Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
As controversy continues to swirl around whistleblower Edward Snowden and his whereabouts, the Washington Post has published several more slides from the NSA presentation that the former CIA staffer leaked to both the Post and the Guardian — slides that provide further details about the surveillance program known as PRISM and how it functions.
Among other things, the slides highlight the large discrepancies between the way the program is described and the strenuous denials from tech giants such as Google (s goog), Yahoo (s yhoo), Microsoft (s msft) and Facebook (s fb) about their participation in such a program.
For example, according to annotations from the Post — based on what the newspaper says is its own reporting, as well as other slides that haven’t been published yet — PRISM involves “government equipment on private company property” that is used to retrieve information from “participating companies such as Microsoft or Yahoo” that is then passed on “without further review” to the NSA.
The equipment that is installed on company premises — referred to as an “interception unit” — is reportedly managed by the FBI, which then passes the information to one or more “customers” such as the NSA, CIA or FBI.
In what could prove to be an explosive revelation about the extent of the PRISM program, the Post reports that “depending on the provider” of the information, the system allows the NSA to “receive live notifications when a target logs on or sends an e-mail,” and also allows the spy agency to “monitor a voice, text or voice chat as it happens.” Real-time access to conversations and communication was hinted at in earlier reports, but the new slides provide the first confirmation that it is possible and even routine.
Most of the major technology companies that are mentioned in the PRISM slides — including Google, Yahoo, Microsoft, Apple, Facebook, Skype and AOL — have denied repeatedly that they provide any kind of “back door” or other method that gives the NSA direct access to their servers. Stories in the New York Times and elsewhere have described a kind of “lock-box” that the companies have set up, which would fit the description given by the latest slides, but Google’s chief counsel has specifically denied the company is involved in any such system.
One of the slides notes that PRISM contained more than 117,000 “active surveillance targets” as of April 5, presumably meaning foreign nationals who were being surveilled for their potential role in attacks on the U.S. A number of reports about the program have said that information — primarily “metadata” about phone calls, emails and other communications — about American citizens is also collected through such systems, but the NSA and other agencies try to expunge it before reading it.
Post and thumbnail images courtesy of Shutterstock / Lightspring