Everything you do on Facebook, Google or any other online service is protected, right? There are strict privacy guidelines in place that keep your data out of the hands of government or third parties. Well, that's at least what we thought until yesterday.
Say hello to PRISM - your all-in-one data mining and surveillance system that has its hands in pretty much every major tech company. The Washington Post acquired a number of slides from an anonymous source that details the top secret program. In short, it's a collaboration between Silicon Valley and the NSA that allows the latter to gather data from the servers of companies like Google and Facebook.
Do you think the government is practicing large-scale surveillance? Let us know in the comments.
So, now we know that PRISM is a surveillance program. What exactly does it do though? What is its purpose? According to The Post, PRISM is intended to gather data on foreign threats. Oftentimes, communications between terrorists and other antagonistic groups flow through data centers located in the U.S. PRISM allows the NSA to gather this data from the servers of Google, Microsoft, Facebook and others to expose plans that these groups may have.
Well, that doesn't sound so bad. I mean, the government is only collecting information on foreign entities. It's not like they the program collects information on Americans, right? Well, this is where things get tricky. Officially, PRISM is only supposed to collect information on foreign threats, but the reality is that Americans' data is collected as well. According to The Post, this is called "incidental" data and it's impossible for the program to avoid it. In fact, the government collects the data if it's anyway related to the target on hand.
We now know what PRISM is, but who's involved? According to the leaked documents, a large number of major players in Silicon Valley are participating. Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple have all allegedly opened up their servers to the government so PRISM can be used to collect information from their servers.
What is collected from these servers? It depends on the company, but the leaked documents say that PRISM goes through email, video chat, voice chat, videos, photos, stored data, VoIP, file transfers, video conferencing, notifications of target activity, online social networking details and special requests.
It's all a little overwhelming, isn't it? What makes it worse is that all of this is done in secret with the blessing of a secret court. Sure, there are safeguards in place, but those safeguards mean nothing in a program that has no oversight whatsoever. In fact, Sen. Mark Udall, a staunch opponent of the NSA, says that the safeguards don't "prohibit the intelligence community from searching through a pile of communications, which may have incidentally or accidentally been collected without a warrant, to deliberately search for the phone call or emails of specific Americans."
So, what do the Silicon Valley giants allegedly involved in this have to say for themselves? Well, not much, but everybody denies that they're part of the program. In statements sent to the press, Facebook, Google, Apple, Microsoft, Yahoo and Dropbox all say that they take their users' privacy seriously and that they only share information with the government when legally obligated.
Of course, that's when you start to read deeper into these statements. Most make mention of only sharing information when legally obligated or when required by law. PRISM is part of FISA - a law. It may be an old law, but it's still a law nonetheless. By complying with PRISM, these companies would be sharing information when legally obligated. It's important to note that we may be reading too much into this, but it's hard to really believe these companies when they're slapped with gag orders and other laws to keep them quiet about government programs that they may or may not be involved with.
As for the government, James Clapper, Director of National Intelligence, says that the recent leaks do not present the entire picture:
The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.
Before we move on, I just want to point out that Clapper is being a little disingenuous when he says that FISA was reauthorized by Congress after much debate. If you recall, FISA was reauthorized with little debate on the grounds that terrorism is scary.
Do you think that the government has the American people's best interests in mind when it comes to PRISM? Should they be allowed to continue monitoring networks? Let us know in the comments.
What makes this particular leak more worrisome is that it follows on the heels of Wednesday's revelation that the NSA compels Verizon to share customer metadata with the agency. In short, the NSA knows who calls who and the length of said phone calls when they're made over Verizon's network. The administration admitted that it was happening after the leak came out, but insisted that it was needed to combat terrorist threats.
After the PRISM leak, the government came back out and insisted that what it was doing was completely legal. It even listed what it says are "limitations of the program:"
There is a robust legal regime in place governing all activities conducted pursuant to the Foreign Intelligence Surveillance Act, which ensures that those activities comply with the Constitution and laws and appropriately protect privacy and civil liberties. The program at issue here is conducted under authority granted by Congress and is authorized by the Foreign Intelligence Surveillance Court (FISC). By statute, the Court is empowered to determine the legality of the program.
By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. All information that is acquired under this program is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. Only specially cleared counterterrorism personnel specifically trained in the Court-approved procedures may even access the records.
All information that is acquired under this order is subject to strict restrictions on handling and is overseen by the Department of Justice and the FISA Court. Only a very small fraction of the records are ever reviewed because the vast majority of the data is not responsive to any terrorism-related query.
The Court reviews the program approximately every 90 days. DOJ conducts rigorous oversight of the handling of the data received to ensure the applicable restrictions are followed. In addition, DOJ and ODNI regularly review the program implementation to ensure it continues to comply with the law.
The Patriot Act was signed into law in October 2001 and included authority to compel production of business records and other tangible things relevant to an authorized national security investigation with the approval of the FISC. This provision has subsequently been reauthorized over the course of two Administrations – in 2006 and in 2011. It has been an important investigative tool that has been used over the course of two Administrations, with the authorization and oversight of the FISC and the Congress.
In the end, Clapper says that "surveillance programs like this one are consistently subject to safeguards that are designed to strike the appropriate balance between national security interests and civil liberties and privacy concerns."
So, the official story is that PRISM is strictly used to monitor foreign threats and communications. There may be some "incidental" data here and there, but the NSA claims to not use this information. They would never think to violate your privacy and civil liberties with PRISM and related programs.
That's great and all, but the mere existence of PRISM is enough cause for concern. Even if it's strictly used for the monitoring of foreign threats, there's no guarantee that it won't be abused in the future. The ACLU seems to agree when it says that "these revelations are a reminder that Congress has given the executive branch far too much power to invade individual privacy, that existing civil liberties safeguards are grossly inadequate, and that powers exercised entirely in secret, without public accountability of any kind, will certainly be abused."
Do you trust the government in regards to the NSA and PRISM? Or do you think this goes too far? Let us know in the comments.