FAQ: 5 things known and alleged about NSA surveillance

Recent news reports alleging broad surveillance efforts by the U.S. National Security Agency seem to have left more questions than answers. Whistleblower Edward Snowden has accused the NSA of collecting massive amounts of data from U.S. residents, but U.S. officials have largely denied his allegations.

Here’s what we know so far, from reports in the U.K.’s Guardian, the Washington Post, and other media sources, as well as our own reporting:

Data collection

Snowden has accused the NSA of mass collection of data owned by U.S. citizens. The NSA and U.S. intelligence community is “focused on getting intelligence wherever it can, by any means possible,” he told the Guardian. The NSA “targets the communications of everyone. It ingests them by default ... because that’s the easiest, most efficient and most valuable way to achieve these ends.”

Verizon records

It’s clear that the NSA is collecting Verizon phone records. The NSA has an ongoing court order allowing it to collect the business records, or metadata, but not the content of phone calls, from Verizon, and perhaps from other telecom carriers and credit-card companies. The Verizon data collection has been confirmed by U.S. officials, including President Barack Obama and Representative Mike Rogers, a Michigan Republican and chairman of the House of Representatives Intelligence Committee, although officials have suggested that the news reports aren’t entirely accurate.

Obama, Rogers and other officials have defended the collection, saying it’s necessary to defend the U.S. against terrorism. Obama called for a public debate on surveillance, although he said the NSA program represents a “modest encroachment” on privacy rights.

Prism

Snowden, a former CIA employee and an infrastructure analyst at the NSA at defense contractor Booz Allen Hamilton, has released information about an NSA data collection program, allegedly called Prism, that supposedly taps into the servers at Google, Apple, Microsoft, Facebook and other tech companies.

Details on Prism are fuzzy at best, with news reports relying largely on a classified PowerPoint presentation about the program. The U.S. Office of Director of National Intelligence has denied that Prism is a collection program, saying instead it is an “internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision.”

Denials on participation

Google and other tech companies have denied cooperating with the NSA to allow the mass collection of data.

“We had not heard of a program called Prism until yesterday,” said Google CEO Larry Page and Chief Legal Officer David Drummond in a Friday afternoon blog post. “We have not joined any program that would give the U.S. government—or any other government—direct access to our servers.”

Legality issues

Civil liberties groups have questioned the legality of both programs, as described in news reports. Authority for the phone records-collection program is cited as section 215 of the Patriot Act, the counterterrorism legislation hastily passed by Congress after the Sept. 11, 2001, attacks.

But section 215 requires that the data collection be related to “an investigation to protect against international terrorism or clandestine intelligence activities,” and the Verizon court order requires the telecom to turn over “all call detail records or ‘telephony metadata’ created by Verizon for communications between the United States and abroad or wholly within the United States, including local telephone calls.”

That mass collection of telephone records “makes a mockery” of the limitations in section 215, said Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights group. “There’s no limit” in the court order, he said.

Background

The authority for the information collection from Internet companies comes from section 702 of the Foreign Intelligence Surveillance Act, which prohibits surveillance agencies from intentionally targeting “any person known at the time of acquisition” to be located in the U.S.

Section 702 allows broad collection of foreign intelligence information through telecom and Internet providers, including content of communications, for up to a year at a time, with the request by the U.S. attorney general and director of national intelligence reviewed by the Foreign Intelligence Surveillance Court.

But NSA analysts use search terms designed to produce surveillance target results that give them “at least 51 percent confidence” that the surveillance target is overseas, according to a story in the Washington Post.

With such a low standard to protect against collecting U.S. residents’ data, the collection raises major questions about whether it violates the Fourth Amendment to the U.S. Constitution, which protects citizens against unreasonable searches, critics said.

The recent stories show the scope of the data collection by the NSA, said Sharon Bradford Franklin, senior counsel with The Constitution Project, a civil liberties group. “These revelations about the way [section 702] is being interpreted and enforced, and the scope of the collection, increases the likelihood it’s violating the Fourth Amendment, by scooping up so much of Americans’ communications,” she said.

Subscribe to the Best of PCWorld Newsletter

Comments