The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."
Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. "If they are doing this, they are doing it without our knowledge," one said.
An Apple spokesman said it had "never heard" of Prism.
The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.
The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
It also opens the possibility of communications made entirely within the US being collected without warrants.
Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.
The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.
The extent and nature of the data collected from each company varies.
Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".
The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.
When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.
The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.
The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.
"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."
The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.
The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities' requests.
In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.
The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".
In the document, the NSA hails the Prism program as "one of the most valuable, unique and productive accesses for NSA".
It boasts of what it calls "strong growth" in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".
The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.
Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.
"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.
"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."
Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.
When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 Prism-based reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.
In total, more than 77,000 intelligence reports have cited the PRISM program.
Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.
"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.
"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."
A senior administration official said in a statement: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.
"The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.
"This program was recently reauthorized by Congress after extensive hearings and debate.
"Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.
"The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target."
Additional reporting by James Ball and Dominic Rushe
Since you’re here…
… we have a small favour to ask. More people are reading The Guardian than ever but advertising revenues across the media are falling fast. And unlike many news organisations, we haven’t put up a paywall. We want our journalism to remain accessible to our global audience. Our readers’ contributions enable us to maintain this openness, so we can all access accurate information and analysis.
The Guardian’s independent, investigative journalism takes a lot of time, money and hard work to produce. But we do it because we believe our perspective matters – because it might well be your perspective, too.
I appreciate there not being a paywall: it is more democratic for the media to be available for all and not a commodity to be purchased by a few. I’m happy to make a contribution so others with less means still have access to information. Thomasine, Sweden
If everyone who reads our reporting, who likes it, helps to support it, our future would be much more secure. For as little as £1, you can support the Guardian – and it only takes a minute. Thank you.
View all comments >
comments (2934)
Sign in or create your Guardian account to join the discussion.
It is outrageous that the US government is spying on its citizens! No matter what your political persuasion, race, or religion, this spying is a huge breach of your constitutional rights. We need to send a very strong message to our government that we will not take this lying down.
Emailing or writing your Congressmen is not enough. We need massive (but peaceful) protests or maybe even a week- long strike.
I understand the need for security, but, this is very concerning. The government has proved itself not to be trusted. The idea that they can now get our private conversations is not good. Maybe it won't be a problem for the average person today, but what about tomorrow. No one predicted what the IRS was caught doing.
This sounds like a marvelous system but the Boston bombers went undetected even after the Russians tipped us off. But I sure it keeps a lot of government employees on the public payroll.
@ehaines - Agreed - I've known about this for years, that is why I use the words "Pen1le Enhancement" and "Ch3eap Viagra" in the subject line of every email I send - it puts the government off the scent and they never read the rest of my email.
This may also be why I'm unemployed...
Get used to it. This apparently is how the world works today.
@timecop - The only surprising thing about this is that it took the media this long to report it. Governments have been spying on people without a warrant for years.
They don't even really have to try that hard, considering how much data we already surrender for the sake of being seen. Most smartphones record your location, and it would be silly to think that any major company wouldn't give up user information to the government of any country, in order to do business there.
The internet is the death of privacy, and the beginning of an open society. It could be a good thing, if it led to governmental transparency, but right now, it's simply a way to spy on everyone, all the time.
@timecop - How about I don't get used to it? Is that OK with you?
Big Brother has won! thanks Obummer!
@Canonman - The first three companies in the timeline predate his inauguration, but nice try.
@Canonman - You realize that Obama went into office in 2009 right? And the program started in 2007... Which means...
Yep, your buddy GWB signed off on this and had a hand in starting the program. Obama the Great has his thumb in the pie as well, like a good gold sniffing Goldman puppet.
Put the blame where it belongs, with everyone involved.
The only real surprise is that some people may be surprised by all this.
@holdingonfortomorrow -
Some people who were turning cartwheels when it was the Tea Party targeted by the IRS are turning a little more empathetic now that it might be them as well with the NSA as the instigator.
@holdingonfortomorrow - YSII. Your Surprise Is Irrelevant.
@timecop 06 June 2013 11:36pm. Get cifFix for Firefox.
That's not true. It's as bad to harass the Tea Party - corporatist astro-turf lackeys that they are - as it is to monitor the ACLU. Anyone with a true "liberal" philosophy supports freedom from government interference no matter what their cause.
Why am I not the least bit surprised. Stupendously pernicious.
@ehaines 06 June 2013 11:13pm. Get cifFix for Firefox.
While I pity the poor soul who is totally surprised by this, having it nailed down and documented is critically important.
@ehaines - Yeah but here-say is one thing, hard evidence is sooo much clearer.
I'm telling you now, we will end up in work camps if we don't put aside differences and stand together. And yes that means coming to happy comprimises.
@MonaHol - WHY?? What will be any different after this "revelation" that I knew about 20 years ago?
dude where's my car?
@taffster - Good bloody point! I cannot imagine why anyone would want a driverless car that you call up on your computer!
@Helen121 07 June 2013 6:55am. Get cifFix for Chrome.
I can't imagine why we would want to continue with a world in which people pay thousands of pounds for cars to sit idle on their driveways, or idle in traffic jams. What a waste! It's choking the planet and killing us. We also pay thousands of pounds to insure ourselves against the effects of human error in driving killing and maiming people. I can't imagine why anyone would want to persist with that system.
The only thing more worrying than this is the fact that there'll be a little moaning and groaning but nobody will do anything !!!! What will it take for people to say enough is enough ...... We need a European and American spring
@zeezi - This is the age of the apathetic. Nothing will ever happen.
@zeezi - I hope you like the weather in Cuba.
@zeezi 06 June 2013 11:14pm. Get cifFix for Firefox.
Kurt Vonnegut, 1963.Should make for an interesting Obama-Xi summit given US actions against Huawei and other Chinese companies. Bye, bye China market for most US tech companies on similar "national security" grounds...
@lorcancoyle - There already are situations in which U.S. companies are avoided already when data protection is an issue in the E.U. I wouldn't be surprised if China already has its own cloud.
Why is the Government so paranoid?
@smc732 - Paranoid people in power create paranoid states.
@smc732 - when a new world order is religiously signed into power they will need to know the makeup of their populace. The marriage registry will provide full list of all the gay people but they won't know who is politically active and has an opinion in opposition to their own unless they can look through a prism.
@smc732 -
Because they lie, cheat and steal. From us, the people.
They protect their privilege, and will fight tooth and nail to do so.
Nothing will stop this, other than physically removing these people from the controls.
Fuck me time for the EU to jump in and jump on top of these companies for handing over the information of European citizens. Data protection acts broken abound drag the companies in front of committee and force them to explain why this information isn't given to customers.
@cbarr - Agreed! Most of the CEOs can go straight from Bilderberg up in Watford down the road to Westminster. For drinks, back-slapping and to work out how to fuck us over next, of course, not to face any sort of scrutiny - no way!
@cbarr - Charming naivete. Still believes in the law. Still believes he/she has rights. Wake up.
@Jacob Garbo -
That isn't what he said.
Its not that a government is spying on us... its that the Americans are.
The EU Commission will blow its gasket.
you gave them an inch they took a mile, good luck getting any truth from goons with secrets courts in their pockets!
@Denzel Kadzviti - You didn't give anything. They took many miles while you were happily comatose.
@Denzel Kadzviti -
(The late, great) George Carlin
Too comfortable, too ignorant and too lazy to ask questions. Sad to say, but the majority get what they deserve. By the time most realize they have no rights or freedoms left it will be too late, the secret (privately owned) police will already be knocking at the door.
@Jacob Garbo 07 June 2013 1:46am. Get cifFix for Chrome.
I was not happily comatose unlike the sheep that most have become, I vote on policy not gimmicks, i'm not a tribal voter too, because tribalism is what has gotten us into the trouble we are in, people vote one way because of loyalty to ideals that no longer exist, and yet complain when they are not represented.
Sign in or create your Guardian account to recommend a comment