Claims made by The Washington Post that the National Security Agency was tapping into the servers of nine tech companies for details of user activity have been denied by Google and most of the other companies alleged to be involved.
Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.
Similar denial statements have been issued by Apple, Dropbox, Yahoo, Microsoft and Facebook.
The Post published slides from what it said was a Powerpoint presentation detailing the top-secret program, in which it was implied that the companies listed were knowing participants …
The NSA has issued a statement stating that the reports “contain numerous inaccuracies” but not actually denying the claims:
The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
There were some frankly silly suggestions that perhaps the NSA simply didn’t tell the tech companies the name of the program, allowing them to deny knowledge of PRISM despite knowingly participating. The denials clearly go well beyond simply denying any knowledge of the name.
It does remain possible that the NSA was accessing the data without the knowledge of the companies concerned.
While the NSA statement says that the U.S. Government is not permitted to “intentionally” target US citizens, it stops short of saying that any data uncovered in the course of investigating non-U.S. citizens could not then be used.