New documents from Edward Snowden published in The Guardian have shown for the first time the financial relationship between the NSA and some of the largest names in the tech business over the PRISM data-collection scheme.
Google, Yahoo, Microsoft, and Facebook are all named in a document, dated December 2012, relating to the 2011 decision by the secret Foreign Intelligence Surveillance Court (FISC) not to approve a surveillance program because it collected data on US citizens. The judgment, released by the NSA on Wednesday shortly after the Chelsea Manning verdict, also noted that the NSA had been misleading the court.
“Last year’s problems resulted in multiple extensions to the certifications’ expiration dates which cost millions of dollars for Prism providers to implement each successive extension – costs covered by Special Source Operations,” the document reads.
Special Source Operations is the unit within the NSA that handles relations with private firms for data collection, according to Snowden, who described it as the “crown jewels” of the agency. Shortly after the FISC ruling, new PRISM certifications were issued and updated by most partners.
“All Prism providers, except Yahoo and Google, were successfully transitioned to the new certifications. We expect Yahoo and Google to complete transitioning by Friday 6 October,” reads another, undated, document.
In a statement to the paper, Facebook said that it had never accepted payment for government data requests. Yahoo! said that it had accepted compensation, as it was allowed to do by federal law – a line Microsoft followed, while noting that it never charges for child-exploitation investigations.
“Microsoft only complies with court orders because it is legally ordered to, not because it is reimbursed for the work. We could have a more informed discussion of these issues if providers could share additional information, including aggregate statistics on the number of any national security orders they may receive,” a Microsoft spokesperson told El Reg.
Google told The Register that it has not joined Prism or any government surveillance programs, and that “We do not provide any government with access to our systems and we provide user data to governments only in accordance with the law.”
The Chocolate Factory also told us in the emailed statement, “We await the US government’s response to our petition to publish more national security request data, which will show that our compliance with American national security laws falls far short of the wild claims still being made in the press today.”