiled via PRISM, another slide says. PRISM collection reportedly began in October 2012. All the companies "participate knowingly" in PRISM, the Post reported.

But Google, Facebook, Microsoft, and Yahoo denied providing direct access to the NSA.

"Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully," a Google spokeswoman said in a statement. "From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data."

"Protecting the privacy of our users and their data is a top priority for Facebook," the company's chief security officer, Joe Sullivan, said. "We do not provide any government organisation with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinise any such request for compliance with all applicable laws, and provide information only to the extent required by law."

A Microsoft spokeswoman, meanwhile, said "we provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security programme to gather customer data we don't participate in it."

"Yahoo takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network," a Yahoo spokeswoman said.

AOL, Paltalk, and Apple did not immediately respond to a request for comment. But in a statement to CNBC, Apple said "We have never heard of PRISM. We do not provide any government agency with direct access to our servers."

The Post acknowledged that the PRISM "is not a dragnet," though "the NSA is capable of pulling out anything it likes."

"To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect's inbox or outbox is swept in," the paper said.

Companies are obliged to comply with secret orders from the Foreign Surveillance Intelligence Court. It was recently revealed that a FISA court order called on Verizon to hand over to the NSA customer phone records for a three-month period beginning in April.

Image: Washington Post