A top-secret arm of the controversial Stellar Wind program set up in the wake of 9/11 is allowing the National Security Agency and the FBI to tap directly into the central servers of nine major Internet companies to extract audio, video, photos, emails and documents that let analysts track an individual's communication, CBS News has learned.
The program, called PRISM, was established in 2007, according to The Washington Post, which broke the story Thursday evening. CBS News senior correspondent John Miller said it doesn't deal with names but was designed as a way for the government to track suspected terrorists. It culls metadata from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple and will soon include Dropbox.
Apple denied any involvement with the program.
"We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order," a company spokesperson said in a statement.
Google and Facebook also denied providing direct access to their servers and said they disclose user data only after careful scrutiny and in accordance with the law.
"We do not provide any government organization with direct access to Facebook servers," said a Facebook spokesperson. "When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws and provide information only to the extent required by law."
A spokesperson for Google said that the company "cares deeply about the security of our users' data.
"We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data."
Microsoft issued a similar statement, saying, "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it."
The development comes on the heels of outrage from some lawmakers over a report in Britain's Guardian newspaper Wednesday that the NSA is collecting telephone records of millions of Verizon customers in the United States. Granted by the secret Foreign Intelligence Surveillance Court on April 25, the order states that Verizon must, on an "ongoing, daily basis," give the NSA information on all telephone calls in its systems, both within the U.S. and between the U.S. and other countries.
Director of National Intelligence James Clapper issued a statement Thursday: "Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
"The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."
Clapper also announced that he was declassifying some information about the "business records" provision of the Foreign Intelligence Surveillance Act. He said that by the order of the Foreign Intelligence Surveillance Court (FISC), the government "is prohibited from indiscriminately sifting through the telephony metadata acquired under the program," and that the data collected is under strict review and overseen by the Department of Justice and the Court. He also added that the Court reviews the program about every 90 days; and that the Patriot Act of 2001 has the power to require the furnishing of records "relevant to an authorized national security investigation with the approval of the FISC."
Senate Majority Leader Harry Reid, D-Nev., and various other members of Congress insisted Thursday the request was routine and made under congressionally approved laws.
"Right now I think everyone should just calm down and understand that this isn't anything that is brand new, it's been going on for some seven years, and we have tried to often to try to make it better and work, and we will continue to do that," Reid told reporters, referring to the surveillance protocols put in place by the updated Foreign Intelligence Surveillance Act and the Patriot Act.