If you thought the National Security Agency's collection of Verizon phone-call data was bad, wait until you hear about the seven-year-old, previously undisclosed classified government program that works with nine very major U.S. Internet companies to secretly scrape your online life and has become "the most prolific contributor" to President Obama's daily intelligence report and is "increasingly" important to the NSA. PRISM, as the classified Silicon Valley collective is code-named, collects information such as emails, documents, audio, video, and photographs from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple, according to a shocking Washington Post scoop. "From inside a company's data stream the NSA is capable of pulling out anything it likes," write the Post's Barton Gellman and Laura Poitras. You can see a full list of everything that encompasses in slides provided to the Post by what appears to be a single leaker the day after the Guardian's Verizon scoop, but suffice it to say this is a much bigger buffet of privacy invasion than the meta-data of your cellphone calls, which at least doesn't include the content of an innocent American's conversation. But don't worry, the program — approved under the Foreign Intelligence Surveillance Act but centering on American companies and their data — also includes a system, codenamed BLARNEY, that scrapes meta-data, too.
So much for Internet companies pushing back against unwarranted government surveillance. Just like the telecoms, in exchange for immunity from lawsuits, these nine Silicon Valley giants (perhaps with more on the way, though Twitter has held out and Apple waited for five years) have to accept a "directive" to open their servers to the FBI's Data Intercept Technology Unit. As this next enlightening slide from the Post shows, it hasn't taken too long for those companies to join the cause.
RELATED: Reddit Is Taking Down Its Creeps
The revelation of the program does come with this important reminder from the Post team: "under current rules the agency does not try to collect it all." But that doesn't mean that innocent Americans aren't having their Internet lives — where most of us do a lot of our communicating — unwittingly scooped up by authorities. Gellman and Poitras explain:
Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report, “but it’s nothing to worry about.”
Indeed, 51 percent confidence isn't very confident at all. Even when the system manages to work properly and find a person who reaches said "foreignness," because of the way the Internet works, that process still leaves a lot of people's innocent information collected by the NSA program run out of Fort Meade, as Gellman and Poitras explain: "To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in." In addition, analysts are taught to "chain through contact to 'hops' from their target," meaning that all the contacts — likely innocent Americans — are being spied on as well. If the program says it needs two hops, it's worth remembering that we're all 4.74 hops away. As the Post team adds, the whole PRISM process is literally as easy as "a few clicks":
There has been “continued exponential growth in tasking to Facebook and Skype,” according to the 41 PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an
analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
This is all very shocking considering how much of our lives we spend online and how much of our personal data we entrust to these Internet companies. Though there were rumors that the search giant might have been up to something like this, Google is still alleging to the Post that it "cares deeply about the security of our users' data." But maybe it shouldn't be — we knew the scope of the NSA spying was bigger than the a few phone calls.
Stay tuned to The Atlantic Wire tonight for more details.