Saturday, 8 June 2013

NSA, FBI tapping directly into servers of 9 leading internet companies (update)

Washington Post NSA, FBI tapping directly into servers of 9 leading internet companies
On the heels of yesterday's revelation that the NSA is bulk collecting call logs from Verizon Business customers, the Washington Post is reporting tonight on another initiative, code named PRISM. According to the report, it gives the FBI and NSA access to "audio, video, photographs, e-mails, documents and connection logs" from the central servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL (parent company of Engadget), Skype, YouTube and Apple. Another program called BLARNEY sniffs up metadata as it streams past "choke points" on the internet, continuing the theme of bulk scooping of data most would think is private. ThePost's knowledge of these programs comes from PowerPoint slides (like the one shown above) provided by a "career intelligence officer" driven to expose how deep it goes.
So what can the project allegedly see? Analysts based at Fort Meade use search terms to determine at least 51 percent confidence in a subject's "foreignness" before pulling data, which can include that of people found in a suspect's inbox. On Facebook, they can utilize the service's built in search and surveillance capabilities, monitor audio, video, chat and file transfers or access activity on Google's mail, storage, photo and search services. So... are you still logged in?
Update 4: Now we've come full circle, as the original Washington Post article has been expanded to include the various company's responses and denials (listed after the break). Another element that has changed is the mention of another classified report that suggests these companies may not be knowingly participating, and the NSA's access may not be as direct as originally claimed. Claiming the difference may be the result of "imprecision" by the NSA author, the arrangement is now described as "collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations."
Update (June 7th): Google has now issued a longer statement, signed by CEO Larry Page and Chief Legal Officer David Drummond, which reiterates its earlier comments and also calls for a "more transparent approach" from both other companies and governments alike.
Update 2 (June 7th): Facebook CEO Mark Zuckerberg has denied involvement on his personal page, stating "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers...We hadn't even heard of PRISM before yesterday." Like the others, he claimed Facebook only provides information "if it is required by law" and mirrored Page's call for more transparency regarding government programs.
Update: We've contacted several of the companies listed, and so far have heard directly from Facebook and Google. Both companies statements are available in full below, where Google reiterated its stance that it does not have or provide "back door" access to anyone, while Facebook Chief Security Officer Joel Sullivan states "We do not provide any government organization with direct access to Facebook servers." Apple has made a similar statement to CNBC denying any knowledge of or participation in such a program.We will add any other response or updates as we receive them.
Update 2: Microsoft has also responded, similarly claiming that it only provides customer data under specific requests such as subpoenas, and if there is any broader program then it does not participate in it.
Update 3: The latest to chime in is Director of National Intelligence James Clapper, stating "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies." His response goes on to point out that such actions cannot be used to "intentionally" target American citizens. Finally, he calls the disclosure of information about the program "reprehensible," and a risk to the security of Americans.
Joel Sullivan, Chief Security Officer, Facebook:
Protecting the privacy of our users and their data is a top priority for Facebook. We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.
Google:
Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data.
Microsoft:
We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it.

source-engadget 

No comments:

Post a Comment