For the last several years, the National Security Agency has been reportedly spying on the searches, emails, and file transfers of Americans using a program called PRISM--which tapped directly into the servers used by Apple, Google, Microsoft, and others.
The program was revealed Thursday in separate stories from the Washington Post and The Guardian, which earlier revealed that the NSA had worked with Verizon to monitor the metadata of millions of phone calls made by Americans.
The news stories brought to light a top-secret 41-page PowerPoint document detailing the PRISM surveillance program and the tech companies involved. The program has grown rapidly larger over the last several years and is still growing, according to The Guardian's report.
The list of companies that the paper alleges participated in the PRISM program reads like a Who's Who of Silicon Valley: in 2007, the document alleges, Microsoft was the first to participate. Yahoo joined in 2008. Others followed in quick succession: Google in 2009, then AOL, Apple, Facebook, PalTalk, Skype, and YouTube in October 2012.
Some of the tech companies named in the Guardian and Washington Post stories are denying the allegations. Google denied involvement with the PRISM program in the Guardian report.
"We disclose user data to government in accordance with the law, and we review all such requests carefully," a Google spokesperson wrote in a note to TechHive Thursday afternoon. "From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data."
Facebook and Apple have also stated that they did not provide the government with direct access to their servers.
Update: The Guardian later on Thursday published a story that reported that "senior executives from the internet companies expressed surprise and shock and insisted that no direct access to servers had been offered to any government agency."
The Electronic Freedom Foundation (EFF) says the tech companies are playing word games. "If you read the denials coming from the tech companies, they are carefully worded and really amount to non-denials," EFF staff attorney Nate Cardozo told TechHive Thursday afternoon. "They all are saying that they didn't provide direct access to the servers, but what they are probably doing is providing access to the data via an API, which would be indirect."
"Somebody somewhere in these companies knew that this was going on," Cardozo says.
Data that could be examined
The amount of data the NSA can access includes email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more, the paper reported.
Perhaps the most important aspect of the report, however, is the fact that the NSA reportedly tapped into the servers of the providers themselves--with or without their knowledge, if the Washington Post and Guardian reports are true.
Sign up for CIO Asia eNewsletters.