While the existence of the National Security Agency (NSA) has been known by the masses for years, the last two weeks have revealed on onslaught of potential violations that even the most paranoid protectors of privacy likely didn’t predict. The Guardian and The Washington Post blew the story of the NSA’s PRISM program wide open earlier this month, inferring most major tech companies granted “unfettered” access to their servers. Now that the bulk of the hype-filled reactions have settled, we have access to more of the facts.
Here’s the lowdown on what we know to be true thus far.
What is PRISM?
It’s important to understand the distinction between the NSA’s general missions and their specific PRISM program, which is a system inside the NSA that was birthed to gain access to the private communications of the nine most popular Internet services. PRISM’s access is governed by Section 702 of the Foreign Intelligence Surveillance Act, enacted in 2008. PRISM has in fact been verified by the Director of National Intelligence, James Clapper. In a recent blog post, Clapper admitted to the existence of the program, emphasizing that the program was developed to survey foreigners only. Does this mean US citizens have nothing to worry about? Alas, it’s not that simple.
A Long Line of Whistleblowers
Employees of the NSA have been raising red flags for some time now about the potential attack on the US’s privacy, but until recently, there were no documents or evidence to back up these accusations. Edward Snowden, the 29-year-old former NSA employee that has at last substantiated these allegations, produced a detailed Power Point presentation that fully outlines the goals of PRISM. And they definitely do not only involve foreign surveillance.
The key slide in Snowden’s evidence states that PRISM enables “collection directly from the servers” of some of the biggest tech companies in the world, including Microsoft, Yahoo, Google, and Facebook. Each of these organizations, however, has vehemently denied participation in the program. So who do we believe?
It’s clear that some, if not all, of these organizations are not simply handing over their servers to the government. Out of all the rebuttals, Google holds the most clout, as they dared to respond outside the normal legalistic language and truly showed their hand on how they feel. Google chief architect Yonatan Zunger wrote that, “the only way in which Google reveals information about users are when we receive lawful, specific orders about individuals.” He went on to say that, “it would have been challenging — not impossible, but definitely a major surprise — if something like this could have been done without my ever hearing of it. We didn’t fight the Cold War just so we could rebuild the Stasi ourselves.”
What does this tell us, exactly? Not much, but we can assume that the executives at places like Google and Apple are likely not lying about their involvement (or lack thereof) with PRISM. The government is asking, and information is supplied whenever it feels urgent and lawful to do so. There’s a gray area here, as we don’t know the volume of information shared, but it’s safe to say there’s not a full-scale server hand-off happening.
What Data, and How Much, is Really Being Shared
The New York Times has revealed that systems at major tech companies “involve access to data under individual FISA requests. And in some cases, the data is transmitted to the government electronically, using a company’s servers.” Herein lies the panic — the NSA does in fact gain access to servers at places like Microsoft under these “certain circumstances.” The article states that data is “shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk.” Without a clear definition of what these involve, and how often they are granted, we don’t know exactly how much data is really shared. It’s not nothing, and it’s not a free-for-all … the rest is still a mystery.
Privacy defenders clearly have much to fret about. While the NSA may not have unrestricted access to major tech servers, we still don’t know the breadth of the information collected by the government. What we do know is FISA demands are not search warrants under the Fourth Amendment, and the FISA Amendments Act does not require the government to show probable cause to believe that the target of surveillance has committed a crime. All of this amounts to a very uncomfortable amount of implied power, and a clear intent to breach privacy at any available level.
How We Know U.S. Citizens are Targets Too
Although defenders of the NSA’s tactics argue that the Fourth Amendment doesn’t apply due to foreign targets, a close examination of Section 702 of FISA shows US citizens are not safe from surveillance. This section outlines that senior Obama administration officials can “authorize” the surveillance of any American. It gives the NSA authorization to obtain private communications of domestic or foreign individuals, as long as part of the request officially “targets” a foreigner. Furthermore, it’s been revealed that the government has recently used an obscure provision of the Patriot Act to gather records of every phone call on Verizon’s network with a single court order — this shows us unequivocally that the government is willing to interpret the law however they deem it most appropriate.
In the recent Times article, an informant told them that “FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms.”
Consider this scenario — FISA may target a suspected foreign terrorist, but in tandem may request access to all private information from each of the suspect’s associations, some or all of whom may reside in the US. This kind of interpretation doesn’t provide privacy for anyone.
What Do the Courts Say?
In February of this year, the Supreme Court threw out a protest to the law because the plaintiffs failed to prove they had personally been surveyed or experienced a breach in privacy.
Last week, however, the second of two prominent lawsuits were filed to challenge the constitutionality of NSA’s phone surveillance, partnered with Verizon. The lawsuit, filed by the American Civil Liberties Union, accuses this spy operation of being “one of the largest surveillance efforts ever launched by a democratic government.” The first lawsuit, filed just days before by Larry Klayman, accuses the government of illegally spying on various Verizon accounts. Both suits allege substantial breaches of both the First and Fourth Amendments.
While this story is far from over, it’s clear our privacy is in serious jeopardy. The government has shown its hand that nothing is sacred — e-mails, phone calls, texts, social media posts, etc. — and they are certainly not above passing and bending laws to get the information they are after. What remains to be seen is how the courts will handle these grievances, and the precedents that will thus be set regarding digital privacy in our modern world.