At this point, you have probably all heard a lot about the leaks of an NSA program collecting data from major Internet and phone companies. There’s a lot of information coming out here, so I’m trying to create a guide for what is actually happening, how it is different from other programs in the past, and why you should be outraged. Let’s get to it.
There are a lot of acronyms and weird names getting thrown around right now, so we’ll start by defining a few of them.
The NSA is the National Security Agency. It falls under the Department of Defense (DoD) and deals with the collection and analysis of domestic communications and information systems.
You’ve probably also heard about FISA. That is the Foreign Intelligence Surveillance Act. It was passed in 1978 to provide judicial and congressional oversight of domestic intelligence activities. When you read or hear about a FISA court, that refers to a secret court that is supposed to approve domestic intelligence activities.
FISA was amended in 2001 by the USA PATRIOT Act, or the United and Strengthening America by Providing Appropriate Tools to Intercept and Obstruct Terrorism Act. The PATRIOT Act does a lot of things, including allows indefinite detention of immigrants, allowing law enforcement to search an individuals home or business without their knowledge or consent, allowing law enforcement to search email, phone, and financial records without a court order, and expanding law enforcement access to business records.
Now we can get into the more recent revelations.
PRISM is the code name for a data collection program run by the NSA. Here’s the basic framework. Most of the world’s Internet infrastructure exists in the U.S. As a result, most electronic communications pass through that infrastructure at some point. So the NSA devised PRISM as a way of monitoring those communications. It depends upon Internet service providers giving them access to data on all of their users. While the NSA has orders not to use the data of American citizens, it is often collected along with the data of foreign users.
Finally, there is another term out there that you may not have heard as much, but is also important to this story: Boundless Informant. Despite appearances to the contrary, it is not a phrase from 1984 but rather the code name for an NSA program that allows the agency to view metadata (data about data, basically. In this case, if refers to how much data the NSA is collecting) for every country where they conduct surveillance.
How is this different from previous programs?
Some of the responses to these leaks have been underwhelming. One common reaction seems to be “what’s the big deal? We already knew the government was conducting a lot of surveillance of electronic communications.”
But PRISM and Boundless Informant are different. For one thing, they are not focused on people suspected of wrongdoing, the way even some of the most controversial program initiated under the PATRIOT Act were. The PATRIOT Act sometimes had pretty sketchy justification for suspecting someone of terrorist activity, but at least there was some attempt to provide a rationale for the surveillance. PRISM is a massive dragnet that monitors all of us. The same is true of phone calls and communications.
All of this data mining, or sifting through communications records for patterns, is done without court approval, although “personal signifiers” such as names and Social Security numbers cannot be searched without probably cause.
And despite the U.S. government’s insistence that it is only interested in the metadata, by which they basically mean things like the number of emails exchanged between militants in Pakistan and Afghanistan, for example, PRISM gives them far greater access than that. According to Glenn Greenwald, one of the journalists who broke this story, PRISM can also allow for the collection of search histories, the content of emails and live chats, and file transfers. So PRISM has the potential to get much more personal information than the administration would have us believe.
Likewise, while Boundless Informant is meant to provide metadata such as calling patterns, it can provide information as detailed as a user’s IP address. While an IP address “isn’t a direct proxy for individual users,” it’s pretty damn close. It can be used to determine location and other identifying factors.
Another distinguishing characteristic of PRISM is that in addition to being based on a very broad order, it is based on an ongoing one. In other words, the court order leaked recently requiring Verizon to turn over daily phone records for all its users is apparently a routine renewal of a standing order. So the program is quite literally without limit. No time constraint and no need to target your search to specific individuals suspected of wrongdoing.
The final difference I will highlight here is the role of private contractors. Their role in the national security community has expanded drastically since 9/11, and PRISM and Boundless Informant are no exception. In fact, the whistleblower who brought these programs into the public eye, Edward Snowden, was a private contractor, not a government employee.
A few years ago, it was estimated that a quarter of all intelligence workers are private contractors. 70% of the intelligence community’s secret budget goes to contractors like Booz Allen Hamilton, the company that employed Snowden.
In fact, the privatization has reached the point where even the process of granting security clearances has been contracted out. So it’s not just the government that has access to the information provided by PRISM and Boundless Informant, but also third party contractors.
Due to time constraints and the fact that I have many, many thoughts on this issue, further examination of why you should be outraged about these programs will have to wait until Friday. But I hope this has given you enough information to start getting at least kind of pissed.