The Obama administration acknowledged the existence Thursday of a secret National Security Agency program dubbed Prism, which a senior administration official said targets only foreigners and was authorized under U.S. surveillance law.
The existence of Prism was first revealed Thursday by the Guardian and Washington Post, which reported the NSA has been tapping a direct vein of consumer data from Apple Inc., Inc., Facebook Inc., Microsoft Corp., Yahoo Inc. and other Internet companies, in some cases for years. The reports added to a suddenly renewed swirl of controversy of the Obama administration's surveillance efforts, many of which have been in existence for years.
Many of the companies quickly denied they were involved, adding a note of confusion as to how the program might operate. The program's revelation nonetheless could raise a long-simmering issue for tech companies whose very business depends on the collection and exchange of consumer data. The program is executed under a secret court order, and companies are compelled by law to comply.
Apple said it "has never heard" of the program. "We do not provide any government agency with direct access to our servers" it said in a statement.
Google implied it wasn't aware of the program, saying in a statement it "does not have a 'back door' for the government to access private user data."
A Microsoft spokeswoman said the company provides customer data only when it receives "a legally binding order or subpoena to do so." She added, "If the government has a broader voluntary national security program to gather customer data we don't participate in it."
Facebook's Chief Security Officer Joe Sullivan said in a statement the company does "not provide any government organization with direct access to Facebook servers."
A Yahoo spokeswoman said in a statement, "We do not provide the government with direct access to our servers, systems, or network."
In a written statement, Director of National Intelligence James Clapper emphasized the program's foreign focus, saying it can't be used to "intentionally target" Americans or anyone inside the U.S. Data collected under this program involves "extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons."
He denounced the disclosure of information about "this important and entirely legal program," which he said "risks important protections for the security of Americans."
The program is overseen by the Foreign Intelligence Surveillance Court, a secret national security court, as well as the executive branch and Congress. The administration official said it was recently reauthorized "after extensive hearings and debate" by Congress.
Civil-liberties advocates have long pointed out that technology firms typically allow blanket exceptions in their privacy policies for disclosure of customer data to governments.
"Most companies have weasel language or vague language that says that whatever other promises we made regarding privacy, we will still disclose information to the government under legal process" such as court orders, said Lee Tien, a senior staff attorney with the Electronic Frontier Foundation.
In the U.S., Google has fought back against "national security letters," a tool used by the Federal Bureau of Investigation to seek people's records without court approval. Google has several ongoing legal battles with the FBI surrounding its use of NSLs to try to compel the company to turn over personal information about its users, according to court records.
Google in recent years has also done more than any other Web company to disclose the scope of government requests for information about its users, privacy advocates say, including by publishing a biannual "transparency report" that breaks down the number of requests by country. Other big Web companies are now making similar disclosures.