Disclosures on NSA Spying Alarm Lawmakers, Tech Companies

Disclosures on NSA spying alarm lawmakers, tech companies
The GuardianA slide from a purported NSA PowerPoint presentation on a classified Internet surveillance program called PRISM.

By Joseph Menn and Jonathan Weber

SAN FRANCISCO - Recent revelations about the National Security Agency's expansive data-collection efforts have underscored the power of electronic surveillance in the Internet era and renewed an historic debate over how far the government should go in spying on its own people.

A disillusioned former CIA computer technician named Edward Snowden, who had worked as a contractor at the NSA, identified himself on Sunday as the source of multiple disclosures on the government's surveillance that were published by the Guardian and the Washington Post last week.

The information included a secret court order directing Verizon Communications Inc (VZ) to turn over all its calling records for a three-month period, and details about an NSA program code-named PRISM, which collected emails, chat logs and other types of data from Internet companies. These included Google Inc (GOOG), Facebook Inc (FB), Microsoft Corp (MSFT), Yahoo Inc (YHOO), AOL Inc (AOL) and Apple Inc (AAPL).

Snowden cast himself as a whistleblower alarmed about overreaching by the U.S. intelligence establishment, which was given broad powers after the September 11 attacks in 2001 and can take now take advantage of the huge growth in digital data.

President Barack Obama and congressional leaders have vigorously defended the NSA's efforts as both legal and necessary. U.S. Director of National Intelligence James Clapper took the rare step of responding in detail to stories about PRISM.

U.S. Attorney General Eric Holder's Justice Department has launched a new round of investigations into media leaks, the very issue that consumed his department for the last month and led to renewed calls for Holder's resignation.

Intelligence officials and the technology companies say PRISM is much less invasive than initially suggested by stories in the Guardian and the Post. Several people familiar with negotiations between the Silicon Valley giants and intelligence officials said the NSA could not rummage at will through company servers and that requests for data had to be about specific accounts believed to be overseas.

Still, the revelations alarmed civil liberties advocates and some lawmakers who had supported the Patriot Act, which gave intelligence agencies new powers after 9/11, and another law granting telecommunication carriers immunity for eavesdropping at the request of the government.

"This is the law, but the way the law is being interpreted has really concerned me," Democratic SenatorMark Udall said on ABC on Sunday. "It's just to me a violation of our privacy, particularly if it's done in ways that we don't know about."

Of primary concern for Udall and others was that millions of Americans have had their phone habits and other records perused by computer programs and analysts hunting for connections to terrorists or foreign governments - even though the NSA is generally barred from spying on U.S. citizens.

One former high-ranking NSA official told Reuters that such broad assembly of records was essential to investigations.

If "a known terrorist in Yemen calls someone in the U.S., why did he call them and what happened when the person in U.S. starts making calls elsewhere in the U.S.?" he asked. "On the surface it looks like the emergence of a terrorism cell."

Data-mining programs map such connections and provide grounds for further inquiry, potentially including the contents of calls, according to former operatives and Justice Department officials.

Among the remaining unknowns, even after four days of media coverage, is how much data beyond phone numbers is collected from U.S. residents, how that data is "minimized" to prevent excess scrutiny, how it is analyzed and how long it is kept.

The NSA "keeps the emails essentially forever. I don't think there is any question about it," said Mark Rossini, a former FBI supervisor who was assigned to a CIA counter-terrorism unit and who said he was briefed on PRISM.

"They are not reading our data, they are storing it in bits and bytes that can be searched," Rossini said. The same is likely true of the mass of phone calls copied from AT&T Inc (T) offices to facilities controlled by the NSA, as disclosed by an AT&T whistleblower in 2006, he added.

Series of Disclosures

The revelations began on Wednesday with a Guardian report on a secret court order demanding all Verizon phone records over a three-month period. The scope of the request appeared to undermine the government's contention that its surveillance efforts are highly targeted and do not involve large numbers of U.S. citizens.

On Thursday, the Guardian and the Washington Post published slides from an internal NSA presentation asserting that PRISM gathered emails, documents and other information "directly from the servers" of nine U.S. Internet companies.

The companies quickly disputed the claim that they offered "direct access" to "bulk" data and insisted that they responded only to requests for specific information as required by law.

Still, the scope of the program, the secrecy surrounding it, and its emergence as a lynchpin of U.S. espionage operations created an uproar on Capitol Hill and in Silicon Valley. The NSA slides stated that more than 1,400 items in Obama's intelligence briefings last year came from PRISM.

It remains unclear exactly how the Internet companies provide information to the government, in part because virtually everything about PRISM is considered a national security secret. It was also not clear why some companies, notably Twitter, said they were able to resist and were absent from the PRISM slides.

Several of the companies said a human being had to approve each tracking request. Government and industry sources said some of the companies appear to have installed special equipment to facilitate intelligence requests.

In addition, tracking all the Internet activities of a specific person or group over a period of time, for example, could yield a great deal of data and require special systems to track and retrieve it. Americans will still have some of their data sucked up, stored and digested in multiple ways, former intelligence operatives said.

Rossini said he believed intelligence analysts could perform searches, such as someone within two connections of a terrorism suspect mentioning "bomb" in an international email. The searches would only be used for terrorism or foreign intelligence, not ordinary crime, he said.

However, protections for Americans give little comfort to foreign governments and the hundreds of millions of overseas customers of U.S. Internet firms.

Indeed, PRISM appears to be an effective tool for the NSA precisely because U.S. companies dominate the Internet, and global communications even among people overseas often pass through the United States. That is galling to those in Europe who have argued that local technology companies need to be nurtured to combat U.S. economic and political domination.

(Additional reporting by Peter Henderson.; Editing by Tiffany Wu and Christopher Wilson)