Microsoft (And Others) Deny Being Part of Secret NSA PRISM Program

3

The National Security Agency (NSA) and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document by the Washington Post.  The program, code-named PRISM, has not been made public until now. Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” Dropbox, the cloud storage and synchronization service, is described as “coming soon.” 

PRISM recruited its first partner, Microsoft, and began six years of rapidly growing collection beneath the surface of a roiling national debate on surveillance and privacy, according to the Post. There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.” Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that they would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.  According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

prism-slide-4

Despite the above reporting, many of the companies (including Microsoft) have released statements denying being part of the program.

Microsoft: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” The company is essentially denying involvement in PRISM. Microsoft owns Skype, another company listed as a participant.

Facebook: “We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

Apple: “We have never heard of PRISM.  We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

Dropbox: “We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”

Google: “…does not have a ‘back door’ for the government to access private user data” and discloses information about users to government agencies “in accordance with the law, and we review all such requests carefully.”

Yahoo: “We do not provide the government with direct access to our servers, systems, or network.” She added: “Yahoo! takes users’ privacy very seriously.”

 

About Author

Suril is a scientist, journalist and obsessive Microsoft observer. He holds an advanced degree in Biotechnology with minors in Biochemistry, Microbiology, and Molecular Biology. Send him tips on twitter: http://www.twitter.com/surilamin

  • koenshaku

    Most companies that are saying “direct access” sounds suspicious sounds more like “oh we just stream your data to their servers” or “oh we never heard of prism” we report all your chasm. At least Microsoft’s response was the most candid. They sound like “Yeah we have done that in the past, but not without a court we have even held out for a subpoena in the sake of your privacy.” To be fair google’s didn’t sound bad they’re like “what’s new we would never have a back door we sell your info and sadly have to give it to the government in accordance with the law we carefully review this because nothing is free.”

  • Pay Attention

    The point of the person who has revealed this program is that the government HAS a secret FISA Court Order that Microsoft, Google, Yahoo and others are compelled to facilitate the NSA intercept of all of the information via the Internet providers. Surely Microsoft, Google, et al were smart enough to negotiate for deniability by saying that the government does not access THEIR servers. But the NSA is collecting the data none-the-less. They are simply writing their software to facilitate the collection of the data. You don’t need to look any further than Office 2013 to see that Microsoft has made it very difficult for individuals and businesses to maintain the privacy of their documents and data by not building in controls to disable the “Save your data online” features. Google is certainly no better and amasses your personal data for their own databases as well.

  • TheSharpenedPen

    Microsoft, google, facebook, etc. are only feigning outrage. The spying on their users has been going on with their complacency and consent for years now – the only reason they suddenly care at all about the invasion of their user’s privacy is that they’ve been caught doing it. If it weren’t for the Snowden revelations, companies like microsoft would be skipping along their merry way pretending like before that nothing was happening and that their user data was secure.

    Thousands of naked photos intercepted from webcams on the yahoo server by British spies (with no Al CIAda affiliations or criminal links found, or even hinted at) tell us otherwise. These companies are lying in our faces when confronted with the obvious truth, because they were all complicit accomplices to nSA spying. Microsoft et al. are nSA partners! This is a complete snowjob.

    Thanks Snowden for trying to wake us up to the criminal machinations of our government and the global corps.