Tech companies received millions for PRISM compliance costs
Posted on 26 August 2013.
The NSA reimbursed the costs that Google, Facebook, Microsoft and Yahoo incurred for having to meet new certification demands following a FISC ruling about the unconstitutionality of certain aspects of the PRISM surveillance program, The Guardian has revealed on Friday.


The ruling, which was made public last week following a successful FOIA lawsuit launched by the Electronic Frontier Foundation over a year ago, has shown that the NSA misled the FISC about data collection volume and scope, and that its targeting and minimization procedures were inconsistent with the requirements of the Fourth Amendment.

In the wake of this 2011 ruling, the NSA was required to bring operations into compliance - i.e. stop siphoning domestic and non-target communications of persons who have little or no relationship to the target - and until they did it the FISC stopped signing annual "certifications" that provide the legal framework for surveillance operations, and signed only temporary ones which were renewed for a short period.

This repeated and short-lived re-certifications resulted in PRISM providers incurring great costs, but NSA's Special Source Operations was ready to cover them. Another documents says that new certifications for the providers (i.e. the aforementioned Internet companies) were given within days of the 2011 ruling.

"The disclosure that taxpayers' money was used to cover the companies' compliance costs raises new questions over the relationship between Silicon Valley and the NSA," pointed out Guardian's Ewen MacAskill. "Since the existence of the program was first revealed by the Guardian and the Washington Post on June 6, the companies have repeatedly denied all knowledge of it and insisted they only hand over user data in response to specific legal requests from the authorities."

When asked to comment on the revelations, Yahoo responded by saying that "federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government," and that they have requested reimbursement consistent with this law.

Facebook denied receiving compensation in connection with responding to a government data request, and Google said that they are not saying anything until they get permission from the US government to do so, and that when they do they will prove that their "compliance with American national security laws falls far short of the wild claims still being made in the press today."

A Microsoft spokesman said that the company "only complies with court orders because it is legally ordered to, not because it is reimbursed for the work."









Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //