Last week a document purported to be a court approval for the National Security Agency to indiscriminately collect data on all phone calls being placed from or coming in to the United States over Verizon’s network stirred up controversy when it showed up on The Guardian’s website. The story incurred yet more outrage when The Washington Post released a report the following day on a program called PRISM. According to the Post, PRISM is a mining operation through which the NSA and FBI extract photographs, e-mails, documents, video chats, audio conversations, and connection logs from the central servers of 9 major tech companies and websites: Apple, AOL, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo, and YouTube.
Many of the companies were quick to deny having any part in the program. Facebook’s Mark Zuckerberg stated “Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk... And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.”
Similarly, Google’s CEO, Larry Page, and Chief Legal Officer, David Drummond, issued a statement that “we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.”
Following these denials, the Post amended its report to allow for the possibility that tech companies may not have knowingly participated in the PRISM program, and the government may not have had access so direct as being able to prod through their private servers.
On Thursday, Director of National Intelligence James Clapper addressed the issue, saying that the NSA’s data collection efforts were entirely legal under Section 702 of the Foreign Intelligence Surveillance Act (FISA), which was approved by Congress and requires oversight by the Foreign Intelligence Surveillance Court (FISC).
“Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States,” said Clapper. “It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.”
Clapper felt it necessary to further clarify the situation yesterday, stating the surveillance practices in question are “lawful and conducted under authorities widely known and discussed, and fully debated and authorized by Congress. Their purpose is to obtain foreign intelligence information, including information necessary to thwart terrorist and cyber attacks against the United States and its allies.”
Adjoining the statement was a document of newly declassified information regarding PRISM. According to the document, PRISM is a system used to organize foreign intelligence and electronic communications, which Clapper maintains is all obtained under court supervision. “In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the government when they are lawfully required to do so.”
The declassified information goes on to note “The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition” and explicitly denies that the NSA is keeping records of the electronic communications of US citizens. “The United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers.”
This would seem to directly contradict the Guardian’s leaked court document mandating Verizon turn over all “telephony metadata” which passes through the United States to the NSA. Clapper has not denied the authenticity of that document, however, it is possible that the court order is real and the government is not keeping records on all communications placed between American citizens. Many calls and other pieces of data which begin in one foreign nation and terminate in another are routed through American networks such as Verizon’s, meaning that some calls which are otherwise entirely foreign pass through the US at one point.
The declassified information further states that all surveillance information pertaining to Section 702 is subject to FISC-approved targeting and minimization procedures. Targeting procedures “ensure that an acquisition targets non U.S. persons reasonably believed to be outside the United States for specific purposes, and also that it does not intentionally acquire a communication when all the parties are known to be inside the US.” Minimization efforts prohibit the dissemination of information pertaining to citizens of the United Stated unless that information is pertinent to “foreign intelligence or assess its importance, is evidence of a crime, or indicates a threat of death or serious bodily harm.”
That the NSA cannot specifically target US citizens under section 702 is clear, but whether information about Americans is gathered as a result of operations such as the broad collection of Verizon metadata and what becomes of that information has not been explicitly disclosed.