Friday, June 07, 2013

U.S. government's secret PRISM program revealed: Nine leading Internet firms tapped for data by the NSA

As if privacy advocates weren't already up in arms over the newly publicized -- but secret -- Verizon phonetapping program (and, most likely, all major U.S. carriers) that the NSA is conducting, a top-secret document obtained by The Washington Post and exposed on Thursday goes even further. The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies (Apple, Microsoft, Google, Yahoo, Facebook, PalTalk, AOL, Skype, and YouTube).

According to the Washington Post, Microsoft was the first company "recruited" for the program, dubbed PRISM. It was followed by Facebook, Google, and Yahoo. Apple, according to the report, was the most recent company to be added to PRISM.

Reportedly, the program has DropBox next in its sights. Notably, though, at least six of the companies involved (Apple, Google, Microsoft, Yahoo, Dropbox and Facebook) have denied involvement.

Joe Sullivan, chief security officer for Facebook said:
We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.
Steve Dowling, a spokesman for Apple said:
We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.
Google also confirmed that it unaware of PRISM and that it is not participating in it. The company said that ”Google does not have a ‘back door’ for the government to access private user data.”

PRISM apparently rose from the ashes of President George W. Bush’s warrantless wiretapping program fell apart under pressure from media, lawsuits, and the Foreign Intelligence Surveillance Court, which Bush famously eschewed when he started his program. PRISM began in 2007, according to WaPo, meaning it preceding the Obama administration.

That also means, though, that the Obama administration did not halt the program once it came into office.

Later on Thrusday, the U.S.’s Director of National Intelligence, James R. Clapper, released an official statement which said media reports regarding PRISM and Verizon Wireless were inaccurate. “The Guardian (report, regarding Verizon Wireless) and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.”

Still later, the Office of the Director of National Intelligence -- his office -- issued its own statement. That statements is below. Don't expect, though, that any of this has died down.
DNI Statement on Recent Unauthorized Disclosures of Classified Information

The highest priority of the Intelligence Community is to work within the constraints of law to collect, analyze and understand information related to potential threats to our national security.

The unauthorized disclosure of a top secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation.

The article omits key information regarding how a classified intelligence collection program is used to prevent terrorist attacks and the numerous safeguards that protect privacy and civil liberties.

I believe it is important for the American people to understand the limits of this targeted counterterrorism program and the principles that govern its use. In order to provide a more thorough understanding of the program, I have directed that certain information related to the “business records” provision of the Foreign Intelligence Surveillance Act be declassified and immediately released to the public.

The following important facts explain the purpose and limitations of the program:
  • There is a robust legal regime in place governing all activities conducted pursuant to the Foreign Intelligence Surveillance Act, which ensures that those activities comply with the Constitution and laws and appropriately protect privacy and civil liberties. The program at issue here is conducted under authority granted by Congress and is authorized by the Foreign Intelligence Surveillance Court (FISC). By statute, the Court is empowered to determine the legality of the program. 
  • By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. All information that is acquired under this program is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. Only specially cleared counterterrorism personnel specifically trained in the Court-approved procedures may even access the records. 
  • All information that is acquired under this order is subject to strict restrictions on handling and is overseen by the Department of Justice and the FISA Court. Only a very small fraction of the records are ever reviewed because the vast majority of the data is not responsive to any terrorism-related query.
  • The Court reviews the program approximately every 90 days. DOJ conducts rigorous oversight of the handling of the data received to ensure the applicable restrictions are followed. In addition, DOJ and ODNI regularly review the program implementation to ensure it continues to comply with the law. 
  • The Patriot Act was signed into law in October 2001 and included authority to compel production of business records and other tangible things relevant to an authorized national security investigation with the approval of the FISC. This provision has subsequently been reauthorized over the course of two Administrations – in 2006 and in 2011. It has been an important investigative tool that has been used over the course of two Administrations, with the authorization and oversight of the FISC and the Congress.
Discussing programs like this publicly will have an impact on the behavior of our adversaries and make it more difficult for us to understand their intentions. Surveillance programs like this one are consistently subject to safeguards that are designed to strike the appropriate balance between national security interests and civil liberties and privacy concerns. I believe it is important to address the misleading impression left by the article and to reassure the American people that the Intelligence Community is committed to respecting the civil liberties and privacy of all American citizens.

James R. Clapper, Director of National Intelligence

No comments: