PRISM (surveillance program)
Documents leaked by NSA contractor Edward Snowden[6] in June 2013 describe the PRISM program as enabling in-depth surveillance on live communications and stored information. It provides for the targeting of any customers of participating corporations who live outside the United States, or American citizens whose communications include web content of people outside the United States. Data which the NSA is able to obtain under PRISM allegedly includes email, video and voice chat, videos, photos, voice over IP conversations, file transfers, login notifications and social networking details.[7]
According to the Director of National Intelligence James Clapper, PRISM cannot be used intentionally to target any Americans or anyone in the United States. Clapper said a secret court, Congress and the executive branch oversee the program and extensive procedures ensure the acquisition, retention and dissemination of data accidentally collected about Americans is kept to a minimum.[8]
The Washington Post noted that the leaked document indicated that the PRISM SIGAD is "the number one source of raw intelligence used for NSA analytic reports."[9] The President's Daily Brief, an all-source intelligence product, cited PRISM data as a source in 1,477 items in 2012.[10] The leaked information came to light one day after the revelation that the United States Foreign Intelligence Surveillance Court had been requiring the telecommunications company Verizon to turn over to the NSA logs tracking all of its customers' telephone calls on an ongoing daily basis.[2][11]
NSA whistleblower William Binney has stated that PRISM is just another source of input of information. "The telecoms were giving NSA access to their communication lines. The Narus devices that the NSA put in different rooms around the AT&T fiber-optic network, or Verizon's network, couldn’t collect everything. They could get most of it, but they couldn’t get it all. So in order to get all the data, they had to go to the service providers to fill in the blanks. That’s what the PRISM program is for—to fill in the blanks. It also gives the FBI basis for introducing evidence into court."[12]
Contents |
History
PRISM was first publicly revealed on June 6, 2013, after classified documents about the program were leaked to the Washington Post and The Guardian by NSA insider Edward Snowden.[7][1] The leaked documents included 41 PowerPoint slides, four of which were published in news articles.[1][7] The documents identified several technology companies as participants in the PRISM program, including (date of joining PRISM in parentheses) Microsoft (2007), Yahoo! (2008), Google (2009), Facebook (2009), Paltalk (2009), YouTube (2010), AOL (2011), Skype (2011), and Apple (2012).[19] The speaker's notes in the briefing document reviewed by the Washington Post indicated that "98 percent of PRISM production is based on Yahoo, Google and Microsoft."[1]
According to the Washington Post, the intelligence analysts search PRISM data using terms intended to identify suspicious communications of targets whom the analysts suspect with at least 51 percent confidence to not be United States citizens, but in the process, communication data of some United States citizens are also collected unintentionally.[1] Training materials for analysts tell them that while they should periodically report such accidental collection of non-foreign United States data, "it's nothing to worry about."[1]
Response from companies
The original Washington Post and Guardian articles reporting on PRISM noted that one of the leaked briefing documents said PRISM involves collection of data "directly from the servers" of several major internet services providers.[7][1] Corporate executives of several companies identified in the leaked documents told The Guardian that they had no knowledge of the PRISM program in particular and also denied making information available to the government on the scale alleged by news reports.[7][20] Statements of several of the companies named in the leaked documents were reported by TechCrunch as follows:[21]
- Facebook: "We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law."[21]
- Google: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door' into our systems, but Google does not have a backdoor for the government to access private user data."[21]
- Apple: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."[22]
- Microsoft: "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it."[21]
- Yahoo!: "Yahoo! takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network."[21]
- Dropbox: "We've seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users' privacy."[21]
The New York Times reported on June 7, 2013 that "Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations."[27] The other companies held discussions with national security personnel on how to make available data more efficiently and securely.[27] In some cases, these companies made modifications to their systems in support of the intelligence collection effort.[27] The dialogues have continued in recent months, as Martin E. Dempsey, Chairman of the Joint Chiefs of Staff, has met with executives including those at Facebook, Microsoft, Google and Intel.[27] These details on the discussions provide insight into the disparity between initial descriptions of the government program including a training slide which states "Collection directly from the servers"[28] and the companies" initial denials.[27]
While providing data in response to a legitimate FISA request approved by FISC is a legal requirement, modifying systems to make it easier for the government to collect the data is not. This is why Twitter could legally decline to provide enhanced access to its systems.[27] Other than Twitter, the companies were effectively asked to construct a locked mailbox and provide the key to the government, people briefed on the negotiations said.[27] Facebook, for instance, built such a system for requesting and sharing the information.[27]
Response from United States government
Shortly after publication of the reports by the Guardian and the Washington Post, the United States Director of National Intelligence, James Clapper, released a statement confirming that for nearly 6 years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the United States as a defense against national security threats.[2] The statement read in part, "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies."[29] He went on to say, "Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States."[29] Clapper concluded his statement by stating "The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."[29] On March 12, 2013, Clapper had told the United States Senate Select Committee on Intelligence that the NSA does "not wittingly" collect any type of data on millions or hundreds of millions of Americans.[30]Clapper also stated that "the NSA collects the phone data in broad swaths, because collecting it (in) a narrow fashion would make it harder to identify terrorism-related communications. The information collected lets the government, over time, make connections about terrorist activities. The program doesn’t let the U.S. listen to people’s calls, but only includes information like call length and telephone numbers dialed."[8]
On June 8, 2013, Clapper issued an additional statement and fact sheet about PRISM, emphasizing that "the surveillance activities published in The Guardian and The Washington Post are lawful and conducted under authorities widely known and discussed, and fully debated and authorized by Congress."[31][32] The fact sheet described PRISM as "an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a)." It further stated that "the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence." It said that the Attorney General provides FISA Court rulings and semi-annual reports about PRISM activities to Congress, "provid[ing] an unprecedented degree of accountability and transparency."[32]
The President of the United States, Barack Obama, defended the government's surveillance programs, saying that they were legally authorized and had helped prevent terrorist attacks. "What you’ve got is two programs that were originally authorized by Congress, have been repeatedly authorized by Congress. Bipartisan majorities have approved them. Congress is continually briefed on how these are conducted. There are a whole range of safeguards involved. And federal judges are overseeing the entire program throughout."[33] He also said that having a debate about how to balance security issues with privacy concerns is healthy for democratic government, but he cautioned, "You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience. You know, we’re going to have to make some choices as a society."[33] In separate statements, senior Obama administration officials said that Congress had been briefed 13 times on the programs since 2009.[34]
In contrast to their swift and forceful reactions the previous day to allegations that the government had been conducting surveillance of United States citizens' telephone records, Congressional leaders had little to say about the PRISM program the day after leaked information about the program was published. Several lawmakers declined to discuss PRISM, citing its top-secret classification,[35] and others said that they had not been aware of the program.[36]
Investigative journalist Russ Baker has commented on the government statement in an interview on RT "Claims that the NSA is not spying on Americans are absurd because anybody could potentially commit a terrorist act. The reality is they're looking at all of us. They're trying to establish networks of communication but it's kind of ridiculous because you're looking for a needle in a haystack. You're looking at virtually the entire world trying to find just a handful of plots and, as we know, many of these plots turn out to be more complicated, with FBI informants involved right from the beginning."[37]
On June 8, 2013 questioned regarding PRISM, highly placed NSA intelligence official , turned whistleblower William Binney confirmed and clarified U.S Senators Mark Udall and Ron Wyden 2011 allegation[38] by stating "the government is using a secret interpretation of Section 215 of the Patriot Act which allows the government to obtain any data in any third party, like any service provider… any third party… any commercial company – like a telecom or internet service provider, libraries, medical companies – holding data about anyone, any U.S. citizen or anyone else. In other words, the government was using the antiquated, bogus legal argument that it was not acting (under) color of law using governmental powers, and that it was private companies just doing their thing (which the government happened to order all of the private companies to collect and fork over)".[39]
Authorized by Foreign Intelligence Surveillance Act
On June 8, 2013, the Director of National Intelligence issued a fact sheet stating that PRISM was conducted "under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a)."[32] Section 702 provides that “the Attorney General [A.G.] and the Director of National Intelligence [DNI] may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information."[40] In order to authorize the targeting, the A.G. and DNI need to get an order from the Foreign Intelligence Surveillance Court (FISC) pursuant to Section 702 or certify that “intelligence important to the national security of the United States may be lost or not timely acquired and time does not permit the issuance of an order."[40] When asking for an order, the A.G. and DNI must certify to FICS that “a significant purpose of the acquisition is to obtain foreign intelligence information.” [40] They do not need to specify which facilities or property that the targeting will be directed at. [40]After getting a FISC order or determining that there are emergency circumstances, the A.G. and DNI can direct an electronic communication service provider to give them access to information or facilities to carry out the targeting and keep the targeting secret. [40] The provider then has the option to: (1) comply with the directive; (2) reject it; or (3) challenge it to FISC.
If the provider complies with the directive, it is released from liability to its users for providing the information and reimbursed for the cost of providing it.[40]
If the provider rejects the directive, the A.G. may request an order from FISC to enforce it.[40] A provider that fails to comply with FISC’s order can be punished with contempt of court. [40]
Finally, a provider can petition FISC to reject the directive. [40] In case FISC denies the petition and orders the provider to comply with the directive, the provider risks contempt of court if it refuses to comply with FISC’s order.[40] The provider can appeal FISC’s denial to the Foreign Intelligence Surveillance Court of Review and then appeal the Court of Review’s decision to the Supreme Court by a writ of certiorari for review under seal.[40]
Involvement of other countries
In the United Kingdom, Government Communications Headquarters (GCHQ) has had access to the PRISM program on or before June 2010 and wrote 197 reports with it in 2012 alone. PRISM may have allowed GCHQ to circumvent the formal legal process required to seek personal material.[41][42]Germany did not receive any raw PRISM data, according to a Reuters report.[43]
Israeli newspaper Calcalist was discussing the Business Insider article, about the possible involvement of technologies from two secretive Israeli companies in the PRISM program.[44][45]
International responses
- The German Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, condemned the program as "monstrous".[46]
- Sophie in 't Veld, a Dutch Member of the European Parliament, called PRISM "a violation of EU laws".[47]
Related government internet surveillance programs
"A parallel program, code-named BLARNEY, gathers up metadata as it streams past choke points along the backbone of the Internet. BLARNEY’s summary, set down in the slides alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.”[48]A related program, a big data or data mining system based on cloud computing and Free and Open Source Software (FOSS) technology known as "Boundless Informant", was disclosed in top secret documents leaked to the Guardian and reported on June 8, 2013.[49]
See also
- Anonymous (group)
- Boundless Informant
- Communications Assistance for Law Enforcement Act
- Edward Snowden
- Information Awareness Office
- Lawful interception
- Mass surveillance
- NSA call database
- NSA warrantless surveillance controversy
- NSA electronic surveillance program
- NSA Whistleblowers: Thomas Andrews Drake, Mark Klein, William Binney, Thomas Tamm, Russ Tice
- Room 641A, Hepting v. AT&T
- Signals intelligence
- SORM
- Stellar Wind, Trailblazer, Thinthread, Turbulence, ECHELON, MINARET, SHAMROCK, FBI Index, DCSNet
- UKUSA SIGINT Agreement
- Utah Data Center
No comments:
Post a Comment