NSA, FBI mining data directly from major Internet companies, report says
Data from Microsoft, Facebook, Google servers is being accessed, Washington Post claims
Computerworld - The FBI and the National Security Agency are tapping directly into servers at Microsoft, Google, Facebook, Skype and other major Internet companies to keep track of the communications and interactions of known and suspected foreign terrorists, the Washington Post reported late Thursday.
The report is based on an allegedly top-secret document that the Post obtained containing information on a classified data collection program code-named PRISM that was launched about six years ago.
The two agencies allegedly accessed audio, video, email, photographs, documents and connection logs purportedly to help counterterrorism analysts track the movements and interactions of foreign nationals thought to pose a threat to the U.S. However, even when the system works as it is supposed to, the NSA routinely gathers a lot of information on Internet users based in the U.S. as well, the story noted.
According to the Post, the document it obtained described PRISM as an increasingly important source of raw material for NSA's intelligence reports, including those prepared for the President's Daily Brief. Data gathered through PRISM is used in one in seven NSA intelligence reports and PRISM data was cited in a total of 1,477 articles in the Daily Brief.
According to the Post's description of the project, PRISM allows analysts from FBI's Data Intercept Technology Unit and the NSA's Special Source Operations group to search for and inspect specific items of interest flowing through the data streams of each of the companies participating in PRISM.
The Post published copies of several slides that it obtained that purport to describe PRISM. One of the slides lists Microsoft, Google, Facebook, Skype and five other Internet companies as "current providers" of PRISM data. According to the Post, another slide describes PRISM data being collected "directly from the servers" of these companies.
A spokesman from Google denied the company's alleged participation in PRISM.
"Google cares deeply about the security of our users' data," he said in an emailed statement. "We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data."
In a statement on its website, Facebook's Chief Security Officer Joe Sullivan also denied the company was handing over data to the government. "Protecting the privacy of our users and their data is a top priority for Facebook," Sullivan said.
"We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law," Sullivan said.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts