NSA, FBI mining data directly from major Internet companies, report says

Data from Microsoft, Facebook, Google servers is being accessed, <i>Washington Post</i> claims

The FBI and the National Security Agency are tapping directly into servers at Microsoft, Google, Facebook, Skype and other major Internet companies to keep track of the communications and interactions of known and suspected foreign terrorists, the Washington Post reported late Thursday.

The report is based on an allegedly top-secret document that the Post obtained containing information on a classified data collection program code-named PRISM that was launched about six years ago.

The two agencies allegedly accessed audio, video, email, photographs, documents and connection logs purportedly to help counterterrorism analysts track the movements and interactions of foreign nationals thought to pose a threat to the U.S. However, even when the system works as it is supposed to, the NSA routinely gathers a lot of information on Internet users based in the U.S. as well, the story noted.

According to the Post, the document it obtained described PRISM as an increasingly important source of raw material for NSA's intelligence reports, including those prepared for the President's Daily Brief. Data gathered through PRISM is used in one in seven NSA intelligence reports and PRISM data was cited in a total of 1,477 articles in the Daily Brief.

According to the Post's description of the project, PRISM allows analysts from FBI's Data Intercept Technology Unit and the NSA's Special Source Operations group to search for and inspect specific items of interest flowing through the data streams of each of the companies participating in PRISM.

The Post published copies of several slides that it obtained that purport to describe PRISM. One of the slides lists Microsoft, Google, Facebook, Skype and five other Internet companies as "current providers" of PRISM data. According to the Post, another slide describes PRISM data being collected "directly from the servers" of these companies.

A spokesman from Google denied the company's alleged participation in PRISM.

"Google cares deeply about the security of our users' data," he said in an emailed statement. "We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data."

In a statement on its website, Facebook's Chief Security Officer Joe Sullivan also denied the company was handing over data to the government. "Protecting the privacy of our users and their data is a top priority for Facebook," Sullivan said.

"We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law," Sullivan said.

A Microsoft spokeswoman said the company provides customer data to the government only when it receives a legally binding order or subpoena and "never on a voluntary basis."

"In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it," the spokeswoman said.

The PRISM program operates in parallel with another program code-named BLARNEY that apparently is designed to gather metadata, such as IP addresses and device signatures from "choke points" on the Internet, the Post noted.

The story did not offer details on what or where those choke points might be or whether any of the companies in the PRISM program are tapped for the metadata as well. Neither did it make clear if data from the BLARNEY program is combined with data collected from PRISM. The story did however note that the BLARNEY data collection program leverages commercial partnerships to gain access to the metadata.

The Post report comes after a dramatic story on Wednesday by The Guardian about the NSA collecting records of all domestic and international phone calls made by Verizon customers since at least this April. The Guardian report has already ignited a massive uproar and the Post report is almost certain to fuel the concerns even further.

While details of the PRISM program are new, the FBI and other intelligence agencies have in the past made no secret of their desire to monitor traffic on Facebook and other sites for signs of terrorist activity.

Last year, the FBI published a request for information where it sought technology that would help it quickly gather and analyze data posted on sites such as Facebook, Twitter and on blogs using simple keyword searches and phrases such as "bomb," "suspicious package," "white powder," "active shoot" and "school lock down."

Earlier this year, the FBI confirmed that it is part of an interagency group considering a plan that would make it easier for U.S. law enforcement agencies to legally spy on real-time communications carried on by suspects over Internet-based services such as webmail, peer-to-peer services like chat, and social networks.

The FBI in the past has described the lack of easy access to real-time communications on online networks as the "Going Dark" problem. It is a term it has used to describe the growing gap between the government's authority to conduct legal surveillance and its ability to actually do so. The interagency group that the FBI is part of is pushing for legislation that would force Internet companies to build backdoors that would make it easier for the government to snoop on real-time communications over the Internet.

This article, NSA, FBI mine data directly from major Internet companies, report says, was originally published at Computerworld.com.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencyskypeGoogleMicrosoftsecuritycyberwarfarewashington postfbiprivacyFacebook

More about FacebookFBIGoogleMicrosoftNational Security AgencyNSASkypeTechnologyTopicVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place