by Dominic Rushe and James Ball in New York
Two different versions of the PRISM scandal were emerging on Thursday with Silicon Valley executives denying all knowledge of the top secret program that gives the National Security Agency direct access to the internet giants’ servers.
The eavesdropping program is detailed in the form of PowerPoint slides in a leaked NSA document, seen and authenticated by the Guardian, which states that it is based on “legally-compelled collection” but operates with the “assistance of communications providers in the US.”
Each of the 41 slides in the document displays prominently the corporate logos of the tech companies claimed to be taking part in PRISM.
However, senior executives from the internet companies expressed surprise and shock and insisted that no direct access to servers had been offered to any government agency.
The top-secret NSA briefing presentation set out details of the PRISM program, which it said granted access to records such as emails, chat conversations, voice calls, documents and more. The presentation the listed dates when document collection began for each company, and said PRISM enabled “direct access from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple“.
Senior officials with knowledge of the situation within the tech giants admitted to being confused by the NSA revelations, and said if such data collection was taking place, it was without companies’ knowledge.
An Apple spokesman said: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order,” he said.
Joe Sullivan, Facebook’s chief security officer, said it did not provide government organisation with direct access to Facebook servers. “When Facebook is asked for data or information about specific individuals, we carefully scrutinise any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
A Google spokesman also said it did not provide officials with access to its servers. “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
Microsoft said it only turned over data when served with a court order: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
A Yahoo spokesman said: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.
Within the tech companies, and talking on off the record, executives said they had never even heard of PRISM until contacted by the Guardian. Executives said that they were regularly contacted by law officials and responded to all subpoenas but they denied ever having heard of a scheme like PRISM, an information programme internal the documents state has been running since 2007.
Executives said they were “confused” by the claims in the NSA document. “We operate under what we are required to do by law,” said one. “We receive requests for information all the time. Say about a potential terrorist threat or after the Boston bombing. But we have systems in place for that.” The executive claimed, as did others, that the most senior figures in their organisation had never heard of PRISM or any scheme like it.
The chief executive of transparency NGO Index on Censorship, Kirsty Hughes, remarked on Twitter that the contradiction seemed to leave two options: “Back door or front?” she posted.