This has not been a good week for keeping secrets.
Late Wednesday, it was revealed that America’s National Security Agency, or NSA, got secret court permission to access millions of telephone records of the Verizon telecommunications company’s domestic customers. The following day, the Washington Post and Britain’s Guardian newspaper reported that nine Internet and computer service firms, including Microsoft, Google, Facebook and Skype, have been voluntarily providing the NSA with access to their data, allowing the NSA to monitor and analyze emails, photos and video chats from around the world as part of a program known as PRISM.
Friday, the Wall Street Journal reported that “ people familiar with the NSA’s operations said the initiative also encompasses phone call data from AT&T…and Sprint Nextel records from Internet-service providers and purchase information from credit-card providers.” Sensing a good fight, the group called Anonymous has jumped in as well, posting online what appear to be 13 secret U.S. documents that suggest data gathered through PRISM is being shared with the NSA’s intelligence partners, meaning the security and intelligence services of other governments.
“Is it just me, or is secret blanket surveillance obscenely outrageous?” tweeted former presidential candidate Al Gore.
It’s no surprise the NSA has been aggressively collecting electronic data – that’s its job. For 61 years, the secretive intelligence agency – often dubbed “No Such Agency” for it’s lack of transparency – has monitored all manner of phone calls, radio signals, emails, texts and other electronic communications in the interests of national security.
However, for much of its history the NSA has been limited to collecting foreign communications only. Domestic surveillance was strictly illegal. To ensure compliance, in 1978 Congress passed the Foreign Intelligence Surveillance Act, which in turn created a secret Foreign Intelligence Surveillance Court, that the NSA would have to appear before anytime it wanted a warrant to monitor domestic communications.
The idea was that the court would provide strict privacy protection for U.S. citizens. In practice — perhaps because all its actions are secret and that only the government may appear before the court, or because the very nature of Internet traffic knows no national boundaries — the secret court has been unusually compliant with the NSA’s requests. For example, between 2010 and 2012, the FISC approved all of the NSA’s 5,180 surveillance requests.
In the Verizon matter, the FISC ruling, signed by Judge Robert Vinson, was leaked and posted online, making it one of the very few glimpses into the court’s activities seen in public. In the PRISM Internet data-mining story, journalists obtained 41 PowerPoint slides prepared by the NSA for top-secret briefings only.
Internet privacy advocates, like the non-profit Electronic Privacy Information Center, have warned that “there is simply too little known about the operation of the FISC today to determine whether it is effective and whether the privacy interests of Americans are adequately protected.”
For his part, U.S. National Director of Intelligence James Clapper has confirmed the existence of PRISM and decried the leaks as reprehensible, saying, “The unauthorized disclosure of a top-secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation.” The nine Internet companies named by the Washington Post have issued either non-committal statements, or outright denied any knowledge of PRISM.
By its structure, Internet data doesn’t travel in a straight line from point to point, but rather in a zig-zagging trail that can route one email through dozens of servers across the globe. Much of that traffic transits through the United States, meaning that a Skype conversation or Facebook chat between someone in Jakarta and someone else in Baku will likely end up flowing through U.S.-based servers.
This enormous amount of data can be analyzed by NSA computers to determine not only who a suspected foreign terrorist is speaking with or emailing, but the people those individuals in turn are communicating with, and what they’re talking about. Even at just two hops, the number of people caught up in one terrorist’s surveillance can quickly number well into the thousands. That’s a tremendous amount of personal information that PRISM grants the NSA.
The phone monitoring is somewhat different, and not really phone tapping. The FISC order in the Verizon matter strictly limits surveillance to meta-data — that is, the time, duration and recipient of a phone call, but not the actual communication itself. By sorting through these many millions of data points, intelligence analysts are looking for patterns in the noise that may provide crucial clues about the identity and location of potential terrorists.
Another easily overlooked facet to these stories is that the very firms – like Apple, PalTalk or AOL – that people are using to chat and share online are themselves mining their data stores for their own corporate gains. While some companies like Facebook and Google provide privacy tools that allow users to restrict personal data sharing, each firm admits to using private data to tailor services to customers, or selling it to other firms hoping to, say, better target their online advertising.
While both Republican and Democratic members on Capitol Hill have been briefed on these, and likely other, NSA programs, they were limited in what they could say or object to by the secret court’s classified nature. More congressional debate can be expected.
In the meantime, amid memories of the 2005 revelations of the Bush administration’s warrantless wiretapping program, and the current swirl of stories about tax agency over-reach and the Justice Department’s broad seizure of AP journalists’ phone records, worries about the NSA’s surveillance of all people – foreign and domestic – will only grow.