Prism leak indicates real-time surveillance, says paper
- 1 July 2013
- From the section Technology
Fresh details about Prism have emerged after the Washington Post published four more leaked slides detailing the US internet surveillance programme.
The paper says the documents indicate the FBI has installed equipment on the property of certain US-based tech firms and passes on retrieved data to the CIA and National Security Agency (NSA).
It says in some cases the NSA may be provided with live notifications about a target's activity in "real time".
Critics have raised privacy concerns.
"Prism is the most egregious example of NSA overreach that we've seen in the last 10 years or so," Eric King, head of research at London-based campaign group Privacy International, told the BBC.
"The fact that this material is being shared with the Brits at GCHQ raises serious concerns about the legal regime that is in place for processing the information".
The leaked presentation has named the sources of the data as Microsoft and its Skype division; Google and its YouTube division; Yahoo; Facebook, AOL, Apple and PalTalk.
According to the Washington Post, the NSA may gain access to users' "emails, attachments, address books, calendars, files stored in the cloud, text or audio or video chats and 'metadata' that identify the locations, devices used and other information about a target".
The NSA has said that its communications surveillance programmes have helped prevent more than 50 "potential terrorist events" since the attacks on 11 September 2001.
US President Barack Obama has added that Prism is "narrowly" focused on terrorism, the proliferation of weapons of mass destruction and related issues.
"We are not rifling through the emails of ordinary emails of German citizens or American citizens or French citizens or anybody else," he said last month.
The latest leaked documents comprise three jargon-heavy flowcharts explaining how data is gathered and logged for Prism, and a fourth slide showing what appears to be a screenshot of the tool used by the NSA to search through the database.
The screenshot states that there were 117,675 records stored within Prism's system as of 5 April.
The newspaper says this equates to "active surveillance targets" and does not include others whose communications would have been "incidentally" collected as a result of them having been in contact with one of the targets.
The NSA must have a "reasonable" belief that either the sender or receiver of a communication is a foreign national located outside the US at the time of collection, according to a law passed in 2008 that made Prism possible.
The Washington Post's analysis of the latest slides indicates the FBI does indeed check the search terms - or "selectors" - used by NSA agents to identify their specified targets to ensure the bureau agrees they are unlikely to be a US citizen, permanent US resident or otherwise located in the country.
The paper says the slides show that once a target is approved, FBI agents do not review the information passed on, however it appears that automated filters - referred to as "Fallout and Conveyance" - are used to reduce the amount of information about Americans.
In addition to stored data, the paper says the FBI can also pass on details of targets' live activities to allow "real-time surveillance" of their use of at least some of the tech firms' services.
It says that depending which firm is involved, NSA agents may receive alerts when a target logs on or sends an email, and they can also monitor voice calls and text chats as they happen.
The news may put the named tech firms under renewed pressure to disclose more information about the extent of their co-operation.
They had previously denied providing "direct access" to the NSA, but only Google has explicitly denied providing a "backdoor" to any government agency.
"A number of the companies have said they do not provide 'direct access' - but the question is what does that term mean?" said Mr King.
"From our perspective it doesn't particularly matter if there's a box inside the company network or not. The fact remains, regardless of technically how it is set up, the NSA request information under this exceptionally broad law and the companies are forced to provide it."