The U.S. National Security Agency and Federal Bureau of Investigation have access to servers at Google, Facebook and other major Internet services, collecting audio, video, email and other content for surveillance, the Washington Post and the Guardian reported on Thursday.
The surveillance is taking place in real time under a classified program called PRISM, which was begun in 2007 to investigate foreign threats to the U.S., the reports said. Most of the major Internet services, including Microsoft, Yahoo, Skype, Apple and AOL as well as Google and Facebook, knowingly participate in PRISM, according to the Post and the Guardian.
“The program facilitates extensive, in-depth surveillance on live communications and stored information,” the Guardian reported. The document obtained by the newspapers refers to “strong growth” in the program in recent years, with a specific reference to “exponential” growth in its use on Skype servers, for instance.
The Post report came from a leak by an intelligence officer, who supplied the newspaper with PowerPoint slides about PRISM, the story said. Both newspapers posted some of those slides with their articles. The document is recent, with a date of April 2013.
The story came out just a day after the Guardian newspaper in the U.K. reported that the NSA had been granted broad access to the call records of Verizon Communications customers, also for surveillance purposes.
The NSA is forbidden to investigate U.S. citizens. The PRISM program has procedures to prevent citizens’ content from being included in the surveillance, but those procedures aren’t strict, according to the reports. The agencies don’t try to collect all the content from the Internet services, but PRISM allows agents to search for content and pull it out of the servers, the newspapers said.
Reached late Thursday, an NSA spokeswoman declined to comment, referring questions to the Office of the Director of National Intelligence.
Criticism from civil-liberties activists was swift and scathing.
“This is a completely unwarranted violation of our constitutional rights,” John Simpson, a consumer advocate at the group Consumer Watchdog, said via email. “There is no justification for government snooping of this magnitude. The nine companies who acquiesced to this unconstitutional abuse by the government should be ashamed of themselves.”
The American Civil Liberties Union called the PRISM allegations and the Verizon news alarming and called for Congressional action.
“The stories published over the last two days make clear that the NSA — part of the military — now has direct access to every corner of Americans’ digital lives. Unchecked government surveillance presents a grave threat to democratic freedoms,” said Jameel Jaffer, the ACLU’s deputy legal director, in a written statement.
“The secrecy surrounding the government’s extraordinary surveillance powers has stymied our system of checks and balances,” wrote Laura Murphy, director of the ACLU Washington Legislative Office. “Congress must initiate an investigation to fully uncover the scope of these powers and their constraints, and it must enact reforms that protect Americans’ right to privacy and that enable effective public oversight of our government.”
Some Internet companies that allegedly participate in PRISM denied involvement.
Facebook called the allegations inaccurate. “We do not provide any government organization with direct access to Facebook servers,” the company said in a statement attributed to Chief Security Officer Joe Sullivan. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network,” a Yahoo spokeswoman said.
Google also said it reviews all user data requests carefully.
“From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data,” the company said in a statement.
Apple also denied involvement, saying it had never heard of PRISM, according to news reports.
(Grant Gross in Washington and Zach Miners in San Francisco contributed to this report)
Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen’s e-mail address is stephen_lawson@idg.com