Apple, Google, Microsoft, Facebook, Yahoo and AOL all knew about the Prism surveillance and data collection programme, despite their public protestations to the contrary, claims US National Security Agency (NSA) general counsel Rajesh De.
His claims in a hearing of a US government privacy watchdog flatly contradict the vehement denials of the companies that they were aware of Prism and the way in which it operated to extract customer data from the companies, under Section 702 of the FISA Amendments Act.
De asserted that the NSA collected "upstream data" from the companies with their "full knowledge and assistance".
"Collection under this program [Section 702] was a compulsory legal process, that any recipient company would receive," De told the committee.
Crucially, De told journalists after the hearing "that the same knowledge, and associated legal processes, also apply when the NSA harvests communications data not from companies directly but in transit across the internet, under Section 702 authority".
When the Prism programme became public knowledge last summer - and some of the processes by which the NSA collected personal data - internet companies denied all knowledge. They claimed to be shocked that the NSA had, for example, intercepted unencrypted personal data that they routinely transmitted between their data centres.
The companies had claimed that they were unaware of any surveillance practice that could expose their customers' data to the NSA. Apple, for example, claimed that it had "never heard" the term Prism while, last week, Facebook founder Mark Zuckerberg called on US president Barack Obama to rein in the NSA to prevent any further damage being done to the US technology sector.
De's claims call into question the veracity of their denials. "All 702 collection is pursuant to court directives, so they have to know," De told The Guardian.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy