Net users under watch

The National Security Agency and the FBI are tapping directly into the central servers of nine leading US Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
The programme, code-named PRISM, has not been made public until now.
The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these US Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
PRISM was launched from the ashes of President George W. Bush's secret programme of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.
Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunised private companies that cooperated voluntarily with US intelligence collection.
PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.
The court-approved programme is focused on foreign communications traffic, which often flows through US servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.
In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to certify periodically that the government had reasonable procedures in place to minimise collection of “US persons” data without a warrant.
In a statement issue late Thursday, Director of National Intelligence James R Clapper said “information collected under this programme is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorised disclosure of information about this important and entirely legal programme is reprehensible and risks important protections for the security of Americans.”
Clapper added that there were numerous inaccuracies in reports about PRISM by The Post and the Guardian newspaper, but he did not specify any.
Several companies contacted by The Post said they had no knowledge of the programme, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.
“We do not provide any government organisation with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook.
“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple.
An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior analysts in the NSA's Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President's Daily Brief, which cited PRISM data in 1,477 items last year.
The technology companies, whose cooperation is essential to PRISM operations, include most of the dominant global players of Silicon Valley, according to the document. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted traffic of substantial intelligence interest during the Arab Spring and in the ongoing Syrian civil war.
Google, like the other companies, denied that it permitted direct government access to its servers. “Google cares deeply about the security of our users' data,” a company spokesman said.
Microsoft also provided a statement: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis.”
Yahoo also issued a denial.