WASHINGTON — The U.S. director of national intelligence late Thursday confirmed the existence of a secret program in which the government has tapped into the central servers of nine leading Internet companies to search for data potentially linked to terrorism, espionage or nuclear proliferation, but he called two newspapers’ disclosure of it “reprehensible.”
Under the 6-year-old program, code-named PRISM, the FBI and National Security Agency have searched for emails, videos, photographs and other documents. The effort involves Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube and Apple, the Washington Post and Britain’s Guardian reported, quoting from classified documents. Among major Internet companies, only Twitter has so far been a holdout, the Post said.
Director of National Intelligence James R. Clapper confirmed the program but said the Post and Guardian articles contained “numerous inaccuracies.”
Apple, Google, Facebook and Yahoo all denied participating. The others did not respond to requests for comment Thursday night.
Clapper said the program was intended to target foreigners and “cannot be used to intentionally target any U.S. citizen, any other U.S. person or anyone located within the United States.” Court-approved procedures “minimize the acquisition” of information about U.S. persons, he said in a statement.
The Foreign Intelligence Surveillance Court, the executive branch and Congress oversee the program, which “was recently reauthorized by Congress after extensive hearings and debate,” he said.
“Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats,” Clapper said.
The latest disclosures, coming as officials separately confirmed a long-running NSA program to secretly collect records on nearly all domestic and international phone calls made by Americans, underscores how U.S. intelligence and law enforcement now secretly glean vast amounts of information from communications technology.
Legally, much of the data is considered property of the companies, not of individual users. That limits users’ ability to challenge the government’s data-mining operations in court.
The Post said it had obtained information about PRISM from a career intelligence officer who provided PowerPoint slides “to expose what he believes to be a gross intrusion on privacy.”
According to the Post, a presentation for senior NSA analysts described PRISM “as the most prolific contributor to the president’s daily brief, which cited PRISM data in 1,477 articles last year.” The daily brief contains the nation’s most valuable intelligence secrets and goes only to the president and a few top aides each morning.
According to the briefing slides, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports, the Post reported.
PRISM analysts can use search terms to delve into computer systems to pull out selected information. The terms are designed to look for data that is foreign in origin, but, according to the briefing materials, the NSA concedes that it inevitably picks up considerable data on Americans.
In most cases, Internet companies have voluntarily cooperated with PRISM in return for immunity from lawsuits, the Post said.
But in 2008, Congress gave the Justice Department the authority to seek a secret court order to force a reluctant company to comply. The Post said that Microsoft became the first corporate partner in PRISM in 2007 and that Apple held out until 2012.
Apple disputed that it had signed on to any such program.
“We have never heard of PRISM,” Apple said in a statement Thursday night. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
Yahoo issued a similar denial.
“Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network,” the company said in a statement.
Google said it “does not have a ‘back door’ for the government to access private user data.”
And Joe Sullivan, chief security officer at Facebook, said protecting users’ privacy and data is a top priority.
“We do not provide any government organization with direct access to Facebook servers,” he said. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
Clapper, the intelligence director, declassified a few details about the separate program that collects telephone records, also disclosed by the Guardian. Clapper said he wanted to reassure Americans that “the intelligence community is committed to respecting the civil liberties and privacy of all American citizens.”
He noted that the special court reviews the program every three months. He confirmed that the government is barred from searching telephone records “indiscriminately” and can only search the data for specific information after proving to a court that it has reasonable suspicion of association with a foreign terrorist organization.
The information he declassified had largely been disclosed by other administration and congressional sources.
Times staff writers Jessica Guynn, Chris O’Brien and Dawn C. Chmielewski in Los Angeles contributed to this report.