Last week the Washington Post received documents showing that the NSA violated privacy rules around 3,000 times in a twelve month period. Now there are newly declassified documents showing that the NSA actually paid out millions to Google, Yahoo, Microsoft and Facebook to cover their expenses while aiding in the PRISM surveillance project. This is the first piece of material to show a financial connection between the government and the tech companies.
On Wednesday the Obama administration declassified an October 2011 judgment by the Foreign Intelligence Surveillance Act (FISA) court that found the NSA's inability to separate domestic communications from foreign traffic violated the Fourth Amendment. This led to a new certification process for the technology companies involved in the PRISM surveillance, and an added compliance cost that, by law, must be funded by the taxpayer.
According to The Guardian, the NSA requires the FISA court to sign annual "certifications" that provide the legal foundation for surveillance. But after the ruling, the court only renewed them on a temporary basis as the NSA cleaned up the processes that the court found illegal. This "problem" led to huge costs for PRISM providers, as the multiple extensions to the certificates' expiration dates meant implementing each successive extension, which in turn meant time and money.
The tech companies were paid by Special Source Operations which handles all surveillance programs that rely on "corporate partnerships" with telecoms and internet providers for accessing communications data. Because the SSO is part of the government, taxpayers essentially paid Microsoft, Google and whatnot to be compliant with the government that in turn snoops on the taxpayer.
What's interesting here is that this is the first evidence of the government paying tech companies, yet these very tech companies have repeatedly denied all knowledge of the PRISM program, and insist that they only hand over user data when legal requests are made by the proper authorities. Even one of the obtained newsletters states that immediately after the FISA court ruling, the tech companies save for Yahoo and Google had successfully transitioned to new certifications. The remaining two were expected to complete their transitioning in October 2011.
The Guardian reached out to these companies for a response to the new material. Yahoo said that "federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Facebook merely stated that it had "never received any compensation in connection with responding to a government data request".
As for Google, the company denies joining PRISM or any other surveillance program. "We await the US government's response to our petition to publish more national security request data, which will show that our compliance with American national security laws falls far short of the wild claims still being made in the press today," Google said.
Microsoft declined to comment, as did the NSA and The White House.