Since the Guardian and The Washington Post revealed the existence of the NSA’s PRISM program, there’s been a confusing debate about what exactly the program is and how it works. While the Obama administration has tacitly acknowledged the program’s existence, tech companies have angrily denied that they had given the NSA “direct” or “unfettered” access to their servers. So what’s going on? Let’s try to separate the facts from the hype.
First, what do we know for sure about PRISM?
We know that PRISM is a system the NSA uses to gain access to the private communications of users of nine popular Internet services. We know that access is governed by Section 702 of the Foreign Intelligence Surveillance Act, which was enacted in 2008. Director of National Intelligence James Clapper tacitly admitted PRISM’s existence in a blog post last Thursday. A classified PowerPoint presentation leaked by Edward Snowden states that PRISM enables “collection directly from the servers” of Microsoft, Yahoo, Google, Facebook and other online companies.
What do Internet companies who allegedly participate in this program have to say about it?
In a Friday post titled “What the . . . ?” Google CEO Larry Page stated that “any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.”
In a weekend follow-up, Google chief architect Yonatan Zunger wrote that “the only way in which Google reveals information about users are [sic] when we receive lawful, specific orders about individuals.” He said that “it would have been challenging—not impossible, but definitely a major surprise—if something like this could have been done without my ever hearing of it.” He said that even if he couldn’t talk about such a program publicly, he would have quit Google rather than participate . . .”
“We didn’t fight the Cold War just so we could rebuild the Stasi ourselves,” he concluded.
“The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false,” wrote Yahoo’s Ron Bell on Saturday. “Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive.”
Facebook CEO Mark Zuckerberg called media reports about PRISM “outrageous,” stating that “Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers.”
“We only ever comply with orders for requests about specific accounts or identifiers,” Microsoft said in a statement last Thursday. “If the government has a broader voluntary national security program to gather customer data, we don’t participate in it.”
“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
Are the companies lying? Or using legalistic language to hide their participation?
It’s hard to be sure, but the number of companies that have issued denials, and the vehemence of some of their statements, suggests that they may be sincere.
Initially, many people were suspicious of the fact that a number of companies only denied giving the NSA “direct access” to their servers, suggesting that the companies might be giving the agency access to the contents of their servers through some intermediary.
But the more recent statements, especially Zunger’s and Bell’s, seem to leave little wiggle room. Google’s Zunger says that Google only responds to “specific orders about individuals.” Yahoo’s Bell says that only an “infinitesimal percentage” of Yahoo’s customers will have their information turned over to the feds. That’s in tension with initial reports about how PRISM operates. And Zunger’s crack about the Stasi is very different from the careful, legalistic statements the firms released in the initial hours after news of PRISM broke.
If PRISM doesn’t give the NSA unfettered access to our online information, what does it do?
Reporting by the New York Times and CNet offers some clues about how PRISM works.
The Times says that major tech companies have systems that “involve access to data under individual FISA requests. And in some cases, the data is transmitted to the government electronically, using a company’s servers.”
Data is “shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk,” the Times reports. The scheme is “a more secure and efficient way to hand over the data.”
A source told CNet’s Declan McCullagh that PRISM is “a very formalized legal process that companies are obliged to do.” A source—perhaps the same one—says that “you can’t say everyone in Pakistan who searched for ‘X’ . . . It still has to be particularized.”
Doesn’t that contradict what the slides released by Snowden say?
The key slide draws a distinction between NSA surveillance programs that collect communications “as data flows past” on fiber optic cables and PRISM, which collects communications “directly from the servers” of U.S. Internet companies.
Some have interpreted this to mean that the NSA has “direct access” in a technical sense: automatic, unfettered access to the servers’ contents. But in context, “direct” is more likely to mean that the NSA is receiving data sent to them deliberately by the tech companies, as opposed to intercepting communications as they’re transmitted to some other destination. That’s not inconsistent with tech company lawyers scrutinizing each request before complying with it.
Does that mean there’s nothing to worry about?
While the NSA may not have unfettered access to tech companies’ servers, there are still serious questions about the breadth of the information the government is collecting, and whether that information is subject to appropriate judicial oversight. FISA orders are not search warrants under the Fourth Amendment, and the FISA Amendments Act doesn’t require the government to show probable cause to believe that the target of surveillance has committed a crime.
Defenders of the NSA’s activities argue the Fourth Amendment doesn’t apply because FISA orders only target non-Americans. Instead of showing probable cause to a judge, Section 702 of FISA allows senior Obama administration officials to “authorize” the “targeting of persons reasonably believed to be located outside the United States.” The surveillance may not “intentionally target” an American, but the NSA can obtain the private communications of Americans as part of a request that officially “targets” a foreigner.
The Supreme Court has yet to rule on the constitutionality of these provisions. In February, the Supreme Court threw out a legal challenge to the law because the plaintiffs couldn’t prove that they had personally been the target of surveillance. It’s not clear whether any of the recent revelations will give FISA opponents enough evidence to convince a court to rule on the program’s merits.
FISA only allows targeting of foreigners. That means it can’t use FISA orders to read Americans’ e-mails, right?
The “targeting” rule may not protect Americans as much as it might seem. Last week’s revelation that the government used an obscure provision of the PATRIOT Act to obtain records of every phone call on Verizon’s network with a single court order suggests that the government is willing to adopt permissive interpretations of the law.
According to the Times, “FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms.” In one case, an NSA agent “installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.” In other cases, the government has sought “real-time transmission of data, which companies send digitally.”
So a FISA order might “target” a suspected terrorist, but also request access to the private data from all of the target’s associates—some of whom might happen to live in the United States.
In its initial report on PRISM, The Washington Post said that NSA analysts use search queries “designed to produce at least 51 percent confidence in a target’s ‘foreignness.’ ” Training materials advise new analysts that “it’s nothing to worry about” if they accidentally collect U.S. content.
And even if the NSA is only collecting foreigners’ communications, that doesn’t rule out abusive surveillance. For example, the environmental nonprofit organization Greenpeace has been targeted for surveillance by the NSA in the past. The organization is based outside the United States, but it has many U.S. members who might not appreciate having their government spy on its activities.
Friday July 12, 15:00 UTC at Sheremetyvo Airport
Nevertheless, on other fronts, Russia Today reported that Edward Joseph Snowden delivered a statement to human rights organizations and individuals at 5 p.m. Moscow time Friday. The meeting lasted 45 minutes. The human rights organizations included Amnesty International and Human Rights Watch and were given the opportunity afterwards to ask Mr. Snowden questions.
The Human Rights Watch representative used this opportunity to tell Mr. Snowden that on her way to the airport she had received a call from the US Ambassador to Russia, who asked her to relay to Mr. Snowden that the US government does not categorize Mr. Snowden as a whistleblower and that he has broken United States law. This further proves the United States government’s persecution of Mr. Snowden and, therefore, that his right to seek and accept asylum should be upheld.
The Transcript of Edward Joseph Snowden’s statement, given at 5p.m. Moscow time on Friday, 12 July 2013 . . .
“Hello. My name is Ed Snowden. A little over one month ago, I had family, a home in paradise, and I lived in great comfort. I also had the capability without any warrant to search for, seize, and read your communications, anyone’s communications at any time. That is the power to change people’s fates.
“It is also a serious violation of the law. The 4th and 5th Amendments to the Constitution of my country, Article 12 of the Universal Declaration of Human Rights, and numerous statutes and treaties forbid such systems of massive, pervasive surveillance. While the US Constitution marks these programs as illegal, my government argues that secret court rulings, which the world is not permitted to see, somehow legitimize an illegal affair. These rulings simply corrupt the most basic notion of justice—that it must be seen to be done. The immoral cannot be made moral through the use of secret law.
“I believe in the principle declared at Nuremberg in 1945: ‘Individuals have international duties which transcend the national obligations of obedience. Therefore individual citizens have the duty to violate domestic laws to prevent crimes against peace and humanity from occurring.’”
“Accordingly, I did what I believed right and began a campaign to correct this wrongdoing. I did not seek to enrich myself. I did not seek to sell US secrets. I did not partner with any foreign government to guarantee my safety. Instead, I took what I knew to the public, so what affects all of us can be discussed by all of us in the light of day, and I asked the world for justice.
“That moral decision to tell the public about spying that affects all of us has been costly, but it was the right thing to do and I have no regrets.
“Since that time, the government and intelligence services of the United States of America have attempted to make an example of me, a warning to all others who might speak out as I have. I have been made stateless and hounded for my act of political expression. The United States Government has placed me on no-fly lists. It demanded Hong Kong return me outside of the framework of its laws, in direct violation of the principle of non-refoulement—the Law of Nations. It has threatened with sanctions countries who would stand up for my human rights and the UN asylum system. It has even taken the unprecedented step of ordering military allies to ground a Latin American president’s plane in search for a political refugee. These dangerous escalations represent a threat not just to the dignity of Latin America, but to the basic rights shared by every person, every nation, to live free from persecution, and to seek and enjoy asylum.
“Yet even in the face of this historically disproportionate aggression, countries around the world have offered support and asylum. These nations, including Russia, Venezuela, Bolivia, Nicaragua, and Ecuador have my gratitude and respect for being the first to stand against human rights violations carried out by the powerful rather than the powerless. By refusing to compromise their principles in the face of intimidation, they have earned the respect of the world. It is my intention to travel to each of these countries to extend my personal thanks to their people and leaders.
“I announce today my formal acceptance of all offers of support or asylum I have been extended and all others that may be offered in the future. With, for example, the grant of asylum provided by Venezuela’s President Maduro, my asylee status is now formal, and no state has a basis by which to limit or interfere with my right to enjoy that asylum. As we have seen, however, some governments in Western European and North American states have demonstrated a willingness to act outside the law, and this behavior persists today. This unlawful threat makes it impossible for me to travel to Latin America and enjoy the asylum granted there in accordance with our shared rights.
“This willingness by powerful states to act extra-legally represents a threat to all of us, and must not be allowed to succeed. Accordingly, I ask for your assistance in requesting guarantees of safe passage from the relevant nations in securing my travel to Latin America, as well as requesting asylum in Russia until such time as these states accede to law and my legal travel is permitted. I will be submitting my request to Russia today, and hope it will be accepted favorably.
“If you have any questions, I will answer what I can. Thank you.”
Jerry Mazza is a freelance writer and life-long resident of New York City. An EBook version of his book of poems “State Of Shock,” on 9/11 and its after effects is now available at Amazon.com and Barnesandnoble.com. He has also written hundreds of articles on politics and government as Associate Editor of Intrepid Report (formerly Online Journal). Reach him at gvmaz@verizon.net.