Since September 11th, 2001, the United States government has dramatically increased the ability of its intelligence agencies to collect and investigate information on both foreign subjects and US citizens. Some of these surveillance programs, including a secret program called PRISM, capture the private data of citizens who are not suspected of any connection to terrorism or any wrongdoing.
In June, a private contractor working for Booz Allen Hamilton leaked classified presentation slides that detailed the existence and the operations of PRISM: a mechanism that allows the government to collect user data from companies like Microsoft, Google, Apple, Yahoo, and others. While much of the program — and the rest of the NSA’s surveillance efforts — are still shrouded in secrecy, more details are coming to light as the public, as well as its advocates and representatives, pressure the government to come clean about domestic spying.
The What
What the hell is PRISM? PRISM is a tool used by the US National Security Agency (NSA) to collect private electronic data belonging to users of major internet services like Gmail, Facebook, Outlook, and others. It’s the latest evolution of the US government’s post-9/11 electronic surveillance efforts, which began under President Bush with the Patriot Act, and expanded to include the Foreign Intelligence Surveillance Act (FISA) enacted in 2006 and 2007.
There’s a lot we still don’t know about how PRISM works, but the basic idea is that it allows the NSA to request data on specific people from major technology companies like Google, Yahoo, Facebook, Microsoft, Apple, and others. The US government insists that it is only allowed to collect data when given permission by the secretive Foreign Intelligence Surveillance Court.
Why is PRISM a big deal?
Classified presentation slides detailing aspects of PRISM were leaked by a former NSA contractor. On June 6th, The Guardian and The Washington Post published reports based on the leaked slides, which state that the NSA has “direct access” to the servers of Google, Facebook, and others. In the days since the leak, the implicated companies have vehemently denied knowledge of and participation in PRISM, and have rejected allegations that the US government is able to directly tap into their users' data.
Both the companies and the government insist that data is only collected with court approval and for specific targets. As The Washington Post reported, PRISM is said to merely be a streamlined system — varying between companies — that allows them to expedite court-approved data collection requests. Because there are few technical details about how PRISM operates, and because of the fact that the FISA court operates in secret, critics are concerned about the extent of the program and whether it violates the constitutional rights of US citizens.
CRITICS HAVE QUESTIONED THE CONSTITUTIONAL VALIDITY OF PRISM
How was PRISM created?
As The Washington Post reported, The Protect America Act of 2007 led to the creation of a secret NSA program called US-984XN — also known as PRISM. The program is said to be a streamlined version of the same surveillance practices that the US was conducting in the years following 9/11, under President George W. Bush’s “Terrorist Surveillance Program.”
The Protect America Act allows the attorney general and the director of national intelligence to explain in a classified document how the US will collect intelligence on foreigners overseas each year, but does not require specific targets or places to be named. As the Post reports, once the plan is approved by a federal judge in a secret order, the NSA can require companies like Google and Facebook to send data to the government, as long as the requests meet the classified plan's criteria.
Who is responsible for leaking PRISM?
Edward Snowden, a 29-year-old intelligence contractor formerly employed by the NSA, CIA, and Booz Allen Hamilton, confessed responsibility for leaking the PRISM documents. He revealed himself on June 9th, three days after reports on PRISM were published; in an interview with The Guardian, Snowden said, “I don’t want to live in a society that does these sort of things,” and claimed he was motivated by civic duty to leak classified information.
Edward Snowden an NSA, CIA and Booz Allen Hamilton intelligence contractor leaked information about the NSA's PRISM surveillance system. Snowden fled the U.S. and is now in Moscow, Russia via Hong Kong waiting for a permanent safe haven (Click Image To Enlarge)
Snowden left the United States prior to leaking the documents in order to avoid capture, taking refuge in Hong Kong — where he stayed until June 23rd. With the assistance of WikiLeaks, Snowden fled Hong Kong for Moscow, and has requested asylum in Ecuador, Russia, and other countries. He is still residing in a Moscow airport, waiting to be granted asylum.
Surveillance systems like this one are located in cities throughout the U.S. (Click Image To Enlarge)
What does the NSA collect?
While PRISM has been the most talked-about story to come out of Snowden’s leaks, the disclosures have shed light on a vast array of NSA surveillance programs. Broadly speaking, these can be split into two categories: “upstream” wiretaps, which pull data directly from undersea telecommunications cables, and efforts like PRISM, which acquire communications from US service providers. One of the slides in the leaked PRISM presentation instructs that analysts “should use both” of these sources.
NSA programs collect two kinds of data: metadata and content. Metadata is the sensitive byproduct of communications, such as phone records that reveal the participants, times, and durations of calls; the communications collected by PRISM include the contents of emails, chats, VoIP calls, cloud-stored files, and more. US officials have tried to allay fears about the NSA’s indiscriminate metadata collection by pointing out that it doesn’t reveal the contents of conversations. But metadata can be just as revealing as content — internet metadata includes information such as email logs, geolocation data (IP addresses), and web search histories. Because of a decades-old law, metadata is also far less well-protected than content in the US.
NSA Programs Collect Two Kinds of Data: Metadata and Content
A leaked court order provided by Snowden showed that Verizon is handing over the calling records and telephony metadata of all its customers to the NSA on an “ongoing, daily basis.” Mass collection of internet metadata began under a Bush-era program called "Stellarwind," which was first revealed by NSA whistleblower William Binney. The program was continued for two years under the Obama administration, but has since been discontinued and replaced with a host of similar programs with names like “EvilOlive” and “ShellTrumpet.”
How does the NSA collect data?
Many crucial details on how and under what circumstances the NSA collects data are still missing. Legally speaking, surveillance programs rely on two key statutes, Section 702 of the FISA Amendments Act (FAA) and Section 215 of the Patriot Act. The former authorizes the collection of communications content under PRISM and other programs, while the latter authorizes the collection of metadata from phone companies such as Verizon and AT&T. However, multiple reports and leaked documents indicate the statutes have been interpreted in secret by the FISA intelligence courts to grant much broader authority than they were originally written to allow. They also indicate that the FISA courts only approve the NSA’s collection procedures, and individual warrants for specific targets are not required.
An analyst starts by inputting “selectors” (search terms) into a system like PRISM, which then “tasks” information from other collection sites, known as SIGADs (Signals Intelligence Activity Designators). SIGADs have both classified and unclassified code names, and are tasked for different types of data — one called NUCLEON gathers the contents of phone conversations, while others like MARINA store internet metadata.
Leaked documents show that under the agency’s targeting and “minimization” rules, NSA analysts can not specifically target someone “reasonably believed” to be a US person communicating on US soil. According to The Washington Post, an analyst must have at least “51 percent” certainty their target is foreign. But even then, the NSA’s “contact chaining” practices — whereby an analyst collects records on a target’s contacts, and their contacts’ contacts — can easily cause Americans to be caught up in the process.
The rules state the analyst must take steps to remove data that is determined to be from “US persons,” but even if they are not relevant to terrorism or national security, these “inadvertently acquired” communications can still be retained and analyzed for up to five years — and even given to the FBI or CIA — under a broad set of circumstances. Those include communications that are "reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed," or that contain information relevant to arms proliferation or cybersecurity. If communications are encrypted, they can be kept indefinitely.
NSA headquarters in Fort Meade, Maryland (Click Image To Enlarge)
So, what now?
In the weeks since the PRISM documents leaked, a widespread international public debate about the United States government’s surveillance and spying programs has engulfed the NSA, Congress, and the Obama administration in controversy. While outspoken supporters of NSA surveillance in Congress and the White House —including President Obama — have defended the legality and necessity of the programs, some US lawmakers are pushing back. In June, a bipartisan group of senators unveiled a bill that aims to rein in the problematic legal provisions that give US intelligence agencies nearly unfettered authority to conduct warrantless surveillance on domestic and foreign communications. Several other lawmakers have introduced their own measures, but legislative reform is still in early stages.
Meanwhile, a diverse coalition of interest groups and private organizations are directly challenging some of the NSA’s surveillance programs in court. On July 16th, a broad coalition of plaintiffs sued the US government for “an illegal and unconstitutional program of dragnet electronic surveillance,” in which the NSA scoops up all telephone records handled by Verizon, AT&T, and Sprint in the US. Separate suits brought by the Electronic Privacy Information Center and the American Civil Liberties Union are also in the works, but the government hasn’t responded to the allegations in court yet.
The companies at the heart of PRISM’s controversy are also acting out, but the specific details regarding their involvement in government surveillance on US citizens is still unclear. Microsoft, Google, Yahoo, and others have stepped up pressure on the government in the past month to declassify the process which compels them to hand over user data to the government. In an impassioned plea made by Microsoft on July 16th, the company’s general counsel Brad Smith said: “We believe the US constitution guarantees our freedom to share more information with the public, yet the government is stopping us.”
Finally, there’s the group of people most affected by PRISM and its sibling programs: the American public. On July 4th, “Restore the Fourth” rallies in more than 100 US cities protested the government’s surveillance programs, focusing on electronic privacy. It’s not clear if public outrage will result in reform, but thanks to the dramatic actions of a young intelligence contractor, we now at least have the opportunity to discuss what the US government has been hiding from the public in the name of national security.
COMMENTARY: In a blog post dated April 28, 2011, I told my readers about the National Security Agency (NSA), and what goes on inside that super-secret agency. For a long time, the U.S. government told Americans there was "No Such Agency," and that it would never use the NSA's intelligence gathering capabilities to spy on and gather information about Americans. However, along came the September 11, 2001 terrorist attack on New York's World Trade Center, and over 3,000 Americans died -- the worst death toll on America since the attack on the U.S. Navy fleet in Pearl Harbor on December 7, 1941 by the Japanese.
Click Image To Enlarge
A lot has happened since 9/11. Shortly after the attack on the World Trade Center, George W. Bush formed the Department of Homeland Security and signed into law the USA Patriot Act of 2001, which allowed the federal government unprecedented powers to protect Americans against terrorist attacks and gather intelligence on terrorists and "persons of interest," including unwary innocent Americans.
The act, as a response to the terrorist attacks of September 11th, significantly weakened restrictions on law enforcement agencies' gathering of intelligence within the United States; expanded the Secretary of the Treasury’s authority to regulate financial transactions, particularly those involving foreign individuals and entities; and broadened the discretion of law enforcement and immigration authorities in detaining and deporting immigrants suspected of terrorism-related acts. The act also expanded the definition of terrorism to include domestic terrorism, thus enlarging the number of activities to which the USA PATRIOT Act’s expanded law enforcement powers can be applied.
On May 26, 2011, President Barack Obama signed the PATRIOT Sunsets Extension Act of 2011, a four-year extension of three key provisions in the USA PATRIOT Act: roving wiretaps, searches of business records (the "library records provision"), and conducting surveillance of "lone wolves" — individuals suspected of terrorist-related activities not linked to terrorist groups.
From broad concern felt among Americans from both the September 11 attacks and the 2001 anthrax attacks, Congress rushed to pass legislation to strengthen security controls. On October 23, 2001, Republican Rep. Jim Sensenbrenner introduced H.R. 3162 incorporating provisions from a previously sponsored House bill and a Senate bill also introduced earlier in the month. The next day on October 24, 2001, the Act passed in the House of Representatives by a vote of 357 to 66, with Democrats comprising the overwhelming portion of dissent. The following day, on October 25, 2001, the Act passed the U.S. Senate by 98 to 1.
Opponents of the law have criticized its authorization of indefinite detentions of immigrants; the permission given law enforcement officers to search a home or business without the owner’s or the occupant’s consent or knowledge; the expanded use of National Security Letters, which allows the Federal Bureau of Investigation(FBI) to search telephone, e-mail, and financial records without a court order; and the expanded access of law enforcement agencies to business records, including library and financial records. Since its passage, several legal challenges have been brought against the act, and Federal courts have ruled that a number of provisions are unconstitutional.
Many of the act's provisions were to sunset beginning December 31, 2005, approximately 4 years after its passage. In the months preceding the sunset date, supporters of the act pushed to make its sunsetting provisions permanent, while critics sought to revise various sections to enhance civil liberty protections. In July 2005, the U.S. Senate passed a reauthorization bill with substantial changes to several sections of the act, while the House reauthorization bill kept most of the act's original language. The two bills were then reconciled in a conference committee that was criticized by Senators from both the Republican and Democratic parties for ignoring civil liberty concerns.
The bill, which removed most of the changes from the Senate version, passed Congress on March 2, 2006, and was signed into law by President George W. Bush on March 9 and 10, 2006.
The Role of Social Networks In National Security
In a blog post dated January 26, 2012, I told my readers about the FBI's plans to develop a social network monitoring system to track our social media activities. Internet users already post a huge amount of personal and private information about themselves online, especially on their social network profile pages. For the Department of Homeland Security tapping into the the vast amount of information available on social networks was a no-brainer
The Central Intelligence Agency has also joined the FBI in tapping into the huge amount of data we post on social networks. In a blog post dated January 26, 2012, I told readers that Facebook was basically a front for the CIA. Can there be any doubt? If you are still skeptical, checkout this video and listen to what CIA Deputy Director Christopher Sartinsky had to say about the value of Facebook to the CIA before a Senate national security subcommittee.
In January 2012, Facebook appointed Erskine Bowles, president emeritus of the University of North Carolina and a former chief of staff to President Bill Clinton, to its board of directors. Mr. Bowles replaced former Clinton Chief of Staff Daniel Pineta, when President Clinton appointed Pineta as CIA Director. Pineta later served as CIA Director under George Bush and briefly under President Barack Obama. If there is any doubt that the CIA has tightened its grip around Facebook, just look at this picture. That's right, it's President Obama reminding Facebook CEO and co-founder Mark Zuckerberg, who is the boss.
Facebook CEO and Co-Founder hopnobs with President Barack Obama at a dinner of Silicon Valley executives during his second term campaign (Click Image To Enlarge)
Courtesy of an article dated July 17, 2013 appearing in The Verge
Comments
You can follow this conversation by subscribing to the comment feed for this post.