On June 6, The Washington Post revealed that, according to leaked documentation it was given, nine major companies are feeding the NSA data via direct access to their servers, something called the PRISM project. Within hours, nearly all the companies had denied the claims, and it has ignited an Internet storm. The disconnection between The Post report and the companies' claims make more sense in light of new information provided by sources.
The issue is that private companies are required by the Foreign Intelligence Surveillance Act to provide the government with lawfully requested data. Because of the vast quantity of data these companies harbor, as well as the amount of data the government wants access to, officials approached the companies with a "demand" to make it easier. At least, this is what people familiar with the matter told The New York Times.
While the companies are required to provide the government with lawfully requested information, they are not required to make the process easier for government agencies. Because of this, when approached on the matter, Twitter reportedly rejected the demand. Other companies, however, allegedly negotiated with the agencies to set up systems that make data requests and transfers more simple. The negotiations are said to be ongoing.
Those companies are said to be Microsoft, Google, Facebook, Yahoo, AOL, Apple, and PalTalk, according to the sources. Google and Facebook - and possibly others - are said to have been in talks to create separate, secure online rooms through which government agencies could submit requests for data. If lawful, the companies could then use the same portal to provide that information, where the agencies could then access it.
Reportedly, when a request is received, lawyers then review it to make sure that it is a valid, lawful request before the information is provided. In some instances, according to sources, the requests can be for "a broad sweep" of intelligence, and in other cases can be related to a certain person.
As such, if this is true, claims that the companies give the government direct access to its servers is incorrect, and their denials of such a reality would be truthful. Under this situation, the companies would be receiving requests on specific, individual cases, and would then be providing that information under legal obligation, albeit through a system constructed to make the entire process easier.
SOURCE: New York Times