We said that yesterday's reports about PRISM
were probably just the tip of the iceberg, but we didn't really expect the iceberg would be international. Yesterday, The Washington Post
detailed an NSA program called PRISM, which supposedly collects data from a number of big name internet companies (though most deny it), and today The Guardian
is saying that British intelligence has had access to PRISM since 2010.
says it has obtained documents that show that The Government Communications Headquarters (GCHQ) has been accessing PRISM data since June 2010. GCHQ is a British intelligence agency responsible for providing signals intelligence and information assurance to the UK government and armed forces. The documents apparently show that last year alone GCHQ created 197 reports using the data obtained from PRISM.
The Guardian also says that "special programmes" are in place to help GCHQ process the information obtained through PRISM, which seems to indicate that only a selection, or filtered data set is being passed to Britain. In a statement to The Guardian, GCHQ says it:
takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the intelligence and security committee
After yesterday's reports, U.S. Director of National Intelligence, James Clapper, also released a statement, which seemed to admit some sort of data collection is happening, but claimed that the reports had "numerous inaccuracies
" and asserts that the U.S. government has never "wittingly" collect data on U.S. citizens.
The Guardian quotes another senior U.S. administration official as saying:
The programme is subject to oversight by the foreign intelligence surveillance court, the executive branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimise the acquisition, retention and dissemination of incidentally acquired information about US persons.