The Wide Scope Of The NSA's Secret Spying Program

Grand Potentate

Supporter of Possible Sexual Deviants
For those unfamiliar with the backstory on how we got here(highlighted links lead to articles):

Bush Lets U.S. Spy on Callers Without Courts, New York Times, December 2005
In 2005, the New York Times broke the story of warrantless wiretapping under President George W. Bush. The National Security Agency previously listened in on calls in which both parties were abroad, but monitoring expanded under Bush to include U.S. calls and emails made to overseas contacts. Officials said it was an attempt to track “dirty numbers” that were linked to al Qaida.

NSA has massive database of Americans' phone calls, USA Today, May 2006
Yesterday’s Guardian report isn’t the first we’ve heard of the government collecting Americans’ phone records. In 2006, USA Today revealed that the Bush administration was collecting call records of Verizon, AT&T, and BellSouth customers without going through the courts.

Top Secret America, Washington Post, July 2010
As the U.S. counterterrorism system grew to encompass thousands of government agencies and private contractors, it became “an enterprise so massive that nobody in government has a full understanding of it.” The Washington Post reported the NSA was collecting 1.7 billion emails, phone calls, and other communications every day, “overwhelming the system's ability to analyze and use it.”

The Secret Sharer: Is Thomas Drake an enemy of the state?, New Yorker, May 2011
Obama promised to increase transparency, but he’s pursued more leak investigations than any other U.S. president. Former NSA executive Thomas Drake faced charges under the Espionage Act for leaking documents on the agency’s growing surveillance of private citizens (he eventually pled guilty to a much lesser charge.) Drake’s case is a window into the NSA as domestic spying took off.

The Surveillance Catalog, The Wall Street Journal, February 2012
Plenty of governments are spending to spy on their citizens. Documents obtained by The Wall Street Journal reveal what’s in governments’ toolbox. Some software enables governments to translate and analyze voices from massive wiretaps to discern what’s being discussed, or to steal data from “hundreds of thousands” of targets.

The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say), Wired, March 2012
The “Utah Data Center” may sound like just another office park, but the National Security Agency’s $2-billion project will soon be home to the biggest database of U.S. citizens’ personal information, from private emails to bookstore receipts. When it opens In September 2013, it will also be where codebreakers work to crack into heavily encrypted data.

U.S. Terrorism Agency to Tap a Vast Database of Citizens, The Wall Street Journal, December 2012
The National Counterterrorism Center was once only allowed to store data on citizens if they were terror suspects or related to an ongoing investigation. Not anymore. The Wall Street Journal details the “sea change” in policy under Obama, that lets the center collect and examine information on any U.S. citizen — whether or not they’re suspected of a crime.

Which leads us to yesterday's story by Glenn Greenwald of The Guardian on the NSA's PRISM spy program:
NSA taps in to internet giants' systems to mine user data, secret files reveal

• Top secret PRISM program claims direct access to servers of firms including Google, Facebook and Apple
• Companies deny any knowledge of program in operation since 2007

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."
Several senior tech executives insisted that they had no knowledge of PRISM or of any similar scheme. They said they would never have been involved in such a programme. "If they are doing this, they are doing it without our knowledge," one said.
An Apple spokesman said it had "never heard" of PRISM.
The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.


The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
It also opens the possibility of communications made entirely within the US being collected without warrants.
Disclosure of the PRISM program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.
The participation of the internet companies in PRISM will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.


The extent and nature of the data collected from each company varies.
Companies are legally obliged to comply with requests for users' communications under US law, but the PRISM program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".
The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.
When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the PRISM program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.


The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.
The PRISM program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
The presentation claims PRISM was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.
"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."
The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.
The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities' requests.
In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.
The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".
In the document, the NSA hails the PRISM program as "one of the most valuable, unique and productive accesses for NSA".
It boasts of what it calls "strong growth" in its use of the PRISM program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".
The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.
Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.
"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.
"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."
Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.
When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the PRISM program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 PRISM-based reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.
In total, more than 77,000 intelligence reports have cited the PRISM program.
Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.
"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.
"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."

More in post 2
Then, yesterday, the Washington Post followed it up with a report further detailing what was going on. I highly recommend reading this for the choice quotes from the NSA alone:
Documents: U.S. mining data from 9 leading Internet firms; companies deny knowledge

  • by Barton Gellman and Laura Poitras
  • June 7, 2013


The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.
Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.
The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.
In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to certify periodically that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.
In a statement issue late Thursday, Director of National Intelligence James R. Clapper said “information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”
Clapper added that there were numerous inaccuracies in reports about PRISM by The Post and the Guardian newspaper, but he did not specify any.

The PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.
Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report, “but it’s nothing to worry about.”
Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from Kevin Bacon.
A ‘directive’
Formally, in exchange for immunity from lawsuits, companies like Yahoo and AOL are obliged accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority to for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”
In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.
Apple demonstrated that resistance is possible, for reasons unknown, when it held out for more than five years after Microsoft became PRISM’s first corporate partner in May 2007. Twitter, which has cultivated a reputation for aggressive defense of its users’ privacy, is still conspicuous by its absence from the list of “private sector partners.”
“Google cares deeply about the security of our users’ data,” a company spokesman said. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
Like market researchers, but with far more privileged access, collection managers in the NSA’s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts. For much the same reason, civil libertarians and some ordinary users may be troubled by the menu available to analysts who hold the required clearances to “task” the PRISM system.
There has been “continued exponential growth in tasking to Facebook and Skype,” according to the 41 PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an
analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.

Julie Tate and Robert O’Harrow Jr. contributed to this report.

And here's a followup from the Washington Post with an explainer on the slides:
NSA slides explain the PRISM data-collection program

Published: June 6, 2013
Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA), the U.S. intelligence community can gain access to the servers of nine Internet companies for a wide range of digital data. Documents describing the previously undisclosed program, obtained by The Washington Post, show the breadth of U.S. electronic surveillance capabilities in the wake of a widely publicized controversy over warrantless wiretapping of U.S. domestic telephone communications in 2005. These slides, annotated by The Washington Post, represent a selection from the overall document, and certain portions are redacted. Read related article.
Introducing the program

A slide briefing analysts at the National Security Agency about the program touts its effectiveness and features the logos of the companies involved.

The program is called PRISM, after the prisms used to split light, which is used to carry information on fiber-optic cables.

This note indicates that the program is the number one source of raw intelligence used for NSA analytic reports.

The seal of
Special Source Operations, the NSA term for alliances with trusted U.S. companies.
Monitoring a target's communication

This diagram shows how the bulk of the world’s electronic communications move through companies based in the United States.

Providers and data

The PRISM program collects a wide range of data from the nine companies, although the details vary by provider.

Participating providers

This slide shows when each company joined the program, with Microsoft being the first, on Sept. 11, 2007, and Apple the most recent, in October 2012.

More in post 3
Here's a good simplified explainer from Shane Harris, author of The Watchers (a book on the NSA):
What We Know About the NSA Metadata Program
The spy agency has been receiving Americans' phone records for years. By Shane Harris
Comments (4) | Published June 6, 2013
Multiple officials are now confirming that the National Security Agency's practice of collecting all telephone metadata from Verizon, as first reported by the Guardian, is part of a program that has been active for years. A US intelligence official tells me that orders of the kind delivered to Verizon in April are routine. Sen. Dianne Feinstein said today that the collection of metadata from phone companies is a seven-year-old practice. And an unnamed source told the Washington Post that the order appears to be similar to one first issued by the Foreign Intelligence Surveillance Court in 2006, and that it is “reissued routinely every 90 days” and not related to any particular government investigation.
Here’s what else we know so far about this massive intelligence collection program, a few things we might infer, and some big unanswered questions.
What is the government doing with all this phone metadata?
According to a senior administration official, “Information of the sort described in the Guardian article has been a critical tool in protecting the nation from terrorist threats to the United States, as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.”
This is a description of standard link analysis. Say the government obtains the phone number for a suspected terrorist. It then runs that number against the huge metadatabase. If there’s a match, presumably the government then obtains some other authority to find out who the number in the metadatabase belongs to; according to the court order, and the administration official, the metadata does not contain the names of phone subscribers. It’s just phone numbers, lengths of calls, and other associated data that’s not considered “content.”
What can you learn with metadata but no content?
A lot. In fact, telephone metadata can be more useful than the words spoken on the phone call. Starting with just one target’s phone number, analysts construct a social network. They can see who the target talks to most often. They can discern if he’s trying to obscure who he knows in the way he makes a call; the target calls one number, say, hangs up, and then within second someone calls the target from a different number. With metadata, you can also determine someone's location, both through physical landlines or, more often, by collecting cell phone tower data to locate and track him. Metadata is also useful for trying to track suspects that use multiple phones or disposable phones. For more on how instructive metadata can be, read this.
Where is all that metadata being stored?
According to the court order, at the National Security Agency. The electronic spying agency is headquartered in Ft. Meade, Md. But it has been running out of digital storage space there, as well as electricity to keep all its systems up and running. The NSA has built a new facility in the Utah desert, called, appropriately, the Utah Data Center. And it recently broke ground on another facility at Ft. Meade.
How does that data get from the phone companies to the NSA?
We still know little about the physical infrastructure that transmits the metadata. But we do know, from the order, that Verizon is sending the information to the NSA “on an ongoing daily basis.” That’s an extraordinary amount of information considering it covers millions of customers making multiple calls a day. In simple terms, we’re talking about a lot of pipes and cables leading from Verizon locations—like switching stations—to NSA facilities. We know from a whistleblower at AT&T that surveillance equipment was set up at the company’s offices in San Francisco as part of the NSA’s efforts to monitor terrorists after the 9/11 attacks.
What else might the NSA or other government agencies be doing with this metadata?
As I wrote in my book, The Watchers, the NSA has long been interested in trying to find unknown threats in very big data sets. You’ll hear this called “data mining” or “pattern analysis.” This is fundamentally a different kind of analysis than what I described above where the government takes a known suspect’s phone number and looks for connections in the big metadatabase.
In pattern analysis, the NSA doesn’t know who the bad guy is. Analysts look at that huge body of information and try to establish patterns of activity that are associated with terrorist plotting. Or that they think are associated with terrorist plotting.
The NSA spent years developing very complicated software to do this, and met with decidedly mixed results. One such invention was a graphing program that plotted thousands upon thousands of pieces of information and looked for relationships among them. Critics called the system the BAG, which stood for “the big ass graph.” For data geeks, this was cutting edge stuff. But for investigators, or for intelligence officials who were trying to target terrorist overseas, it wasn’t very useful. It produced lots of potentially interesting connections, but no definitive answers as to who were the bad guys. As one former high-level CIA officer involved in the agency’s drone program told me, “I don’t need [a big graph]. I just need to know whose ass to put a Hellfire missile on.”
How big a database do you need to store all this metadata?
A very, very big one. And lots of them. That facility in Utah has 1 million square feet of storage space.
But just storing the data isn’t enough. The NSA wants a way to manipulate it and analyze it in close to real-time. Back in 2004, the agency began building “in-memory” databases, which were different than traditional databases that stored information on disks. In-memory was built entirely with RAM, which allows a computer to hold data in storage and make it ready for use at an instant. With disks, the computer has to physically go find the data, retrieve it, and then bring it into a program. If you’re trying to analyze entire telephone networks at once—and that is precisely what the NSA wanted to do—a disk-based system will be too slow. But the NSA’s in-memory databases could perform analytical tasks on huge data sets in just a few seconds.
The NSA poured oceans of telephone metadata into the in-memory systems in the hopes of building a real-time terrorist tracker. It was an unprecedented move for an organization of the NSA’s size, and it was extremely expensive.
That was 2004. The court orders issued to Verizon, we’re told, go back to as early as 2006. It appears that the NSA has had an uninterrupted stream of metadata for at least seven years. But the agency was getting access almost immediately after 9/11. That could mean there’s more than a decade’s worth of phone records stored at the NSA’s facilities.

And here is a great breakdown from The Verge on Metadata, what it does, and why its important (Highly recommended reading):
Metadata matters: how phone records and obsolete laws harm privacy and the free press

  • by Joshua Kopstein
  • May 16, 2013

Between the IRS admitting it targeted conservative political groups and the never-ending debacle over the US embassy raid in Benghazi, the Obama administration has had to deal with a full plate of scandals this week. It topped off on Monday, when the Associated Press revealed that the Department of Justice had issued a subpoena to conduct a sweeping surveillance campaign against its reporters over the course of two months.
Immediately upon hearing this, some people took it to mean that the US government had tapped the AP’s phone lines and listened in on conversations between reporters and confidential sources. In reality, the DOJ’s surveillance had collected phone records — numbers, call durations, location data, and other telecommunications byproducts — not the content of the communications themselves. But that doesn’t mean that journalists and the American public at large have no reason to be shocked and appalled by the intrusion.
Members of the press and Congress are right to be alarmed by the DOJ’s surveillance campaign, which reportedly began last year to investigate a leak regarding a foiled terror plot. Far from being “harmless,” the gathering of telecommunications metadata or “non-content” information can be incredibly damaging to a reporter’s work and integrity — or a regular citizen’s privacy. Moreover, the fiasco highlights once again that all Americans, journalists or otherwise, are still in the doghouse when it comes to data privacy laws.
“There are whole categories of information for which the metadata is as sensitive as the content.”
“There are whole categories of information for which the metadata is as sensitive as the content,” said Chris Soghoian, ACLU’s principal technologist and senior policy analyst, in a phone interview with The Verge. For a regular person, it could be something like calling an addiction hotline or sending a text message to a number which donates money to a political campaign — what was discussed or how much you donated isn’t particularly important next to the knowledge that you called, texted, or emailed in the first place.
In a 1997 paper that circulated heavily on Twitter following news of the Justice Department’s AP surveillance, University of San Francisco law professor Susan Freiwald explains how gathering this kind of non-content data can go horribly wrong:

For example, some information can be used to incriminate those who communicate with people involved in criminal enterprises. Further, some information can incriminate even without connecting the subject to other suspects. Several courts have held that an unusual volume of calls made immediately before, during, and after sporting events furnishes strong evidence that the caller is engaged in a gambling operation. Besides incriminating those who violate the law, communication attribute information yields evidence of those with whom one associates, and the sources of one's information.​
It's the same thing that plunged former CIA chief General David Patraeus into scandal last November. As the Wall Street Journal explains it, law enforcement tracking down Patraeus' mistress Paula Broadwell "used metadata footprints left by the emails to determine what locations they were sent from. They matched the places, including hotels, where Ms. Broadwell was during the times the emails were sent. FBI agents and federal prosecutors used the information as probable cause to seek a warrant to monitor Ms. Broadwell's email accounts."
Warrantless access to data showing the date, time, duration, and participants involved in a communication can be especially dangerous for journalists working with confidential sources. Soghoian notes that in a leaks investigation, most of the actual leaking happens in person — phones are simply used to arrange meetings. So in the end, it’s the non-content records — like those collected in secret from the AP — that really matter. “Which officials are talking to which journalists is what they’re after,” he says, “and it just happens to be that that’s the information that currently gets the lowest protection under US law.”
Normally, the DOJ has a much stricter set of internal rules for collecting that information from members of the press. But the guidelines seem to have been violated in this instance, and Attorney General Eric Holder, backed into a corner during a House Judiciary Committee hearing on Wednesday over his non-involvement in the case, is now calling for the reintroduction of a media shield law to protect journalists from future government intrusions.
As for average citizens, who have much weaker protections than journalists doing their jobs, it all comes back to that ancient and notoriously weak privacy law that keeps allowing the US government to capture data en masse without any warrants or legal repercussions: the Electronic Communications Privacy Act (ECPA) of 1986.
Thanks to a 1976 court decision citing something called the “third party” doctrine, ECPA still interprets the creation of incidental data — the kind generated as a byproduct of using telecommunications, like call records — as data “given” to a third party. Therefore, the court decided, there is no “reasonable expectation” of privacy for this information, so it’s all fair game for any federal prosecutor with a subpoena. A New York judge recently took that even further, saying that the only way you can expect to have privacy is by leaving your phone off.
A federal judge recently said the only way to expect privacy is by leaving your phone off
Of course, this is a ridiculous position to be in at a time when ubiquitous, internet-connected mobile communications devices constantly leave geolocation data, web browsing habits, and more in the hands of phone companies and service providers. In the Supreme Court, Justice Sonya Sotomayor has agreed that the argument is "ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks." That information also includes opened emails, emails unopened after 180 days, text messages, IP addresses, and more — all of which require no warrant for the government to obtain them under the current law.
But perhaps the newest and most dangerous development in considering all this free-flowing metadata is that in recent years, it has become incredibly easy to build tools that scrape, scan, and exploit it. Companies like the US-backed Palantir sell Minority Report-style software meant to analyze enormous metadata sets for evidence of future crimes and terrorism. Yet the law still reflects a time when this information wasn’t considered sensitive, and had to be parsed by hand.
Simply put, a free press can not report meaningfully on matters of national importance when they have reason to believe their activities might be logged and algorithmically analyzed by the government at all times — nor can the general public speak freely. The Obama White House has proudly trumpeted its aggressive crackdown on leakers, which saw the draconian Espionage Act invoked more times than during every US administration combined. Perhaps now, Congress will be asking whether that’s really a world we want to live in.

And from the New Yorker:
What’s the Matter with Metadata?

Posted by Jane Mayer
Dianne Feinstein, a Democrat from liberal Northern California and the chairman of the Senate Select Committee on Intelligence, assured the public earlier today that the government’s secret snooping into the phone records of Americans was perfectly fine, because the information it obtained was only “meta,” meaning it excluded the actual content of the phone conversations, providing merely records, from a Verizon subsidiary, of who called whom when and from where. In addition, she said in a prepared statement, the “names of subscribers” were not included automatically in the metadata (though the numbers, surely, could be used to identify them). “Our courts have consistently recognized that there is no reasonable expectation of privacy in this type of metadata information and thus no search warrant is required to obtain it,” she said, adding that “any subsequent effort to obtain the content of an American’s communications would require a specific order from the FISA court.”
She said she understands privacy—“that’s why this is carefully done”—and noted that eleven special federal judges, the Foreign Intelligence Surveillance Court, which meets in secret, had authorized the vast intelligence collection. A White House official made the same points to reporters, saying, “The order reprinted overnight does not allow the government to listen in on anyone’s telephone calls” and was subject to “a robust legal regime.” The gist of the defense was that, in contrast to what took place under the Bush Administration, this form of secret domestic surveillance was legitimate because Congress had authorized it, and the judicial branch had ratified it, and the actual words spoken by one American to another were still private. So how bad could it be?
The answer, according to the mathematician and former Sun Microsystems engineer Susan Landau, whom I interviewed while reporting on the plight of the former N.S.A. whistleblower Thomas Drake and who is also the author of “Surveillance or Security?,” is that it’s worse than many might think.
“The public doesn’t understand,” she told me, speaking about so-called metadata. “It’s much more intrusive than content.” She explained that the government can learn immense amounts of proprietary information by studying “who you call, and who they call. If you can track that, you know exactly what is happening—you don’t need the content.”
For example, she said, in the world of business, a pattern of phone calls from key executives can reveal impending corporate takeovers. Personal phone calls can also reveal sensitive medical information: “You can see a call to a gynecologist, and then a call to an oncologist, and then a call to close family members.” And information from cell-phone towers can reveal the caller’s location. Metadata, she pointed out, can be so revelatory about whom reporters talk to in order to get sensitive stories that it can make more traditional tools in leak investigations, like search warrants and subpoenas, look quaint. “You can see the sources,” she said. When the F.B.I. obtains such records from news agencies, the Attorney General is required to sign off on each invasion of privacy. When the N.S.A. sweeps up millions of records a minute, it’s unclear if any such brakes are applied.
Metadata, Landau noted, can also reveal sensitive political information, showing, for instance, if opposition leaders are meeting, who is involved, where they gather, and for how long. Such data can reveal, too, who is romantically involved with whom, by tracking the locations of cell phones at night.
For the law-enforcement community, particularly the parts focussed on locating terrorists, metadata has led to breakthroughs. Khalid Sheikh Mohammed, the master planner of the September 11, 2001, attacks on New York and Washington, “got picked up by his cell phone,” Landau said. Many other criminal suspects have given themselves away through their metadata trails. In fact, Landau told me, metadata and other new surveillance tools have helped cut the average amount of time it takes the U.S. Marshals to capture a fugitive from forty-two days to two.
But with each technological breakthrough comes a break-in to realms previously thought private. “It’s really valuable for law enforcement, but we have to update the wiretap laws,” Landau said.
It was exactly these concerns that motivated the mathematician William Binney, a former N.S.A. official who spoke to me for the Drake story, to retire rather than keep working for an agency he suspected had begun to violate Americans’ fundamental privacy rights. After 9/11, Binney told me, as I reported in the piece, General Michael Hayden, who was then director of the N.S.A., “reassured everyone that the N.S.A. didn’t put out dragnets, and that was true. It had no need—it was getting every fish in the sea.”
Binney, who considered himself a conservative, feared that the N.S.A.’s data-mining program was so extensive that it could help “create an Orwellian state.”
As he told me at the time, wiretap surveillance requires trained human operators, but data mining is an automated process, which means that the entire country can be watched. Conceivably, the government could “monitor the Tea Party, or reporters, whatever group or organization you want to target,” he said. “It’s exactly what the Founding Fathers never wanted.”
Continued in post 4
Here's a great common sense overview of the whole thing from Brian Barret of Gizmodo:
What Is PRISM?

Last night, the Washington Post and Guardian dropped concurrent bombshell reports. Their subject was PRISM, a covert collaboration between the NSA, FBI, and nearly every tech company you rely on daily. PRISM has allowed the government unprecedented access to your personal information for at least the last six years. But what is it, exactly?
PRISM is a secret government program...

As much as PRISM might sound like a comic book antagonist of S.H.I.E.L.D., it's the codename for a very real US government program. According to leaked documents, it went into effect in 2007, and has only gained momentum since. Its stated purpose is to monitor potentially valuable foreign communications that might pass through US servers, but it appears that in practice its scope was far greater.
...that gives the NSA unprecedented access to the servers of major tech companies...

Microsoft. Yahoo. Google. Facebook. PalTalk. AOL. Skype. YouTube. Apple. If you've interacted with any of those companies in the last six years, that information is vulnerable under PRISM. But how?
The initial reports from last night suggested that the process worked as follows: The companies mentioned above (and who knows how many others) receive a directive from the attorney general and the director of national intelligence. They hand over access to their servers—and the tremendous wealth of data and communiques that passes through them every day—to the FBI’s Data Intercept Technology Unit, which in turn relays it to the NSA.
And that's when things get interesting. that the agency can spy on unwitting US citizens...

It seems impossible that the NSA, an agency which by law is only allowed to monitor foreign communications, has so much access to domestic information. And yet!
There are, as you might expect, filters in place to help handle the fire hose of data that comes through daily, the trillions of bits and bytes that make up our online identities and lives. Something to ensure that only the bad guys are being tracked and not honest, everyday citizens. Actually, there's one filter, and it's ridiculous: an NSA analyst has to have "51 percent" confidence that a subject is "foreign." After that, it's carte blanche.
That's it. That's the only filter. And it's an ineffective one, at that; the PowerPoint slides published by the post acknowledge that domestic citizens get caught in the web, but that it's "nothing to worry about."
...with with terrifying granularity...

It's something to worry about.
What's most troubling about PRISM isn't that it collects data. It's the type of data it collects. According to the Washington Post report, that includes:
…audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.​
Did you get all that? Similar depth of access applies to Facebook, Microsoft, and the rest. Just to be clear: this covers practically anything you've ever done online, up to and including Google searches as you type them.
...which is both different from and more aggressive than the Verizon scandal...

The news of PRISM broke soon after a separate report, about the NSA's having access to Verizon customer—and, according to an NBC report, everyone else's—phone logs. Surprisingly enough, this is a totally different program! And PRISM makes the Verizon thing look like an ACLU company picnic by comparison.
When the NSA monitors phone records, it reportedly only collects the metadata therein. That includes to and from whom the calls were made, where the calls came from, and other generalized info. Importantly, as far as we know, the actually content of the calls was off-limits.
By contrast, PRISM apparently allows full access not just to the fact that an email or chat was sent, but also the contents of those emails and chats. According to the Washington Post's source, they can "literally watch you as you type." They could be doing it right now.
...and has the full (but contested) cooperation of tech giants...

PRISM's first corporate partner was allegedly Microsoft, which according to the Post and Guardian signed on back in 2007. Other companies slowly joined, with Apple being the most recent enlistee. Twitter, it seems, has not complied.

But why would all of these companies agree to this? Mostly because they have no choice. Failure to hand over server data leaves them subject to a government lawsuit, which can be expensive and incredibly harmful in less quantifiable ways. Besides, they receive compensation for their services; they're not doing this out of charity. There is incentive to play ball.
Here's where things get a little complicated, though. Apple, Microsoft, Yahoo, and Google have all given full-throated denials of any involvement whatsoever. Most of them aren't just PR syntactical trickery, either; they are unequivocal.
...and which is, shockingly enough, totally legal.

What's most horrifying about PRISM might be that there's nothing technical illegal about it. The government has had this authority for years, and there's no sign that it's going to be revoked any time soon.
A little bit of history might be helpful for context. Back in 2007, mounting public pressure forced the Bush administration to abandon the warrantless surveillance program it had initiated in 2001. Well, abandon might be too strong a word. What the administration actually did was to find it a new home.
The Protect America Act of 2007 made it possible for targets to be electronically surveilled without a warrant if they were "reasonably believed" to be foreign. That's where that 51% comes in. It was followed by the 2008 FISA Amendments Act, which immunized companies from legal harm for collaborating handing information over to the government. And that's the one-two punch that gives PRISM full legal standing.
All of which is to say that PRISM is an awful violation of rights, but it's one that's not going to disappear any time soon. The government is so far completely unapologetic. And why wouldn't they be? It's easy enough to follow the letter of the law when you're the one writing it.

Continued in post 5
So the tech companies have all come out with flat-out denials:
PRISM scandal: tech giants flatly deny allowing NSA direct access to servers

Silicon Valley executives insist they did not know of secret PRISM program that grants access to emails and search history

Executives at several of the tech firms said they had never heard of PRISM until they were contacted by the Guardian
Two different versions of the PRISM scandal were emerging on Thursday with Silicon Valley executives denying all knowledge of the top secret program that gives the National Security Agency direct access to the internet giants' servers.
The eavesdropping program is detailed in the form of PowerPoint slides in a leaked NSA document, seen and authenticated by the Guardian, which states that it is based on "legally-compelled collection" but operates with the "assistance of communications providers in the US."
Each of the 41 slides in the document displays prominently the corporate logos of the tech companies claimed to be taking part in PRISM.
However, senior executives from the internet companies expressed surprise and shock and insisted that no direct access to servers had been offered to any government agency.
The top-secret NSA briefing presentation set out details of the PRISM program, which it said granted access to records such as emails, chat conversations, voice calls, documents and more. The presentation the listed dates when document collection began for each company, and said PRISM enabled "direct access from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple".
Senior officials with knowledge of the situation within the tech giants admitted to being confused by the NSA revelations, and said if such data collection was taking place, it was without companies' knowledge.
An Apple spokesman said: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order," he said.
Joe Sullivan, Facebook's chief security officer, said it did not provide government organisation with direct access to Facebook servers. "When Facebook is asked for data or information about specific individuals, we carefully scrutinise any such request for compliance with all applicable laws, and provide information only to the extent required by law."
A Google spokesman also said it did not provide officials with access to its servers. "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'backdoor' into our systems, but Google does not have a 'back door' for the government to access private user data."
Microsoft said it only turned over data when served with a court order: "We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it."
A Yahoo spokesman said: "Yahoo! takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.
Within the tech companies, and talking on off the record, executives said they had never even heard of PRISM until contacted by the Guardian. Executives said that they were regularly contacted by law officials and responded to all subpoenas but they denied ever having heard of a scheme like PRISM, an information programme internal the documents state has been running since 2007.
Executives said they were "confused" by the claims in the NSA document. "We operate under what we are required to do by law," said one. "We receive requests for information all the time. Say about a potential terrorist threat or after the Boston bombing. But we have systems in place for that." The executive claimed, as did others, that the most senior figures in their organisation had never heard of PRISM or any scheme like it.
The chief executive of transparency NGO Index on Censorship, Kirsty Hughes, remarked on Twitter that the contradiction seemed to leave two options: "Back door or front?" she posted.

But, as the comments in this Gawker article point out, these are mostly non-denial denials:
Back Door Access? Tech Giants Deny Knowledge of PRISM Spy Operation

You've never heard of the NSA's "PRISM" project, but it might know lots about you: according to a new report by the Washington… Read…
As the dust settles on yesterday evening's revelation that the U.S. government has been mining data from most of Silicon Valley's largest companies in a program called "PRISM," one question stands out: How did the NSA get access?
Apple, Google, Yahoo! and Microsoft, the largest companies involved in PRISM, the existence of which was revealed last night in a simultaneous Washington Post and Guardian scoop, have categorically denied knowledge of or participation in the program in a series of statements, while acknowledging that they do provide targeted access to the government when required to do so by law, generally according to court orders.
"We have never heard of PRISM," says Apple's spokesman. "If the government has a broader voluntary national security program to gather customer data we don't participate in it," says Microsoft's. "We do not provide the government with direct access to our servers, systems, or network," says Yahoo!'s. "Google does not have a 'back door' for the government to access private user data," says Google's.
Even unofficially, the tech companies seemed baffled by the allegations. The Guardian spoke with tech executives off the record, all of whom were "confused" by the documents published in the paper. None had ever heard of PRISM.

So what gives? Does the government have backdoor access so secret that not even their targets are aware? Are the tech companies lying? Or are they forbidden—as Verizon allegedly is with its NSA arrangement—from acknowledging its existence to an absurd extent?

The key comments:
A tipster wrote in with a theory on how PRISM might work that, on cursory examination at least, would be mostly consistent with the reporting on the story:
The NSA has collected the SSL root certificates from the various tech companies voluntarily.
Those certificates allow the NSA to decrypt internet traffic they collect through other means (e.g. a traffic splitter or, wait for it, prism) at a major US internet backbone.
They could have been siphoning that information from particular countries (identified by IP address) for years but, without the SSL keys of the various services, that data would have been useless.
Using the SSL keys they can decrypt data as it flows through in real-time.
This would match up with the statements by the tech companies, and would obviate the need for the NSA to make a copy of Facebook etc's data.
This is also the easiest, cheapest way to do this – and their Powerpoint slide says it only costs $20M annually.
Today 10:06am
That's an excellent theory, but a sort of dumbed down version of how it would work. It would take a few steps to be able to decrypt the data going back and forth.
So the way that SSL works is you contact a server requesting an SSL session. The server says "Sure, send me a shared secret key, encrypt it with this public key" and sends you a long number, the public key. This long number is public and anyone can know what it is. You generate a random number and encrypt it with the public key and send it back to the server. The method you use to encrypt the public key is special — it can only be decrypted by a single key, the private key that the server has and only the server knows (the Certificate Authority has it also). The server decrypts the shared key you send it and uses a different method of encryption, one that can use the same key to encrypt and decrypt message. You then use this key to continue the conversation.
There are additional safeguards in place here. First, the server's public key is matched up with a computer name or URL. Your computer checks it to make sure that it matches with what it expects, if it doesn't it gives you an error. Second, it has an expiration date. If the certificate is expired it gives you an error. Third, all certificates are issued by Certificate Authorities, you can make one for yourself if you want to! Your computer has a number of trusted certificate authorities built in (you can add more if you want, people won't have yours if you make one, so certificates you issue will receive errors until they're trusted), your computer will check the certificate chain of the public key to make sure that it trusts the certificate authorities that issued your certificate (and any intermediate certificate authorities in the chain). If it doesn't it gives you an error. It also checks the Certificate Revocation List to make sure that the server hasn't revoked the certificate for any reason. All of the certificates are signed, also, which means they have a hash attached to them that tells you if they were modified.
Now, assuming that the NSA hasn't figured out a back door to decrypting the shared key conversation (usually encrypted with AES or triple DES) the best way to intercept this conversation using the root certificates is to do a man-in-the-middle attack. It can do this by intercepting the initial communication from the server to you and sending it's own made-up public key to you. Since they own the root chain that issued the public cert they sent, you would trust the certificate and send the shared key back to the server. The NSA would act as a proxy, sending the traffic between you and the server.
Of course, this is all assuming everything Iknow about the public/private key exchange is sound and that there isn't a back door that would allow someone to discover the shared secret key at the beginning of the conversation. Today 11:39am

The NSA Director James Clapper came out with a denial, that any of this was even a problem:
How does the US government respond to allegations that the NSA records details about every telephone call in the United States, and has access to vast amounts of data from Google, Microsoft, Yahoo, Facebook, Apple and AOL servers? US National Intelligence director James Clapper has released two statements defending the data collection by suggesting that these actions are wholly legal, and that the government has many procedures in place limiting how the data can be accessed.
The full statements, which you can read here and here, primarily argue that this is all legal, its components are already signed into law, and that the programs can only target people who aren't US citizens or who are likely to be terrorists. With regards to phone records, Clapper claims that only metadata is collected, not the contents of telephone calls, and that government agencies are held responsible to a certain set of limitations by the Foreign Intelligence Surveillance Court:
By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. All information that is acquired under this program is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. Only specially cleared counterterrorism personnel specifically trained in the court-approved procedures may even access the records.​
The statements suggest that the government thinks it's okay to collect and retain a vast quantity of records about US citizens, so long as a secret court ensures that those US citizens aren't actually targeted.
"The collection is broad in scope because more narrow collection would limit our ability to screen."
Clapper seems to be missing the point on several counts, though. When you aggregate enough metadata in one place, it adds up to data, period. With the GPS location of an individual and a photo they've taken and the phone number of a person they're talking to, it's not difficult to get an idea of what they're doing. When you rely on a secret court to hold accountable an agency that works in secret, it's hard to trust that their agents are acting responsibly with regards to that data. And if your argument is that this is all legal, already approved by our representatives, then why is the American public so surprised that the government would be involved in such broad domestic surveillance?

And today, the President came out and "reassured" us that this wasn't a problem:
Obama's Weak Remarks on NSA Spy Programs Are Not at All Reassuring

This week, we learned that the NSA is engaged in a series of prodigious data-mining operations in concert with several huge communications and technology companies. Today, Obama addressed the news. He didn't make anyone feel better.
"I think it's important to understand that you can't have 100 percent security and then have 100 percent privacy and zero inconvenience," the president told reporters. And anyway, "nobody is listening to your phone calls." The collection of telephone call metadata by the NSA is just a "modest encroachment."
Never mind that there's still an enormous amount of information that can be gleaned from "metadata"—why are we supposed to take the president seriously on this issue? "I welcome this debate" on privacy and security, Obama says, but the debate Obama is intent on welcoming can't happen unless the government—all three branches—comes clean about the existence (and extent) of its surveillance program. "When you actually look at the details, I think we've struck the right balance," Obama insists. But we can't look at the details.
And we likely won't, especially when Obama, as he put it, doesn't "welcome leaks," and aggressively prosecutes leakers. Maybe this "debate" would be—as Obama says—"healthy for democracy" if we were having it, but we're not. And until we have the means to do so, our democracy doesn't look very healthy at all.

Continued in post 6
So its come out today that not only was the NSA spying on phone calls and telicommunications, but it was also spying on credit card transactions as well:


WASHINGTON—The National Security Agency's monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency's activities.

And the UK government has come out and said they were using the PRISM program as well:

UK gathering secret intelligence via covert NSA operation

Exclusive: UK security agency GCHQ gaining information from world's biggest internet firms through US-run Prism programme
Documents show GCHQ (above) has had access to the NSA's Prism programme since at least June 2010. Photograph: David Goddard/Getty Images
The UK's electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world's biggest internet companies through a covertly run operation set up by America's top spy agency, documents obtained by the Guardian reveal.
The documents show that GCHQ, based in Cheltenham, has had access to the system since at least June 2010, and generated 197 intelligence reports from it last year.
The US-run programme, called Prism, would appear to allow GCHQ to circumvent the formal legal process required to seek personal material such as emails, photos and videos from an internet company based outside the UK.
The use of Prism raises ethical and legal issues about such direct access to potentially millions of internet users, as well as questions about which British ministers knew of the programme.
In a statement to the Guardian, GCHQ, insisted it "takes its obligations under the law very seriously".
The details of GCHQ's use of Prism are set out in documents prepared for senior analysts working at America's National Security Agency, the biggest eavesdropping organisation in the world.
Dated April this year, the papers describe the remarkable scope of a previously undisclosed "snooping" operation which gave the NSA and the FBI easy access to the systems of nine of the world's biggest internet companies. The group includes Google, Facebook, Microsoft, Apple, Yahoo and Skype.
The documents, which appear in the form of a 41-page PowerPoint presentation, suggest the firms co-operated with the Prism programme. Technology companies denied knowledge of Prism, with Google insisting it "does not have a back door for the government to access private user data". But the companies acknowledged that they complied with legal orders.
The existence of Prism, though, is not in doubt.
Thanks to changes to US surveillance law introduced under President George W Bush and renewed under Barack Obama in December 2012, Prism was established in December 2007 to provide in-depth surveillance on live communications and stored information about foreigners overseas.
The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
The documents make clear the NSA has been able to obtain unilaterally both stored communications as well as real-time collection of raw data for the last six years, without the knowledge of users, who would assume their correspondence was private.
The NSA describes Prism as "one of the most valuable, unique and productive accesses" of intelligence, and boasts the service has been made available to spy organisations from other countries, including GCHQ.
It says the British agency generated 197 intelligence reports from Prism in the year to May 2012 – marking a 137% increase in the number of reports generated from the year before. Intelligence reports from GCHQ are normally passed to MI5 and MI6.
The documents underline that "special programmes for GCHQ exist for focused Prism processing", suggesting the agency has been able to receive material from a bespoke part of the programme to suit British interests.
Unless GCHQ has stopped using Prism, the agency has accessed information from the programme for at least three years. It is not mentioned in the latest report from the Interception of Communications Commissioner Office, which scrutinises the way the UK's three security agencies use the laws covering the interception and retention of data.
Asked to comment on its use of Prism, GCHQ said it "takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the intelligence and security committee".
The agency refused to be drawn on how long it had been using Prism, how many intelligence reports it had gleaned from it, or which ministers knew it was being used.
A GCHQ spokesperson added: "We do not comment on intelligence matters."
The existence and use of Prism reflects concern within the intelligence community about access it has to material held by internet service providers.
Many of the web giants are based in the US and are beyond the jurisdiction of British laws. Very often, the UK agencies have to go through a formal legal process to request information from service providers.
Because the UK has a mutual legal assistance treaty with America, GCHQ can make an application through the US department of justice, which will make the approach on its behalf.
Though the process is used extensively – almost 3,000 requests were made to Google alone last year – it is time consuming. Prism would appear to give GCHQ a chance to bypass the procedure.
In its statement about Prism, Google said it "cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data".
Several senior tech executives insisted they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a programme.
"If they are doing this, they are doing it without our knowledge," one said. An Apple spokesman said it had "never heard" of Prism.
In a statement confirming the existence of Prism, James Clapper, the director of national intelligence in the US, said: "Information collected under this programme is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats."
A senior US administration official said: "The programme is subject to oversight by the foreign intelligence surveillance court, the executive branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimise the acquisition, retention and dissemination of incidentally acquired information about US persons."

Continued in post 7
Here's a good post on Plantir, the Facebook-backed program that seems to be behind much of the NSA's tech in PRISM:
Is This Creepy Facebook-Friendly Startup Behind the NSA PRISM Program?

No one knows what Palantir—named after a magical rock in Lord of The Rings that granted remote vision—exactly does. But we know enough to know it's not just another California startup. The secretive data-mining company works directly with the American government, has a product named "Prism," and some very close ties to Facebook, one of the NSA's top targets.

You've never heard of the NSA's "PRISM" project, but it might know lots about you: according to a new report by the Washington… Read…
Palantir says it sells "software that allows organizations to make sense of massive amounts of disparate data," for purposes including "combating terrorism," and offers to bring "Silicon Valley to your doorstep." It's enjoyed early investments from the CIA, which might have something to do with its current napkin-valuation of around $5 billion, and now employs former top spooks like Michael Leiter. Palantir also happens to sell software called "Prism," which shares its namesake with an NSA spy program that also aims to bring Silicon Valley to snoop doorsteps around the Beltway. Palantir's Prism, according to a handy user manual published on TPM, "is a software component that lets you quickly integrate external databases"—exactly the kind of action that the NSA allegedly makes use of to suck up your Facebook browsing, Gmail inbox, and Google searches in realtime.

Coincidentally (!), the government loves Palantir, and spends millions to use its software, according to federal contract data. The Department of Defense—which operates the NSA—has been pumping money into Palantir from 2009 to as recently as spring of this year. It's also something of an eyebrow-moving coincidence that 2009 marked the first year of Facebook's alleged participation in the NSA data-mill. Facebook and Palantir know each other.

Last night, the Washington Post and Guardian dropped concurrent bombshell reports. Their subject was PRISM, a covert collaboration between the NSA,… Read…
Facebook, which used to be a neighbor—directly across the street—from Palantir, at 156 University Avenue in Palo Alto. Peter Thiel, who sits on Facebook's board of directors and has mentored Mark Zuckerberg for close to a decade, is a co-founder of Palantir—though that detail is omitted from his bio on the board's website. And as Facebook has spread into the brains of a billion users and completely saturated the United States, it's become one of the NSA's top targets via PRISM: Federal spies have “continued exponential growth in [surveillance] tasking to Facebook," says the Washington Post, and federal intel analysts enjoy "extensive search and surveillance capabilities against the variety of online social networking services.”
It'd make sense for the Feds to outsource a sinister program like PRISM to a relatively unknown entity like Palantir. Private sector contracts are cheaper than building your own from scratch. Paying Palantir would also give every single PR rep in tech an easy out: No, we don't work with the government [because we work with Palantir].
So of course, Facebook denies any governmental conspiring, because, what else would it possibly say? It's not like any of the people in a position to talk to press would even have been briefed on something so ostensibly nefarious. It goes without saying that Palantir won't say anything either—nor do these dots connect to anything definitive. But when the biggest social network is accused of lazing in bed with the NSA, we shouldn't be entirely surprised: Facebook, the largest social network in the history of such things, is already friendly with one of the most sophisticated, shadowy private spying efforts in the history of the world.
Maybe Prism isn't PRISM. But Facebook's high council is A-OK with spies—and the company that does it best is right in their backyard.

Edit: More on Plantir from TPM (apparently the original source):
Josh Marshall June 7, 2013, 7:57 AM
I want to stress this is a reader email, not TPM reporting. But I’m sharing it because after reading it through and doing some googling of my own there’s little doubt that Palantir is doing stuff like what the government is doing with those tech companies, even if they’re not part of ‘prism’ itself. Give this a read.
From an anonymous reader …
I don’t see anyone out there with this theory, and TPM is my favorite news source, so here goes:
“PRISM” is the government’s name for a program that uses technology from Palantir. Palantir is a Silicon Valley start-up that’s now valued at well over $1B, that focuses on data analysis for the government. Here’s how Palantir describes themselves:​
“We build software that allows organizations to make sense of massive amounts of disparate data. We solve the technical problems, so they can solve the human ones. Combating terrorism. Prosecuting crimes. Fighting fraud. Eliminating waste. From Silicon Valley to your doorstep, we deploy our data fusion platforms against the hardest problems we can find, wherever we are needed most.”
They’re generally not public about who their clients are, but their first client was famously the CIA, who is also an early investor.
With my theory in mind, re-read the denials from the tech companies in the WSJ (emphasis mine):
Apple: “We do not provide any government agency with direct access to our servers…”
Google: “… does not have a ‘back door’ for the government to access private user data…”
Facebook: “… not provide any government organization with direct access to Facebook servers…”
Yahoo: “We do not provide the government with direct access to our servers, systems, or network…”

These denials could all still be technically true if the government is accessing the data through a government contractor, such as Palantir, rather than having direct access.
I just did a quick Google search of “Palantir PRISM” to see if anyone else had this theory, and the top results were these pages:
Apparently, Palantir has a software package called “Prism”: “Prism is a software component that lets you quickly integrate external databases into Palantir.” That sounds like exactly the tool you’d want if you were trying to find patterns in data from multiple companies.
So the obvious follow-up questions are of the “am I right?” variety, but if I am, here’s what I really want to know: which Palantir clients have access to this data? Just CIA & NSA? FBI? What about municipalities, such as the NYC police department? What about the governments of other countries?
What do you think?
FWIW, I know a guy who works at Palantir. I asked him what he/they did once, and he was more secretive than my friends at Apple.
PS, please don’t use my name if you decide to publish any of this — it’s a small town/industry. Let them Prism me instead.​
Late Update: Another reader notes that Bridgewater Associates LLP, one of the largest hedge funds in the world, is also a major client of Palantir, which appears to be confirmed by many press reports.
Later Update: Here’s a video of Alexander Karp, CEO of Palantir, describing what the company does …
Yet More Update: For yet more of a sense of what Palantir does for the US government, here’s a hypothetical of what they make possible for counter-terrorism analysts in the US intel committee, as described in a 2011 article in Bloomberg …
In October, a foreign national named Mike Fikri purchased a one-way plane ticket from Cairo to Miami, where he rented a condo. Over the previous few weeks, he’d made a number of large withdrawals from a Russian bank account and placed repeated calls to a few people in Syria. More recently, he rented a truck, drove to Orlando, and visited Walt Disney World by himself. As numerous security videos indicate, he did not frolic at the happiest place on earth. He spent his day taking pictures of crowded plazas and gate areas.
None of Fikri’s individual actions would raise suspicions. Lots of people rent trucks or have relations in Syria, and no doubt there are harmless eccentrics out there fascinated by amusement park infrastructure. Taken together, though, they suggested that Fikri was up to something. And yet, until about four years ago, his pre-attack prep work would have gone unnoticed. A CIA analyst might have flagged the plane ticket purchase; an FBI agent might have seen the bank transfers. But there was nothing to connect the two. Lucky for counterterror agents, not to mention tourists in Orlando, the government now has software made by Palantir Technologies, a Silicon Valley company that’s become the darling of the intelligence and law enforcement communities.
The day Fikri drives to Orlando, he gets a speeding ticket, which triggers an alert in the CIA’s Palantir system. An analyst types Fikri’s name into a search box and up pops a wealth of information pulled from every database at the government’s disposal. There’s fingerprint and DNA evidence for Fikri gathered by a CIA operative in Cairo; video of him going to an ATM in Miami; shots of his rental truck’s license plate at a tollbooth; phone records; and a map pinpointing his movements across the globe. All this information is then displayed on a clearly designed graphical interface that looks like something Tom Cruise would use in a Mission: Impossible movie.
As the CIA analyst starts poking around on Fikri’s file inside of Palantir, a story emerges. A mouse click shows that Fikri has wired money to the people he had been calling in Syria. Another click brings up CIA field reports on the Syrians and reveals they have been under investigation for suspicious behavior and meeting together every day over the past two weeks. Click: The Syrians bought plane tickets to Miami one day after receiving the money from Fikri. To aid even the dullest analyst, the software brings up a map that has a pulsing red light tracing the flow of money from Cairo and Syria to Fikri’s Miami condo. That provides local cops with the last piece of information they need to move in on their prey before he strikes.

And here's an interesting article by Carl Franzen of The Verge on what could be done (and is attempting to be done) to stop this:
Secret NSA spying: how can it be stopped?
  • by Carl Franzen
  • June 6, 2013
The US National Security Agency (NSA) and Federal Bureau of Investigation (FBI) have been secretly spying on millions of Verizon wireless customers in the US for at least several months — and likely more companies’ customers for longer, going back seven years. The revelation, detailed in a classified court document published yesterday in The Guardian by journalist Glenn Greenwald, has sparked outrage among citizens and civil rights advocacy groups. On Thursday evening, The Washington Post broke the news that the NSA and FBI had also been spying on customers of some of the largest technology companies, including Google, Microsoft, and Apple, in realtime, also for years.
The reports have raised serious questions about the scope of the surveillance powers granted to US intelligence agencies following the September 11th, 2001 terror attacks. Namely: how long has the US government been doing this? How many ordinary citizens have been surveilled? And, perhaps most important: why didn’t the American people know anything about these efforts until now, and what should be done to curtail them going forward? When it comes to the spying on phone records at least, there are a few answers, none of them comforting.

"We have reports dating back to 2006 that this was taking place," said Amie Stopanovich, director of domestic surveillance review at the Electronic Privacy Information Center (EPIC), a nonprofit advocacy group dedicated to protecting user privacy. She pointed to an article published by USA Today that year that was widely circulated Wednesday on social media after Greenwald’s story broke. Citing anonymous sources, the 2006 piece describes an NSA surveillance program covering "tens of millions" of American customers of Verizon, AT&T, and BellSouth, a company acquired by AT&T later that year. "When that story broke, a lot of people looked at it and said ‘okay, well you can’t prove it, there’s not that much information here" Stopanovich said. "But fast forward to 2013, it turns out, that report was basically correct."
What we know

Indeed, Senator Diane Feinstein (D-CA), Chair of the Senate Intelligence Committee, openly acknowledged the program for the first time on Thursday, but downplayed it as business-as-usual. Feinstein said it was "lawful," and had been renewed every three months for the past seven years. She was just one of several prominent lawmakers who admittedly knew about and signed off on the effort, without disclosing the full details to constituents until now.
requires Verizon to turn over all metadata
What had been missing from the original 2006 USA Today story, and likely the reason it didn’t gain more traction at the time, was a trail of documents — specifically a court order authorizing the surveillance operation described in the story. Greenwald obtained such an order, signed by US Judge Roger Vinson, which was requested by the FBI and which requires Verizon to turn over all metadata on its customers’ telephone calls to the NSA beginning April 25th and going through July 19th of this year. Considering the apparent longstanding history of this program and its support from some Congressional leaders, there’s every reason to expect it will be again renewed by the court for another three months before it expires, ad infinitum.

That customer metadata doesn’t include voice recordings or the contents of the calls themselves, but it does sweep in many other identifying and revealing details about customers and their communications, including phone numbers of callers, their device ID numbers (IMEI), subscriber IDs, calling card numbers, and the length and dates of the calls. The "top secret" order, which was not supposed to be made public until 2038, was issued through a Foreign Intelligence Surveillance Court (FISC), a special type of US court whose proceedings are classified, and which was first set up under the Foreign Intelligence Surveillance Act of 1978 (FISA).
"requesting production of any tangible thing, such as business records, if the items are relevant."
That law was passed initially to allow US intelligence agencies to spy on foreign communications, while restricting their surveillance of people inside the US. But FISA was amended by the controversial PATRIOT Act of 2001, passed right after the September 11th, 2011 terror attacks, to allow intelligence agencies to obtain secret court orders like the one delivered to Verizon. Such orders can be issued "requesting production of any tangible thing, such as business records, if the items are relevant to an ongoing authorized national security investigation," as the Bush Administration described them when defending the amendments back in 2005. The specific section of the PATRIOT Act allowing these orders was 215, so the orders have become known as "215 orders."
"Hopefully, this will cause a new push for Congressional oversight of these 215 orders," Stepanovich told The Verge. "We still don’t know how this section is being interpreted by courts, because their proceedings are secret. It’s never been revealed what the NSA believes it can do under this order."
What can be done about it

"There are three ways this could stop," said Cindy Cohn, a legal director at the Electronic Frontier Foundation, an advocacy group focusing on the rights of internet and electronic device users. "The executive branch could say ‘we’re done, we’re stopping this.’ Congress could make them stop one way or another, either by passing a law against it or defunding it. Or the third way is for the courts to issue an order saying this is illegal or unconstitutional."
But Congress is not showing anything close to the near-uniform outrage that advocates and citizens have expressed toward the surveillance program. On the contrary, lawmakers appear — not atypically — fiercely divided on the question of whether such broad surveillance efforts are deplorable invasions of privacy, or necessary tools for thwarting terror.
Several lawmakers did take strong stances against the Verizon surveillance effort. "Seizing phone records of millions of innocent people is excessive and un-American," wrote Rep. Jim Sensenbrenner (R-WI), one of the coauthors of the original PATRIOT Act, in a press statement released Thursday. "The National Security Agency's seizure and surveillance of virtually all of Verizon's phone customers is an astounding assault on the Constitution," wrote Senator Rand Paul (R-KY) in his response. Lawmakers on the Senate Judiciary and House Judiciary committees said Thursday they would launch hearings into the phone surveillance program.

But other lawmakers, in keeping with Senator Feinstein’s stance, defended the effort. House Intelligence Committee Chair Rep. Mike Rogers (R-MI), author of the controversial cybersecurity bill CISPA, went even further, saying, "within the last few years, this program was used to stop a terrorist attack in the United States," but declined to provide further specifics, saying he was working to get them unclassified.
"If the government can make the case to the American people that spying on everyone helps them find the 0.0001 percent of people who are involved in terrorist activity, then I welcome them to do that," Cohen said. "Put up or shut up."
What could happen next

Still, the Electronic Frontier Foundation is not waiting around for Congress to take action. It’s taking the third route to end surveillance — the courts. In fact, on this issue the EFF has been ahead of the curve for many years, filing a lawsuit against AT&T in federal court in 2006 based on preliminary data indicating a mass phone surveillance effort. That was months before the USA Today story was published. The lawsuit has suffered numerous setbacks and was eventually dismissed outright in 2008, after Congress granted retroactive immunity to phone companies allowing wireless wiretapping of customers under FISA. But it survives today in the form of another ongoing lawsuit against the NSA itself, this one in a California federal district court.
"We’re waiting for the judge’s decision," Cohen told The Verge, noting that EFF would bring the recent Verizon surveillance order to the judge’s attention. "Hopefully the court will issue an injunction to stop the program." Even if that happens, surveillance won’t stop right away, as the US government will have a chance to appeal the ruling. "It may go all the way to the Supreme Court," Cohen said. "The American people deserve their day in court."

So for now at least, the answers to the "who", "what" and "why" behind the FBI's and NSA’s newly-revealed Verizon surveillance operation remain largely shrouded in secrecy. It’s highly unlikely the executive branch, which has been authorizing such activities for the entirety of Obama’s terms and his predecessor’s, will suddenly pull the plug. And it’s unclear that there are enough willing lawmakers in Congress to exercise their oversight authority to stop it, or to bring further details to light. That leaves the EFF’s lawsuit and others like it to try and halt mass surveillance, or at least, shed more light on it.

Continued in post 8
Interesting how this is annoying some people:
Which Gawker Advertisers Are "Sensitive" About the NSA's Panopticon?
The PRISM revelations continue to reverberate throughout the online world, reaching down into the bowels of Gawker Media's ad-slingers.

And an interesting viewpoint on the tran-national business relations at play here:
The legal and policy arguments around the PRISM program through which the NSA snoops into the data stream of major American high-tech companies are primarily going to focus on the treatment of American residents and citizens. There doesn't really appear to be much in the way of a debate as to whether it's legal or appropriate to be spying on foreigners without warrants or probable cause.
Which is perhaps fine as a matter of constitutional law, but I wonder about it as a matter of business practice. We've had some disputes in the United States about firms using Huwaei's networking equipment in the telecommunications space. The issue is that Huwaei is a Chinese firm with ties to the Chinese state, so people raise the worry that there's a national security risk in using them for network infrastructure. And, of course, whatever legitimate concerns there are about this are politically amplified by the fact that Huwaei's competitors would like to block them from doing business. So now imagine a foreign country deciding that it's maybe not such a great idea for all its citizens' Web search and webmail traffic to be surveilled by the American government via Google, Microsoft, Yahoo, and AOL along the same principles. Bad, right?
Maybe the most dramatic example here is Google's new Glass product. Right off the bat a number of people have raised concerns about the privacy issues implied by the use of heads-up displays.
But Google Glass + NSA PRISM essentially amounts to a vision in which a foreign country is suddenly going to be flooded with American spy cameras. It seems easy to imagine any number of foreign governments having a problem with that idea. More broadly, Google is already facing a variety of anti-trust issues in Europe, where basic economic nationalism is mixing with competition policy concerns. Basically, various European mapping and comparison and shopping firms don't want to be crushed by Google, and European officials are naturally sympathetic to the idea of not letting local firms be crushed by California-based ones. There is legitimate concern that U.S. tech companies are essentially a giant periscope for American intelligence agencies and seem like they'd be a very powerful new weapon in the hands of European companies that want to persuade EU authorities to shackle American firms. Imagine if it had come out in the 1980s that Japanese intelligence agencies were tracking the location of ever Toyota and Honda vehicle, and then the big response from the Japanese government was to reassure people that Japanese citizens weren't being spied upon this way. There would have been—legitimately—massive political pressure to get Japanese cars out of foreign markets.
The intelligence community obviously views America's dominance in the high-tech sector as a strategic asset that should be exploited in its own quest for universal knowledge. But American dominance in the high-tech sector is first and foremost a source of national economic advantage, one that could be undone by excessive security involvement.
This is a great rundown on the President's completely bullshit talking points during the press conference today:
Here’s what the White House has offered as talking points to defend collecting (DiFi has confirmed) all the call data from all Americans since 2006. Interspersed is my commentary.
The article discusses what purports to be an order issued by the Foreign Intelligence Surveillance Court under a provision of the Foreign Intelligence Surveillance Act that authorizes the production of business records. Orders of the FISA Court are classified.​
As they’ve done with drone strikes and, especially, WikiLeaks cables before, the Administration refuses to confirm that this is, in fact, what several members of Congress have made it clear it is: an authentic FISA Order that (as Dianne Feinstein revealed) is just the quarterly renewal of a program that goes back to the PATRIOT Act renewal in March 2006.
In other words, with its “talking points,” the Administration is recommitting to keeping this program legally secret, even though it’s not secret.
Everything that say after they set up that information asymmetry should be regarded with the knowledge that the White House refuses to permit you to check its claims.
The talking points go on.
On its face, the order reprinted in the article does not allow the Government to listen in on anyone’s telephone calls. The information acquired does not include the content of any communications or the name of any subscriber. It relates exclusively to metadata, such as a telephone number or the length of a call.​
Here, the White House does two things. With its “exclusively metadata” comment, it tries to minimize how much metadata really provides. Here’s how Shane Harris, in a superb explainer, describes what metadata can really provide.
What can you learn with metadata but no content?
A lot. In fact, telephone metadata can be more useful than the words spoken on the phone call. Starting with just one target’s phone number, analysts construct a social network. They can see who the target talks to most often. They can discern if he’s trying to obscure who he knows in the way he makes a call; the target calls one number, say, hangs up, and then within second someone calls the target from a different number. With metadata, you can also determine someone’s location, both through physical landlines or, more often, by collecting cell phone tower data to locate and track him. Metadata is also useful for trying to track suspects that use multiple phones or disposable phones. For more on how instructive metadata can be, read this.​
Note the White House fails to mention the forms of some metadata, such as geolocation, that are particularly invasive.
But the other thing this White House bullshit talking point does is precisely the same thing the Bush White House did when, in 2005 after James Risen and Eric Lichtblau exposed the illegal wiretap program, it dubbed a subpart of the program the Terrorist Surveillance Program and talked about how innocuous it was taken in solitary. The White House is segregating one part of the government’s interdependent surveillance system and preening about how harmless that isolated part is in isolation.
What the White House doesn’t mention is how the government uses this data, among other ways, to identify possible terrorists who they can conduct more investigation of, including accessing their content using this data mining to establish probable cause.
What the White House is trying to hide, in other words, is that this collection is part of a massive collection program that uses algorithms and other data analysis to invent people to investigate as terrorists.
And then the bullshit White House talking points contradict themselves.
Information of the sort described in the Guardian article has been a critical tool in protecting the nation from terrorist threats to the United States, as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.​
Wait, what? Just one talking point ago, the White House told us that, “The information acquired does not include the content of any communications or the name of any subscriber.” But here we are, a mere talking point later, and the White House is claiming that it is used to discover whether known terrorists are in contact with other persons? Uh, so it does involve the known identities of both existing suspects and those gleaned from this massive collection of data, huh?
But don’t worry. Because a court has rubber stamped this.
As we have publicly stated before, all three branches of government are involved in reviewing and authorizing intelligence collection under the Foreign Intelligence Surveillance Act. Congress passed that act and is regularly and fully briefed on how it is used, and the Foreign Intelligence Surveillance Court authorizes such collection.​
How does the separation of powers work again? Congress passes the law, the Executive enforces the law, and Courts review the law?
Only, in its bold claim that all three branches of government support this, the Court’s role is to “authorize such collection.” There’s a reason for that word, authorize. The only thing the courts are permitted to review are whether the government has provided,
(A) a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain to—
(i) a foreign power or an agent of a foreign power;
(ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or
(iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation; and
(B) an enumeration of the minimization procedures adopted by the Attorney General under subsection (g) that are applicable to the retention and dissemination by the Federal Bureau of Investigation of any tangible things to be made available to the Federal Bureau of Investigation based on the order requested in such application.​
That is, the government just has to make a “reasonable” argument that this stuff is “relevant” to an investigation geared toward protecting against international terror or foreign clandestine activities. And if they can point to any number of foreign types (a foreign power, a suspected agent of a foreign power, or someone in contact with a suspected agent of a foreign power), the judge is instructed to presume it is related even if that seems like a stretch.
This is not a robust review of the claims the government is making. On the contrary, it is designed not to be a robust review of those claims.
Which brings us to Congress, that other branch the White House touts. It is utterly and embarrassingly true that they have repeatedly bought off on this, even if James Sensenbrenner, among others, is suckering journalists claiming that he didn’t. Indeed, oversight committees shot down efforts to limit Section 215 orders to people who actually had a tie to a suspected terrorist or foreign spy in 2006, 2009, and 2011. Such language was shot down each time. So, too, were efforts in 2011 and 2012 to reveal what was really going on in Section 215 collection; oversight committees shot that down too.
So here, in a rarity for national security overreach, the White House is absolutely right. Congress repeatedly bought off on this program, including its unbelievably broad standard for “relevance.”
Except … except … when Ron Wyden tried to get the government to tell him how many Americans’ records had been reviewed (by using this front-end collection to identify the back-end collection) the Inspectors General in question professed to be helpless to do that (later hints suggested they had done that study, but refused to share it with the Intelligence Committees).
So while it is true that Congress, with a few exceptions, have been completely complicit in this, it is also true that the Executive Branch has withheld the information Congress needs to understand what is happening with US person data.
I wonder why?
Never you worry, though, because it’s all constitutional.
There is a robust legal regime in place governing all activities conducted pursuant to the Foreign Intelligence Surveillance Act. That regime has been briefed to and approved by the Court.
Activities authorized under the Act are subject to strict controls and procedures under oversight of the Department of Justice, the Office of the Director of National Intelligence and the FISA Court, to ensure that they comply with the Constitution and laws of the United States and appropriately protect privacy and civil liberties.​
Don’t worry, the White House concludes. The legal review designed not to be robust is robust.
And to be fair, the FISA Court has, on at least one occasion, told the Administration they were violating the Fourth Amendment. Though apparently DOJ and ODNI thought this Fourth Amendment violative collection was kosher, as they had to be slapped down by the court, so I’m not sure what purpose their purported oversight serves.
But as I pointed out this morning, there’s a flaw to this argument that is grounded in the Administration’s refusal to admit this is a real FISA Court order.
The government, over and over and over and over, assures us this is all very Constitutional. Even while the government, over and over and over and over, goes to great lengths to ensure citizens don’t learn how they’re being surveilled, which would (in addition to pissing them off) give them the ability to sue.
Until the Americans who have been surveilled are permitted to challenge this in a court — precisely what the government has gone to great lengths to prevent — White House claims to constitutionality ring hollow.
The government doesn’t have the confidence to let us test these claims in court. That ought to tell you what they really think about its constitutionality.

And here's a good editorial from The Verge on how this problem equates to Obama's transparency problem:

The NSA surveillance problem is Obama's transparency problem

If you can read this, thank a whistleblower
By Joshua Kopstein on June 7, 2013

There’s been a recurring motif under the Obama administration these past few years: things that once seemed like paranoid conspiracy theories have been turning out to be true.
Last year, it was revealed that the FBI ran a sweeping surveillance campaign targeting Occupy Wall Street. Then we saw leaked memos showing how the Department of Justice had spied on AP reporters and broadly re-interpreted the word "imminent" to justify drone strikes on American citizens. And now, documents obtained by The Guardian have confirmed long-held suspicions that the National Security Agency is conducting secret surveillance on millions of American wireless subscribers and accessing online communications on popular web services like Google, Facebook, and Skype.
The secret programs are just a few components in a complex surveillance regime that has been expanding ever since 9/11. One thing should now be absolutely clear: the US government’s national security apparatus is completely out of control, and Congress has been asleep at the wheel. But it's not just surveillance that's the problem — it's the administration's utter lack of transparency, and its unending obsession with prosecuting those responsible for exposing government abuses.
Welcome to the surveillance state

The tip of the iceberg was the leak of a top-secret order issued in April by a FISA surveillance court which compelled Verizon to provide the phone records and other "telephony metadata" of all its customers on an "ongoing, daily basis" to the NSA. The contents of conversations are not included in the collection, but the data byproducts of using Verizon's service are — that includes call records (participants, timestamps, call durations) as well as geolocation data produced when mobile phones connect to cell towers.
The order also bars the company from ever acknowledging its existence, and it seems clear that Verizon is not the only carrier which has been ordered to do so.

In 2006, Mark Klein exposed a secret room at an AT&T switching facility which routes network traffic to the NSA
I've written before on why unfettered access to metadata is just as dangerous as content — it allows the government to construct vivid portraits of peoples' associations, personal relationships, and physical movements. But what's amazing is that none of this is new. The leaked court order has simply confirmed what ex-NSA agents, civil rights and privacy groups, and even members of Congress have been warning about for years: that the US government has normalized the indiscriminate collection of millions of Americans' private communications records without any suspicion of wrongdoing.
FISA courts "did not deny any applications in whole, or in part" in 2011 or 2012
The leak isn't just notable for the information it reveals. It also highlights the extreme secrecy that enshrouds the national security apparatus and makes this kind of domestic spying possible. At the heart of that secrecy are FISA courts, the clandestine intelligence tribunals set up under the Foreign Intelligence Surveillance Act (FISA) which authorize government agency requests to conduct surveillance on both foreign targets and American citizens. Each request is handled by one of eleven Washington, DC, judges, whose rulings are highly classified and almost never published.
What we do know about FISA courts is that they're basically rubber-stamp courts: of the 1,789 surveillance requests issued in 2012, the courts "did not deny any applications in whole, or in part." The same thing happened to all 1,676 surveillance requests that came to the court in 2011. Simply put, FISA courts are just bureaucratic ornamentation with no external oversight apart from the occasional glance from members of select intelligence committees, who are forbidden from discussing anything they see.
"Americans would be stunned"

Ron Wyden (D-OR) and Mark Udall (D-CO), both members of the Senate's Intelligence Committee, have warned about this multiple times. In March of 2012, the duo wrote in a letter to Attorney General Eric Holder that "most Americans would be stunned to learn the details" of how surveillance law is actually applied.
They were referring to the controversial implementation of Section 215 of the Patriot Act, which allows surveillance orders to target anyone as long as it is "relevant to a national security investigation," and which the government has revealed is radically reinterpreted in secret by the FISA courts.
What that means is that there are effectively two versions of the law: the actual law as we know it, and a secret interpretation the FISA courts use to authorize surveillance. This is antithetical to a democratic system of government, which depends on the public being privy to how the law is applied.
"Seizing phone records of millions of innocent people is excessive and un-American."
As the Verizon order shows, the government is using its hidden interpretations of Section 215 to give carte blanche spying powers to the NSA on an ongoing basis. An anonymous White House official has defended the practice, calling the surveillance a "critical tool in protecting the nation from terrorist threats to the United States." But even the author of the Patriot Act, Jim Sensenbrenner, says he is "extremely troubled" by the way the law is being used, arguing yesterday that "seizing phone records of millions of innocent people is excessive and un-American."
What’s worse is that Congress has voted for this — multiple times. Last December, the FISA Amendments Act, which vastly expands the Patriot Act's surveillance powers, was re-authorized for the second time since 2004. Some senators — like Patrick Leahy (D-VT), Mark Udall (D-CO), and Rand Paul (R-KY) — proposed a number of modest amendments that would have given Congress increased oversight over the FISA courts.
All of those proposals were shot down, and the NSA's surveillance powers were extended until 2017.
What's more, no court has even had a chance to rule on whether the surveillance is constitutional. Last year, a congressional investigation revealed documents from the office of the Director of National Intelligence showing that NSA surveillance had violated the Constitution "on at least one occasion." But in cases such as Clapper v. Amnesty and Jewel v. NSA, the government has repeatedly asserted its "state secrets" privilege, blocking the lawsuits and thus preventing a constitutional ruling.
War on whistleblowers

It should be no surprise that almost everything that we currently know about government surveillance — from the FBI's use of unconstitutional National Security Letters to the NSA's ongoing surveillance of phone records — has come not from congressional vigilance or the courts, but from leakers and whistleblowers.
Leaks like the ones obtained by The Guardian this week don't just happen — they're a moral response that occurs under a climate of extreme state secrecy and overclassification. That's what makes it particularly disturbing that Obama’s response has been to prosecute more leakers under the Espionage Act than all previous administrations combined.
Obama in 2007, campaigning against Bush-era surveillance policies which he later adopted and expanded
That obsessive crackdown has targeted and tortured PFC Bradley Manning, currently facing life in prison for leaking documents that revealed the full extent of the US wars in Iraq and Afghanistan; it's the same crackdown that imprisoned former CIA analyst John Kiriakou for exposing the Bush-era torture program, while the person responsible for the actual torture got a free pass; it's what caused AP reporters to be caught in a surveillance dragnet during a Department of Justice investigation into a national security leak last year; and it's what led James Rosen, a Fox News journalist, to be labeled a "co-conspirator" during an DOJ investigation into the low-level leak of a CIA analysis on North Korean nuclear capabilities.
The root of the NSA surveillance problem isn't just about surveillance — it's a transparency problem, and like we saw with Verizon, we need leakers and whistleblowers to help solve it. Obama's defense has been to pass the blame on to Congress, and he's partly correct — they can help by repealing section 215 of the Patriot Act. But without a major policy reversal from the self-designated "Most Transparent Administration in History," a climate of secrecy persists where those on the inside must offset the law's lack of oversight.
A good piece from the NYT on the tech companies methods of letting the NSA in, while still denying letting them in:
Tech Companies Concede to Surveillance Program

A Google data center in Council Bluffs, Iowa. Google says it scrutinizes each government request and notifies users if it is allowed.
When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit.
Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so.
The negotiations shed a light on how Internet companies, increasingly at the center of people’s personal lives, interact with the spy agencies that look to their vast trove of information — e-mails, videos, online chats, photos and search queries — for intelligence. They illustrate how intricately the government and tech companies work together, and the depth of their behind-the-scenes transactions.
The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; Facebook; AOL; Apple; and Paltalk, according to one of the people briefed on the discussions. The companies were legally required to share the data under the Foreign Intelligence Surveillance Act. People briefed on the discussions spoke on the condition of anonymity because they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence.
In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.
The negotiations have continued in recent months, as Martin E. Dempsey, chairman of the Joint Chiefs of Staff, traveled to Silicon Valley to meet with executives including those at Facebook, Microsoft, Google and Intel. Though the official purpose of those meetings was to discuss the future of the Internet, the conversations also touched on how the companies would collaborate with the government in its intelligence-gathering efforts, said a person who attended.
While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not, which is why Twitter could decline to do so.
Details on the discussions help explain the disparity between initial descriptions of the government program and the companies’ responses.
Each of the nine companies said it had no knowledge of a government program providing officials with access to its servers, and drew a bright line between giving the government wholesale access to its servers to collect user data and giving them specific data in response to individual court orders. Each said it did not provide the government with full, indiscriminate access to its servers.
The companies said they do, however, comply with individual court orders, including under FISA. The negotiations, and the technical systems for sharing data with the government, fit in that category because they involve access to data under individual FISA requests. And in some cases, the data is transmitted to the government electronically, using a company’s servers.
“The U.S. government does not have direct access or a ‘back door’ to the information stored in our data centers,” Google’s chief executive, Larry Page, and its chief legal officer, David Drummond, said in a statement on Friday. “We provide user data to governments only in accordance with the law.”
Statements from Microsoft, Yahoo, Facebook, Apple, AOL and Paltalk made the same distinction.
But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.
The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.
Tech companies might have also denied knowledge of the full scope of cooperation with national security officials because employees whose job it is to comply with FISA requests are not allowed to discuss the details even with others at the company, and in some cases have national security clearance, according to both a former senior government official and a lawyer representing a technology company.

FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.
In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.
In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.
Twitter spokesmen did not respond to questions about the government requests, but said in general of the company’s philosophy toward information requests: Users “have a right to fight invalid government requests, and we stand with them in that fight.”
Twitter, Google and other companies have typically fought aggressively against requests they believe reach too far. Google, Microsoft and Twitter publish transparency reports detailing government requests for information, but these reports do not include FISA requests because they are not allowed to acknowledge them.
Yet since tech companies’ cooperation with the government was revealed Thursday, tech executives have been performing a familiar dance, expressing outrage at the extent of the government’s power to access personal data and calling for more transparency, while at the same time heaping praise upon the president as he visited Silicon Valley.
Even as the White House scrambled to defend its online surveillance, President Obama was mingling with donors at the Silicon Valley home of Mike McCue, Flipboard’s chief, eating dinner at the opulent home of Vinod Khosla, the venture capitalist, and cracking jokes about Mr. Khosla’s big, shaggy dogs.
On Friday, Mark Zuckerberg, Facebook’s chief executive, posted on Facebook a call for more government transparency. “It’s the only way to protect everyone’s civil liberties and create the safe and free society we all want over the long term,” he wrote.
Wow, here's a timeline from ProPublica on the survaliance state, going all the way back to 78', when the survailence court was created. Very interesting stuff:
Mass Surveillance in America: A Timeline of Loosening Laws and Practices
Mass Surveillance in America: A Timeline of Loosening Laws and Practices

by Cora Currier, Justin Elliott and Theodoric Meyer
ProPublica, June. 7, 2013
On Wednesday, the Guardian published a secret court order requiring Verizon to hand over data for all the calls made on its network on an “ongoing, daily basis.” Other revelations about surveillance of phone and digital communications have followed.
That the National Security Agency has engaged in such activity isn’t entirely new: Since 9/11, we've learned about large-scale surveillance by the spy agency from a patchwork of official statements, classified documents, and anonymously sourced news stories.
Surveillance court created
Sen. Frank Church (D-Idaho) led the investigation.
After a post-Watergate Senate investigation documented abuses of government surveillance, Congress passes the Foreign Intelligence Surveillance Act, or FISA, to regulate how the government can monitor suspected spies or terrorists in the U.S. The law establishes a secret court that issues warrants for electronic surveillance or physical searches of a “foreign power” or “agents of a foreign power” (broadly defined in the law). The government doesn’t have to demonstrate probable cause of a crime, just that the “purpose of the surveillance is to obtain foreign intelligence information.”
The court’s sessions and opinions are classified. The only information we have is a yearly report to the Senate documenting the number of “applications” made by the government. Since 1978, the court has approved thousands of applications – and rejected just 11.
Oct. 2001
Patriot Act passed
President George W. Bush signs the Patriot Act.
In the wake of 9/11, Congress passes the sweeping USA Patriot Act. One provision, section 215, allows the FBI to ask the FISA court to compel the sharing of books, business documents, tax records, library check-out lists – actually, “any tangible thing” – as part of a foreign intelligence or international terrorism investigation. The required material can include purely domestic records.
Oct. 2003
‘Vacuum-cleaner surveillance’ of the Internet
Mark Klein
AT&T technician Mark Klein discovers what he believes to be newly installed NSA data-mining equipment in a “secret room” at a company facility in San Francisco. Klein, who several years later goes public with his story to support a lawsuit against the company, believes the equipment enables “vacuum-cleaner surveillance of all the data crossing the Internet – whether that be peoples' e-mail, web surfing or any other data.”
March 2004
Ashcroft hospital showdown
Attorney General John Ashcroft
In what would become one of the most famous moments of the Bush Administration, presidential aides Andrew Card and Alberto Gonzales show up at the hospital bed of John Ashcroft. Their purpose? To convince the seriously ill attorney general to sign off on the extension of a secret domestic spying program. Ashcroft refuses, believing the warrantless program to be illegal.
The hospital showdown was first reported by the New York Times, but two years later Newsweek provided more detail, describing a program that sounds similar to the one the Guardian revealed this week. The NSA, Newsweek reported citing anonymous sources, collected without court approval vast quantities of phone and email metadata "with cooperation from some of the country’s largest telecommunications companies" from "tens of millions of average Americans." The magazine says the program itself began in September 2001 and was shut down in March 2004 after the hospital incident. But Newsweek also raises the possibility that Bush may have found new justification to continue some of the activity.
Dec. 2005
Warrantless wiretapping revealed
Michael Hayden, director of the NSA when the warrantless wiretapping began
The Times, over the objections of the Bush Administration, reveals that since 2002 the government “monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants.” The program involves actually listening in on phone calls and reading emails without seeking permission from the FISA Court.
Jan. 2006
Bush defends wiretapping
President Bush speaks at Kansas State University.
President Bush defends what he calls the “terrorist surveillance program” in a speech in Kansas. He says the program only looks at calls in which one end of the communication is overseas.
March 2006
Patriot Act renewed
The Senate and House pass legislation to renew the USA Patriot Act with broad bipartisan support and President Bush signs it into law. It includes a few new protections for records required to be produced under the controversial section 215.
May 2006
Mass collection of call data revealed

USA Today reports that the NSA has been collecting data since 2001 on phone records of “tens of millions of Americans” through three major phone companies, Verizon, AT&T, and BellSouth (though the companies level of involvement is later disputed.) The data collected does not include content of calls but rather data like phone numbers for analyzing communication patterns.
As with the wiretapping program revealed by the Times, the NSA data collection occurs without warrants, according to USA Today. Unlike the wiretapping program, the NSA data collection was not limited to international communications.
Court authorizes collection of call data
The mass data collection reported by the Guardian this week apparently was first authorized by the FISA court in 2006, though exactly when is not clear. Dianne Feinstein, D-Calif., chairwoman of the Senate intelligence committee, said Thursday, “As far as I know, this is the exact three-month renewal of what has been in place for the past seven years.” Similarly, the Washington Post quoted an anonymous “expert in this aspect of the law” who said the document published by the Guardian appears to be a “routine renewal” of an order first issued in 2006.
It’s not clear whether these orders represent court approval of the previously warrantless data collection that USA Today described.
Jan. 2007
Bush admin says surveillance now operating with court approval
Attorney General Alberto Gonzalez
Attorney General Alberto Gonzales announces that the FISA court has allowed the government to target international communications that start or end in the U.S., as long as one person is “a member or agent of al Qaeda or an associated terrorist organization.” Gonzalez says the government is ending the “terrorist surveillance program,” and bringing such cases under FISA approval.
Aug. 2007
Congress expands surveillance powers
The FISA court reportedly changes its stance and puts more limits on the Bush administration’s surveillance (the details of the court’s move are still not known.) In response, Congress quickly passes, and President Bush signs, a stopgap law, the Protect America Act.
In many cases, the government can now get blanket surveillance warrants without naming specific individuals as targets. To do that, the government needs to show that they’re not intentionally targeting people in the U.S., even if domestic communications are swept up in the process.
Sept. 2007
Prism begins

The FBI and the NSA get access to user data from Microsoft under a top-secret program known as Prism, according to an NSA PowerPoint briefing published by the Washington Post and the Guardian this week. In subsequent years, the government reportedly gets data from eight other companies including Apple and Google. “The extent and nature of the data collected from each company varies,” according to the Guardian.
July 2008
Congress renews broader surveillance powers
Congress follows up the Protect America Act with another law, the FISA Amendments Act, extending the government’s expanded spying powers for another four years. The law now approaches the kind of warrantless wiretapping that occurred earlier in Bush administration. Senator Obama votes for the act.
The act also gives immunity to telecom companies for their participation in warrantless wiretapping.
April 2009
NSA ‘overcollects’
The New York Times reports that for several months, the NSA had gotten ahold of domestic communications it wasn’t supposed to. The Times says it was likely the result of “technical problems in the NSA’s ability” to distinguish between domestic and overseas communications. The Justice Department says the problems have been resolved.
Feb. 2010
Controversial Patriot Act provision extended
President Obama
President Obama signs a temporary one-year extension of elements of the Patriot Act that were set to expire -- including Section 215, which grants the government broad powers to seize records.
May 2011
Patriot Act renewed, again
The House and Senate pass legislation to extend the overall Patriot Act. President Obama, who is in Europe as the law is set to expire, directs the bill to be signed with an “autopen” machine in his stead. It’s the first time in history a U.S. president has done so.
March 2012
Senators warn cryptically of overreach
U.S. Sen. Ron Wyden (D-Ore.)
In a letter to the attorney general, Sens. Ron Wyden, D-Ore., and Mark Udall, D-Colo., write, “We believe most Americans would be stunned to learn the details” of how the government has interpreted Section 215 of the Patriot Act. Because the program is classified, the senators offer no further details.
July 2012
Court finds unconstitutional surveillance
According to a declassified statement by Wyden, the Foreign Intelligence Surveillance Court held on at least one occasion that information collection carried out by the government was unconstitutional. But the details of that episode, including when it happened, have never been revealed.
Dec. 2012
Broad powers again extended
President Obama
Congress extends the FISA Amendments Act another five years, and Obama signs it into law. Sens. Wyden and Jeff Merkley, both Oregon Democrats, offer amendments requiring more disclosure about the law’s impact. The proposals fail.
April 2013
Verizon order issued
As the Guardian revealed this week, Foreign Intelligence Surveillance Court Judge Roger Vinson issues a secret court order directing Verizon Business Network Services to turn over “metadata” -- including the time, duration and location of phone calls, though not what was said on the calls -- to the NSA for all calls over the next three months. Verizon is ordered to deliver the records “on an ongoing daily basis.” The Wall Street Journal reports this week that AT&T and Sprint have similar arrangements.
The Verizon order cites Section 215 of the Patriot Act, which allows the FBI to request a court order that requires a business to turn over “any tangible things (including books, records, papers, documents, and other items)” relevant to an international spying or terrorism investigation. In 2012, the government asked for 212 such orders, and the court approved them all.
June 2013
Congress and White House respond
Director of National Intelligence James Clapper
Following the publication of the Guardian’s story about the Verizon order, Sens. Feinstein and Saxby Chambliss, R-Ga., the chair and vice of the Senate intelligence committee, hold a news conference to dismiss criticism of the order. “This is nothing particularly new,” Chambliss says. “This has been going on for seven years under the auspices of the FISA authority, and every member of the United States Senate has been advised of this.”
Director of National Intelligence James Clapper acknowledges the collection of phone metadata but says the information acquired is “subject to strict restrictions on handling” and that “only a very small fraction of the records are ever reviewed.” Clapper alsoissues a statement saying that the collection under the Prism program was justified under the FISA Amendments of 2008, and that it is not “intentionally targeting” any American or person in the U.S.
Statements from the tech companies reportedly taking part in the Prism program variously disavow knowledge of the program and merely state in broad terms they follow the law.
Congress has been briefed on this 13 times now, and they've offered to inform every single senator on the workings of the program. But, apparently, most people don't go to those meetings...:


White House Plays Down Data Program

  • June 8, 2013

WASHINGTON — The Obama administration tried Saturday to marshal new evidence in defense of its collection of private Internet and telephone data, arguing that a secret program called Prism is simply an “internal government computer system” designed to sort through court-supervised collection of data, and that Congress has been briefed 13 times on the programs since 2009.
After rushing to declassify some carefully selected descriptions of the programs, James R. Clapper Jr., the director of national intelligence, conceded for the first time that the Prism program existed. But in a statement, after denouncing the leak of the data to The Guardian and The Washington Post, Mr. Clapper insisted it was “not an undisclosed collection or data mining program.” Instead, he said it was a computer system to “facilitate” the collection of foreign intelligence that had been authorized by Congress.
Mr. Clapper also insisted that the government “does not unilaterally obtain information from the servers” of telephone and Internet providers, saying that information is turned over only under court order, when there is a “documented, foreign intelligence purpose for acquisition” of the data.
He appeared to be attempting to push back against early reports that the government had direct access to the huge computer servers at Google, Microsoft, Facebook and similar companies. Those firms have denied they give the government a “back door” to their systems.
But they acknowledge handing over material when ordered to do so by the Foreign Intelligence Surveillance Court, though they have not described the mechanism for complying with those orders. It appears the companies use some kind of electronic drop box, in which they place the material, so that the government can then harvest the information.
The national intelligence director’s rare Saturday statement was notable for what it omitted: any description of other means the government may use to intercept Internet information directly from fiber optic cables or satellite systems even before or after it reaches those Internet companies.
A new report in The Guardian, published online on Saturday, cited another document that showed that in March 2013 there were 97 billion pieces of data collected from networks worldwide; about 14 percent of it was from Iran, much was from Pakistan and about 3 percent came from inside the United States, though some of that may have been foreign data traffic routed through American-based servers.
Meanwhile, senior Obama administration officials, including the directors of the Federal Bureau of Investigation and of national intelligence, have held 13 classified hearings and briefings for members of Congress since 2009 to explain the broad authority they say they have to sweep up electronic records for national security purposes, a senior administration official said Saturday.
The administration, by disclosing the briefings, sought to push back on claims by Democrats and Republicans in Congress that they were either not aware of programs to mine vast amounts of Internet data and business telephone records or were insufficiently briefed on the details.
Lawmakers said that what they knew was vague and broad — and that strict rules of classification prevented them from truly debating the programs or conducting proper oversight.
In separate but identical letters sent on Oct. 19, 2011, Assistant Attorney General Ronald Weich told two of Congress’s most outspoken critics of the efforts, Senators Ron Wyden of Oregon and Mark Udall of Colorado, both Democrats, that in December 2009 and February 2011 the Justice Department and intelligence agencies provided a classified document to Congress describing the surveillance efforts in detail.
The letter said the House and Senate Intelligence Committees had been briefed “on these operations multiple times and have had access to copies of the classified” orders and opinions of the secret Foreign Intelligence Surveillance Court. Members of the committee were invited to share the information with other lawmakers.
Broader briefings were held in 2011 before the reauthorization of the Patriot Act, the post-Sept. 11 law that authorized much of the surveillance.

“Against this backdrop, we do not believe the executive branch is operating pursuant to ‘secret law’ or ‘secret opinions of the Department of Justice,’ ” Mr. Weich wrote. “Rather, the intelligence community is conducting court-authorized intelligence activities pursuant to a public statute, with the knowledge and oversight of Congress and the Intelligence Committees of both houses.”
On Friday, Mr. Udall and Mr. Wyden released a joint statement repeating that they had “long been concerned about the degree to which this collection has relied on ‘secret law.’ ”
“Senior administration officials have stated on multiple occasions that the Patriot Act’s ‘business records’ authority is ‘analogous to a grand jury subpoena,’ ” they said. They added that “multiple senior officials have stated that U.S. intelligence agencies do not collect information or dossiers on ‘millions of Americans,’ ” assertions that they believe have been contradicted by revelations of Internet data mining and a court order asking a Verizon subsidiary to turn over logs of telephone calls.
“Now that the fact of bulk collection has been declassified, we believe that more information about the scale of the collection, and specifically whether it involves the records of ‘millions of Americans,’ should be declassified as well,” they said.
The list of briefings begins on May 12, 2009, with a classified hearing of the Senate Intelligence Committee involving Gen. Keith B. Alexander, the head of the United States Cyber Command, and David S. Kris, assistant attorney general for national security.
On Feb. 14, 2011, all senators were offered the opportunity to discuss the broad authority under the Patriot Act with the director of national intelligence, Mr. Clapper; the F.B.I. director, Robert S. Mueller III; and General Alexander. Mr. Mueller spoke to the House Republican Conference on May 13, 2011, and to the House Democratic Caucus on May 24, 2011.
On Feb. 8, 2011, Senators Dianne Feinstein of California, the chairwoman of the Intelligence Committee, and Saxby Chambliss of Georgia, the ranking Republican on the panel, invited every senator to a briefing with Mr. Clapper and Attorney General Eric H. Holder Jr. to discuss expiring provisions of the Foreign Intelligence Surveillance Act of 1978.
The provisions — “one on roving authority for electronic surveillance and the other on the acquisition of business records that are relevant to investigations to protect against international terrorism or espionage” — were added to the 1978 law by the Patriot Act.
But Senator Richard J. Durbin of Illinois, the Senate’s No. 2 Democrat, draws a distinction between the holding of such briefings and the informed consent of Congress. Very few lawmakers avail themselves of such briefings, he suggested, and only the most senior leaders are kept fully abreast of intelligence activities.
“You can count on two hands the number of people in Congress who really know,” he said in an interview on Friday.

And, today, the NSA director released a series of talking points on what PRISM was:

After days of relatively short and vague statements on a leaked Verizon court order and a slideshow on the PRISM data collection program, Director of National Intelligence James Clapper has released a statement and "fact sheet" detailing more information on what PRISM is and how it's run — at least in theory. Clapper criticized a series of "reckless disclosures" by newspapers, which he asserts failed to include the full context of the program. What follows is a series of points justifying the program, detailing how the law is allegedly applied and its legal limits:
  • PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
  • Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.
  • The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.
  • In addition, Section 702 cannot be used to intentionally target any US citizen, or any other US person, or to intentionally target any person known to be in the United States. Likewise, Section 702 cannot be used to target a person outside the United States if the purpose is to acquire information from a person inside the United States.
  • Finally, the notion that Section 702 activities are not subject to internal and external oversight is similarly incorrect. Collection of intelligence information under Section 702 is subject to an extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial branches.
Clapper's previous statements pointed to Section 702 of the Foreign Intelligence Surveillance act or FISA, and much of what he's saying is simply laying out the points of the legal doctrine. It's common knowledge that Section 702 is meant to target non-US citizens and that the FISA court is meant to provide oversight of requests — though contrary to his implication, an "imminent" threat can justify waiting until after the surveillance has been started to obtain a court order. As with almost all defenses of Obama Administration policies, though, Clapper's assertion that the law is used only in a highly conservative way is doubtful. He discusses "minimization" procedures meant to limit collecting information about US citizens, but previous leaks have pointed to a "51 percent" certainty rate about whether someone is actually a foreigner outside the US and have shown little evidence that minimization procedures are in place.
While focusing on the letter of the law and the government's good intentions, Clapper dodges any mention of how much information (or what kind) is actually collected with the PRISM program. But like Obama and other government officials, he insists that the data they found was vital to national security. "Communications collected under Section 702 have yielded intelligence regarding proliferation networks and have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies," he says, adding that surveillance has also "provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks."
A good Real News Network interview with Col. James Wilkerson about the bullshit coming out of the White House and the almost McCarthy-ness of the program:

The Guardian today released the details on the Boundless Informant program - The NSA's secret tool to track info and catalog data. The article is FULL of interesting points and further prove that they've basically been lying to Congress the entire time.

Boundless Informant: the NSA's secret tool to track global surveillance data

Revealed: The NSA's powerful tool for cataloguing data – including figures on US collection

Boundless Informant: mission outlined in four slides
Read the NSA's frequently asked questions document
Glenn Greenwald and Ewen MacAskill

The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance). Note the '2007' date in the image relates to the document from which the interactive map derives its top secret classification, not to the map itself.
The National Security Agency has developed a powerful tool for recording and analysing where its intelligence comes from, raising questions about its repeated assurances to Congress that it cannot keep track of all the surveillance it performs on American communications.
The Guardian has acquired top-secret documents about the NSA datamining tool, called Boundless Informant, that details and even maps by country the voluminous amount of information it collects from computer and telephone networks.
The focus of the internal NSA tool is on counting and categorizing the records of communications, known as metadata, rather than the content of an email or instant message.
The Boundless Informant documents show the agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013. One document says it is designed to give NSA officials answers to questions like, "What type of coverage do we have on country X" in "near real-time by asking the SIGINT [signals intelligence] infrastructure."
An NSA factsheet about the program, acquired by the Guardian, says: "The tool allows users to select a country on a map and view the metadata volume and select details about the collections against that country."
Under the heading "Sample use cases", the factsheet also states the tool shows information including: "How many records (and what type) are collected against a particular country."
A snapshot of the Boundless Informant data, contained in a top secret NSA "global heat map" seen by the Guardian, shows that in March 2013 the agency collected 97bn pieces of intelligence from computer networks worldwide.
The heat map reveals how much data is being collected from around the world. Note the '2007' date in the image relates to the document from which the interactive map derives its top secret classification, not to the map itself.
Iran was the country where the largest amount of intelligence was gathered, with more than 14bn reports in that period, followed by 13.5bn from Pakistan. Jordan, one of America's closest Arab allies, came third with 12.7bn, Egypt fourth with 7.6bn and India fifth with 6.3bn.
The heatmap gives each nation a color code based on how extensively it is subjected to NSA surveillance. The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance).
The disclosure of the internal Boundless Informant system comes amid a struggle between the NSA and its overseers in the Senate over whether it can track the intelligence it collects on American communications. The NSA's position is that it is not technologically feasible to do so.
At a hearing of the Senate intelligence committee In March this year, Democratic senator Ron Wyden asked James Clapper, the director of national intelligence: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?"
"No sir," replied Clapper.
Judith Emmel, an NSA spokeswoman, told the Guardian in a response to the latest disclosures: "NSA has consistently reported – including to Congress – that we do not have the ability to determine with certainty the identity or location of all communicants within a given communication. That remains the case."
Other documents seen by the Guardian further demonstrate that the NSA does in fact break down its surveillance intercepts which could allow the agency to determine how many of them are from the US. The level of detail includes individual IP addresses.
IP address is not a perfect proxy for someone's physical location but it is rather close, said Chris Soghoian, the principal technologist with the Speech Privacy and Technology Project of the American Civil Liberties Union. "If you don't take steps to hide it, the IP address provided by your internet provider will certainly tell you what country, state and, typically, city you are in," Soghoian said.
That approximation has implications for the ongoing oversight battle between the intelligence agencies and Congress.
On Friday, in his first public response to the Guardian's disclosures this week on NSA surveillance, Barack Obama said that that congressional oversight was the American peoples' best guarantee that they were not being spied on.
"These are the folks you all vote for as your representatives in Congress and they are being fully briefed on these programs," he said. Obama also insisted that any surveillance was "very narrowly circumscribed".
Senators have expressed their frustration at the NSA's refusal to supply statistics. In a letter to NSA director General Keith Alexander in October last year, senator Wyden and his Democratic colleague on the Senate intelligence committee, Mark Udall, noted that "the intelligence community has stated repeatedly that it is not possible to provide even a rough estimate of how many American communications have been collected under the Fisa Amendments Act, and has even declined to estimate the scale of this collection."
At a congressional hearing in March last year, Alexander denied point-blank that the agency had the figures on how many Americans had their electronic communications collected or reviewed. Asked if he had the capability to get them, Alexander said: "No. No. We do not have the technical insights in the United States." He added that "nor do we do have the equipment in the United States to actually collect that kind of information".
Soon after, the NSA, through the inspector general of the overall US intelligence community, told the senators that making such a determination would jeopardize US intelligence operations – and might itself violate Americans' privacy.
"All that senator Udall and I are asking for is a ballpark estimate of how many Americans have been monitored under this law, and it is disappointing that the inspectors general cannot provide it," Wyden told Wired magazine at the time.
The documents show that the team responsible for Boundless Informant assured its bosses that the tool is on track for upgrades.
The team will "accept user requests for additional functionality or enhancements," according to the FAQ acquired by the Guardian. "Users are also allowed to vote on which functionality or enhancements are most important to them (as well as add comments). The BOUNDLESSINFORMANT team will periodically review all requests and triage according to level of effort (Easy, Medium, Hard) and mission impact (High, Medium, Low)."
Emmel, the NSA spokeswoman, told the Guardian: "Current technology simply does not permit us to positively identify all of the persons or locations associated with a given communication (for example, it may be possible to say with certainty that a communication traversed a particular path within the internet. It is harder to know the ultimate source or destination, or more particularly the identity of the person represented by the TO:, FROM: or CC: field of an e-mail address or the abstraction of an IP address).
"Thus, we apply rigorous training and technological advancements to combine both our automated and manual (human) processes to characterize communications – ensuring protection of the privacy rights of the American people. This is not just our judgment, but that of the relevant inspectors general, who have also reported this."
She added: "The continued publication of these allegations about highly classified issues, and other information taken out of context, makes it impossible to conduct a reasonable discussion on the merits of these programs."
GREAT piece on 10 things Americans underestimate about what this all really means:

10 Things Americans Underestimate About Our Massive Surveillance State

The latest revelations are just the tip of the iceberg.

  • by Steven Rosenfeld
  • June 7, 2013
Americans may be upset about the latest revelations in the government’s ability to spy on citizens via their online lives, but no one should be surprised. We've underestimated and overlooked many key aspects of the government’s ability to track our lives for years.
The bottom line, which resonates most strongly among civil liberties advocates on the left and conservative libertarians on the right, is not just the loss of privacy but also the growing power of the state to target and oppress people who it judges to be critics and enemies. That list doesn’t just include foreign terrorists of the al-Qaeda mold, or even the Chinese government that has stolen the most advanced U.S. weapon plans; it also includes domestic whistleblowers, protesters and journalists—all of whom have been targeted by the Obama administration Justice Department.
Let’s go through 10 points about these latest revelations of domestic spying to better understand what Americans have underestimated and overlooked about electronic eavesdropping.
1. Underestimated: The National Security Agency’s abilities. The last time Americans focused on domestic spying as they have this week was a half-dozen years ago when the media broke the story that the Bush administration had placed data interceptors on key junction points on AT&T’s telephone network to try to trace calls by al-Qaeda. What Americans have underestimated is that as the Internet has grown and more data pathways have been developed—such as WiFi streams used in smart phones and other platforms—so has the NSA’s electronic dragnet.
2. Overlooked: The expanding NSA dragnet. This week’s revelations started with the UK Guardian publishing a copy of a secret federal intelligence court order that Verizon turns its customer’s “metadata” to the NSA. That was followed by the Washington Post’s scoop—from a whistleblower—of a new (to the public) federal domestic spying effort in which the biggest Internet companies were also told to turn over metadata, including Microsoft, Google, Yahoo, Facebook and others.
Even these latest scoops are not the whole picture. Other phone providers like Sprint have told their customers they will share information with the government if asked. The NSA installed tracking devices on Google’s servers after the company realized it had been hacked by China four years ago in an effort to see what the FBI knew about China's spies in America. Americans have overlooked that as the Internet has grown, so has the NSA’s ability to track and trace everyone’s online lives.
3. Underestimated: The erosion of constitutional rights. For two centuries, the U.S. Constitution’s Fourth Amendment barred the government from unreasonable search and seizure by police authorities. Kirk Wiebe, a former NSA intelligence analyst, told NPR on Thursday that collecting vast reams of electronic data was changing the "innocent-until-proven-guilty" foundation of constitutional law.
“Now, unfortunately, people like the former director of NSA, Michael Hayden, and others have recast the Fourth Amendment from one that is based on probable cause in presenting evidence for subsequent invasion of privacy to one of reasonable suspicion,” Wiebe said. “That phrase has not been defined except by some managers controlling this information about you and me.”
4. Overlooked: How the NSA is getting away with this. If you really want to know how the NSA has been able to get away with this—and how the Obama administration has been able to say it has been doing nothing that has not been approved by Congress—you have to look at the reality that high-ranking lawyers inside the government have been exploiting legal loopholes to let NSA do what it wants.
This is no different than what election lawyers do when they want to get around campaign finance laws. Congress passes laws. The administration drafts regulations to carry out those laws. And lawyers—in and outside of government—find ways to get around what they don’t like in those laws. This article on the Balkinization legal blog explains exactly how that path unfolded from the Patriot Act, to the FBI, to the NSA. It includes the astounding legal construction that the data dumps are not data “collection” because they’re electronic, not on paper—until they are processed.
“So the NSA gets to obtain information in a more intrusive way than it might otherwise be allowed,” wrote Rachel Levinson-Waldman, counsel at the Liberty and National Security Program at the Brennan Center for Justice at NYU Law School for the blog.
5. Underestimated: Loss of privacy. Americans need to realize that every electronic transaction can be traced and seen by the government—period. There’s no e-mail, smart phone app, or even visit to a porn website that’s not traceable. This is much bigger than posting an unflattering picture on Facebook that will not disappear and be discovered by a potential co-worker or employer. Unless people want to live without electricity in the woods, modern life has evolved to the point where expectations of privacy are a myth, not a reality anymore.
6. Overlooked: The surveillance state transcends political party. Another dimension of the loss of privacy is that the surveillance state keeps growing regardless of who holds power in Congress or the White House. On Thursday, the libertarian Republican senator, Rand Paul of Kentucky, and the socialist Independent senator, Bernard Sanders of Vermont, both decried the “assault on the Constitution. But the top Democratic and Republican senators on the Intelligence Committee said the NSA activities were “protecting America” and there was nothing new going on—this is business as usual. It’s as if Congress and the intelligence establishment created a genie that will never be put back into a bottle.
7. Underestimated: Corporate America doesn’t like this either. One of the most curious aspects of these disclosures about NSA eavesdropping is that the corporations involved are not exactly fans of it. That is not to say that they would not want to be using similar data-mining and customer profiling technology to sell more products, but they worry that it is a public relations nightmare for them to be caught turning over customer information.
The Wall Street Journal on Friday quoted Denny Strigl, who retired as Verizon's president in 2009, saying, “You've got Verizon between a rock and a hard place here… If people are going to make an issue of this, the issue is with the government—not with the corporate citizen who complies with the law.”
8. Overlooked: It’s easier for businesses to comply than to say no. Americans’ sympathies for corporate executives like the ex-Verizon president should only go so far, because let’s face it—people at the highest echelons of corporate power have more access and influence than ordinary Americans into Washington’s halls of power and they are not saying "No, this goes too far." Instead, Friday’s papers were filled with comments from Apple, Google, Facebook, Verizon and others all saying they value their customers but they follow the law as required. That’s not really corporate citizenship, that’s caving in.
9. Underestimated: The power that government is accumulating. People do not realize how powerful the government is until they become its target. The most chilling aspect of the interview NSA whistleblower Thomas Drake gave on Democracy Now! was how his life came undone once the federal government decided he was its enemy—because he believed the press and public needed to know that earlier NSA electronic surveillance violated the Constitution. The power of the state—whether local police videotaping protesters or the Justice Department going after journalists and whistleblowers—is staggering. The United States in 2013 is not Nazi Germany in the 1930s, but what is true about both countries in both eras is that the populace was far too compliant as the state accumulated power and selectively undermined civil liberties.
10. Overlooked: A smarter way to respect civil liberties and fight foreign enemies. Some of the press reports on the latest NSA election dragnet suggest that Americans face a choice between losing their privacy rights and protecting national security. That seems like a false choice. Where the White House, Congress and corporate America’s leadership has utterly failed is explaining what the real threats are and what needs to be done—including safeguarding the rights that Americans value. On Friday, President Obama said the media reports of the surveillance were “hype” and nobody was reading private e-mails, saying the government's efforts were limited, balancing privacy and security concerns. In short, he said "trust us."
Obama's comments were not reassuring, because they lacked details about what's going on. The NSA’s electronic dragnet was created after the September 11, 2001 attacks. Is al-Qaeda a big threat anymore? Or is the bigger threat how the Chinese government hacked into the security systems that supposedly protected US weapons systems and stole all the blueprints to the most advanced technology? Americans hear all about the continuing threat of al-Qaeda and very little about the much bigger Chinese intelligence coup.
What’s missing is a much smarter public discussion that respects Americans’ intelligence and rights, including elected public representatives telling permanent government agencies that "no means no." And, though it’s unlikely to happen, corporate America drawing a line on domestic spying for the government.
Steven Rosenfeld covers democracy issues for AlterNet and is the author of "Count My Vote: A Citizen's Guide to Voting" (AlterNet Books, 2008).
Today its come out that Clapper and the NSA are seeing a criminal probe into who leaked the documents:
Spy agency seeks criminal probe into leaks
By Timothy Gardner and Mark Hosenball
WASHINGTON | Sun Jun 9, 2013 12:42am EDT
(Reuters) - A U.S. intelligence agency requested a criminal probe on Saturday into the leak of highly classified information about secret surveillance programs run by the National Security Agency, a spokesman for the intelligence chief's office said.
Confirmation that the NSA filed a "crimes report" came a few hours after the nation's spy chief, Director of National Intelligence James Clapper launched an aggressive defense of a secret government data collection program.
Clapper blasted what he called "reckless disclosures" of a highly classified spy agency project code-named PRISM.
It was not known how broad a leaks investigation was requested by the super-secret NSA, but Shawn Turner, a spokesman for Clapper's office, said a "crimes report has been filed."
The report goes to the Justice Department, which has established procedures for determining whether an investigation is warranted. Prosecutors do not accept all requests, but they have brought a series of high-profile leak investigations under President Barack Obama. U.S. officials said the NSA leaks were so astonishing they expected the Justice Department to take the case.
A Justice Department spokesman declined to comment.
In a statement earlier on Saturday, Clapper acknowledged PRISM's existence by name for the first time and said it had been mischaracterized by the media. The project was legal, not aimed at U.S. citizens and had thwarted threats against the country, he said.
"Over the last week we have seen reckless disclosures of intelligence community measures used to keep Americans safe," Clapper said in a statement.
He said the surveillance activities reported in the Washington Post and Britain's Guardian newspaper were lawful and conducted under authorities approved by Congress. "Significant misimpressions" have resulted from recent articles, he said.
Clapper's comments were the latest development in an escalating battle over government spying and civil liberties, involving the Obama administration and news organizations that have published details of U.S. data-mining efforts.
Clapper's statement discussed in general terms what had been until Thursday an unknown and highly classified program. It made a rare public acknowledgement that U.S. spy agencies obtained data from U.S. telecommunications providers, but defended the practice as legal and regulated by courts.
"The United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider," said a fact sheet accompanying Clapper's statement, referring to the Foreign Intelligence Surveillance Act Court.
PRISM, characterized in news reports as a top-secret National Security Agency program for extracting data from the computers of internet companies, in reality is an "internal government computer system" used to "facilitate" the government's handling of information it collects from service providers, according to the fact sheet.
The reports this week said the surveillance program involving internet firms and established under Republican President George W. Bush in 2007, had seen "exponential growth" under Obama, a Democrat. It said the NSA increasingly relied on PRISM as a source of raw material for daily intelligence reports to the president.
The news reports included PowerPoint slides showing that major Internet companies such as Yahoo, Google, Facebook and a half-dozen others were involved in the program.
Alan Rusbridger, editor-in-chief of the Guardian, had no comment on Clapper's statement. Washington Post spokeswoman Kris Coratti said the company had no comment.
Internet providers have said they knew nothing about any NSA collection program called PRISM and that they have only cooperated with legal government requests for data.
The government can only target someone for internet surveillance if "there is an appropriate, and documented foreign intelligence purpose" for collection, the fact sheet said.
Those purposes include countering terrorism, weapons proliferation and cyber threats, Clapper said in the statement. He did not further explain how those broad targeting guidelines were used in practice.
Previous administration statements in the wake of leaks about the NSA program had not mentioned that it was gathering information related to cyber threats and weapons proliferation.
The Guardian published a story on Saturday, based on what it said were more leaked classified NSA documents, about what it described as an internal agency data mining tool created to track the focus of NSA's efforts to collect "metadata" - primitive raw information about message traffic - from around the world.
The newspaper said that a different NSA fact sheet it obtained said that the tool, code-named Boundless Informant, "allows users to select a country on a map and view the metadata volume and select details about the collections against that country."
The Guardian said documents showed NSA collected "almost 3 billion" pieces of intelligence from U.S. computer networks over a period ending in March 2013. It said the new documents raised questions about what NSA had told Congress about its inability to keep close track on the extent to which it inadvertently collects information about messages sent by Americans.
(Writing by David Ingram; Editing by Warren Strobel and Peter Cooney)

And from the Washington Post today, a bit of a breakdown on how the NSA actually gets the data:

U.S., company officials: Internet surveillance does not indiscriminately mine data

  • by Robert O’Harrow Jr. and Ellen Nakashima and Barton Gellman
  • June 8, 2013
  • Read Later

The director of national intelligence on Saturday stepped up his public defense of a top-secret government data surveillance program as technology companies began privately explaining the mechanics of its use.
The program, code-named PRISM, has enabled national security officials to collect e-mail, videos, documents and other material from at least nine U.S. companies over six years, including Google, Microsoft and Apple, according to documents obtained by The Washington Post.
The disclosures about PRISM have renewed a national debate about the surveillance systems that sprang up after the attacks of Sept. 11, 2001, how broad those systems might be and the extent of their reach into American lives.
In a statement issued Saturday, Director of National Intelligence James R. Clapper Jr. described PRISM as “an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision.”
“PRISM is not an undisclosed collection or data mining program,” the statement said.
Clapper also said that “the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence.”
The statement from Clapper is both an affirmation of PRISM and the government’s strongest defense of it since its disclosure by The Post and the Guardian on Thursday. On Wednesday, the Guardian also disclosed secret orders enabling the National Security Agency to obtain data from Verizon about millions of phone calls made from the United States.
Clapper called the disclosures “rushed” and “reckless,” with “inaccuracies” that have left “significant misimpressions.”
“Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a ‘playbook’ of how to avoid detection,” Clapper said. “Nonetheless, [the law governing PRISM] has proven vital to keeping the nation and our allies safe. It continues to be one of our most important tools for the protection of the nation’s security.”
In responding to the revelations about PRISM, the White House, some lawmakers and company officials have repeatedly suggested that secret court orders are issued every time the NSA or other intelligence agencies seek information under Section 702 of the Foreign Intelligence Surveillance Act. But the orders, which are also secret, serve as one-time blanket approvals for data acquisition and surveillance on selected foreign targets for periods of as long as a year.
The companies have publicly denied any knowledge of PRISM or any system that allows the government to directly query their central servers. But because the program is so highly classified, only a few people at most at each company would legally be allowed to know about PRISM, let alone the details of its operations.
Executives at some of the participating companies, who spoke on the condition of anonymity, acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community.
These executives said PRISM was created after much negotiation with federal authorities, who had pressed for easier access to data they were entitled to under previous orders granted by the secret FISA court.
One top-secret document obtained by The Post described it as “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
Intelligence community sources said that this description, although inaccurate from a technical perspective, matches the experience of analysts at the NSA. From their workstations anywhere in the world, government employees cleared for PRISM access may “task” the system and receive results from an Internet company without further interaction with the company’s staff.
In intelligence parlance, PRISM is the code name for a “signals intelligence address,” or SIGAD, in this case US-984XN, according to the NSA’s official classified description of PRISM and sources interviewed by The Post. The SIGAD is used to designate a source of electronic information, a point of access for the NSA and a method of extraction. In those terms, PRISM is a not a computer system but a set of technologies and operations for collecting intelligence from Facebook, Google and other large Internet companies.
According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.
Crucial aspects about the mechanisms of data transfer remain publicly unknown. Several industry officials told The Post that the system pushes requested data from company servers to classified computers at FBI facilities at Quantico. The information is then shared with the NSA or other authorized intelligence agencies.
According to slides describing the mechanics of the system, PRISM works as follows: NSA employees engage the system by typing queries from their desks. For queries involving stored communications, the queries pass first through the FBI’s electronic communications surveillance unit, which reviews the search terms to ensure there are no U.S. citizens named as targets.
That unit then sends the query to the FBI’s data intercept technology unit, which connects to equipment at the Internet company and passes the results to the NSA.
The system is most often used for e-mails, but it handles chat, video, images, documents and other files as well.
“The server is controlled by the FBI,” an official with one of the companies said. “We do not offer a download feature from our server.”
Another industry official said, “No one wants the bureau logging into the company server.”
On Friday, President Obama defended the secret surveillance program, saying it makes “a difference in our capacity to anticipate and prevent possible terrorist activity.”
Obama said Congress was fully informed about the efforts, which are tightly controlled by legal authorities under FISA. “If every step that we’re taking to try to prevent a terrorist act is on the front page of the newspapers or on television,” he said, “then presumably the people who are trying to do us harm are going to be able to get around our preventive measures.”
Clapper’s statement Saturday emphasized that the program was legal under Section 702 of FISA, as approved by Congress in 2008.
The law governs surveillance of foreign nationals. It was originally passed in 1978, after scandals involving the FBI, IRS and White House during the civil rights movement of the 1960s and the Vietnam War.
Section 702 provides the post-911 legal framework for the “targeted acquisition” of intelligence about foreign persons outside the United States. The information can be obtained only under a FISA court order and a written directive from the attorney general and the director of national intelligence.
Under Section 702, the attorney general and director of national intelligence must show the FISA court that they have procedures “reasonably designed to ensure” that their intercepts will target foreigners “reasonably believed” to be overseas.
“Service providers supply information to the Government when they are lawfully required to do so,” Clapper said Saturday.
The law prohibits officials from intentionally targeting data collection efforts at U.S. citizens or anyone in the United States. The standards for intentional targeting require that an analyst have a “reasonable belief,” at least 51 percent confidence, that the target is a foreign national.
The law also provides “an extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial branches,” Clapper said in the statement.
One top-secret document shows that the government is making systematic use of PRISM. An internal presentation of 41 briefing slides on PRISM suggested the scale of data collection. It described the system as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 items last year. According to the slides and other supporting materials obtained by The Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly one in seven intelligence reports.
Craig Timberg contributed to this report.
HOLY CRAP! The Guardian has released an interview with the whistleblower. This is absolutely amazing stuff. Definitely hit up the link and watch the video interview:

Series: Glenn Greenwald on security and liberty

Previous | Index
Edward Snowden: the whistleblower behind the NSA surveillance revelations

The 29-year-old source behind the biggest intelligence leak in the NSA's history explains his motives, his uncertain future and why he never intended on hiding in the shadows

Q&A with NSA whistleblower Edward Snowden: 'I do not expect to see home again'

Link to video: NSA whistleblower Edward Snowden: 'I don't want to live in a society that does these sort of things'
The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell.
The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. "I have no intention of hiding who I am because I know I have done nothing wrong," he said.
Snowden will go down in history as one of America's most consequential whistleblowers, alongside Daniel Ellsberg and Bradley Manning. He is responsible for handing over material from one of the world's most secretive organisations – the NSA.
In a note accompanying the first set of documents he provided, he wrote: "I understand that I will be made to suffer for my actions," but "I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant."
Despite his determination to be publicly unveiled, he repeatedly insisted that he wants to avoid the media spotlight. "I don't want public attention because I don't want the story to be about me. I want it to be about what the US government is doing."
He does not fear the consequences of going public, he said, only that doing so will distract attention from the issues raised by his disclosures. "I know the media likes to personalise political debates, and I know the government will demonise me."
Despite these fears, he remained hopeful his outing will not divert attention from the substance of his disclosures. "I really want the focus to be on these documents and the debate which I hope this will trigger among citizens around the globe about what kind of world we want to live in." He added: "My sole motive is to inform the public as to that which is done in their name and that which is done against them."
He has had "a very comfortable life" that included a salary of roughly $200,000, a girlfriend with whom he shared a home in Hawaii, a stable career, and a family he loves. "I'm willing to sacrifice all of that because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."
'I am not afraid, because this is the choice I've made'

Three weeks ago, Snowden made final preparations that resulted in last week's series of blockbuster news stories. At the NSA office in Hawaii where he was working, he copied the last set of documents he intended to disclose.
He then advised his NSA supervisor that he needed to be away from work for "a couple of weeks" in order to receive treatment for epilepsy, a condition he learned he suffers from after a series of seizures last year.
As he packed his bags, he told his girlfriend that he had to be away for a few weeks, though he said he was vague about the reason. "That is not an uncommon occurrence for someone who has spent the last decade working in the intelligence world."
On May 20, he boarded a flight to Hong Kong, where he has remained ever since. He chose the city because "they have a spirited commitment to free speech and the right of political dissent", and because he believed that it was one of the few places in the world that both could and would resist the dictates of the US government.
In the three weeks since he arrived, he has been ensconced in a hotel room. "I've left the room maybe a total of three times during my entire stay," he said. It is a plush hotel and, what with eating meals in his room too, he has run up big bills.
He is deeply worried about being spied on. He lines the door of his hotel room with pillows to prevent eavesdropping. He puts a large red hood over his head and laptop when entering his passwords to prevent any hidden cameras from detecting them.
Though that may sound like paranoia to some, Snowden has good reason for such fears. He worked in the US intelligence world for almost a decade. He knows that the biggest and most secretive surveillance organisation in America, the NSA, along with the most powerful government on the planet, is looking for him.
Since the disclosures began to emerge, he has watched television and monitored the internet, hearing all the threats and vows of prosecution emanating from Washington.
And he knows only too well the sophisticated technology available to them and how easy it will be for them to find him. The NSA police and other law enforcement officers have twice visited his home in Hawaii and already contacted his girlfriend, though he believes that may have been prompted by his absence from work, and not because of suspicions of any connection to the leaks.
"All my options are bad," he said. The US could begin extradition proceedings against him, a potentially problematic, lengthy and unpredictable course for Washington. Or the Chinese government might whisk him away for questioning, viewing him as a useful source of information. Or he might end up being grabbed and bundled into a plane bound for US territory.
"Yes, I could be rendered by the CIA. I could have people come after me. Or any of the third-party partners. They work closely with a number of other nations. Or they could pay off the Triads. Any of their agents or assets," he said.
"We have got a CIA station just up the road – the consulate here in Hong Kong – and I am sure they are going to be busy for the next week. And that is a concern I will live with for the rest of my life, however long that happens to be."
Having watched the Obama administration prosecute whistleblowers at a historically unprecedented rate, he fully expects the US government to attempt to use all its weight to punish him. "I am not afraid," he said calmly, "because this is the choice I've made."
He predicts the government will launch an investigation and "say I have broken the Espionage Act and helped our enemies, but that can be used against anyone who points out how massive and invasive the system has become".
The only time he became emotional during the many hours of interviews was when he pondered the impact his choices would have on his family, many of whom work for the US government. "The only thing I fear is the harmful effects on my family, who I won't be able to help any more. That's what keeps me up at night," he said, his eyes welling up with tears.
'You can't wait around for someone else to act'

Snowden did not always believe the US government posed a threat to his political values. He was brought up originally in Elizabeth City, North Carolina. His family moved later to Maryland, near the NSA headquarters in Fort Meade.
By his own admission, he was not a stellar student. In order to get the credits necessary to obtain a high school diploma, he attended a community college in Maryland, studying computing, but never completed the coursework. (He later obtained his GED.)
In 2003, he enlisted in the US army and began a training program to join the Special Forces. Invoking the same principles that he now cites to justify his leaks, he said: "I wanted to fight in the Iraq war because I felt like I had an obligation as a human being to help free people from oppression".
He recounted how his beliefs about the war's purpose were quickly dispelled. "Most of the people training us seemed pumped up about killing Arabs, not helping anyone," he said. After he broke both his legs in a training accident, he was discharged.
After that, he got his first job in an NSA facility, working as a security guard for one of the agency's covert facilities at the University of Maryland. From there, he went to the CIA, where he worked on IT security. His understanding of the internet and his talent for computer programming enabled him to rise fairly quickly for someone who lacked even a high school diploma.
By 2007, the CIA stationed him with diplomatic cover in Geneva, Switzerland. His responsibility for maintaining computer network security meant he had clearance to access a wide array of classified documents.
That access, along with the almost three years he spent around CIA officers, led him to begin seriously questioning the rightness of what he saw.
He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment.
"Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world," he says. "I realised that I was part of something that was doing far more harm than good."
He said it was during his CIA stint in Geneva that he thought for the first time about exposing government secrets. But, at the time, he chose not to for two reasons.
First, he said: "Most of the secrets the CIA has are about people, not machines and systems, so I didn't feel comfortable with disclosures that I thought could endanger anyone". Secondly, the election of Barack Obama in 2008 gave him hope that there would be real reforms, rendering disclosures unnecessary.
He left the CIA in 2009 in order to take his first job working for a private contractor that assigned him to a functioning NSA facility, stationed on a military base in Japan. It was then, he said, that he "watched as Obama advanced the very policies that I thought would be reined in", and as a result, "I got hardened."
The primary lesson from this experience was that "you can't wait around for someone else to act. I had been looking for leaders, but I realised that leadership is about being the first to act."
Over the next three years, he learned just how all-consuming the NSA's surveillance activities were, claiming "they are intent on making every conversation and every form of behaviour in the world known to them".
He described how he once viewed the internet as "the most important invention in all of human history". As an adolescent, he spent days at a time "speaking to people with all sorts of views that I would never have encountered on my own".
But he believed that the value of the internet, along with basic privacy, is being rapidly destroyed by ubiquitous surveillance. "I don't see myself as a hero," he said, "because what I'm doing is self-interested: I don't want to live in a world where there's no privacy and therefore no room for intellectual exploration and creativity."
Once he reached the conclusion that the NSA's surveillance net would soon be irrevocable, he said it was just a matter of time before he chose to act. "What they're doing" poses "an existential threat to democracy", he said.
A matter of principle

As strong as those beliefs are, there still remains the question: why did he do it? Giving up his freedom and a privileged lifestyle? "There are more important things than money. If I were motivated by money, I could have sold these documents to any number of countries and gotten very rich."
For him, it is a matter of principle. "The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to," he said.
His allegiance to internet freedom is reflected in the stickers on his laptop: "I support Online Rights: Electronic Frontier Foundation," reads one. Another hails the online organisation offering anonymity, the Tor Project.
Asked by reporters to establish his authenticity to ensure he is not some fantasist, he laid bare, without hesitation, his personal details, from his social security number to his CIA ID and his expired diplomatic passport. There is no shiftiness. Ask him about anything in his personal life and he will answer.
He is quiet, smart, easy-going and self-effacing. A master on computers, he seemed happiest when talking about the technical side of surveillance, at a level of detail comprehensible probably only to fellow communication specialists. But he showed intense passion when talking about the value of privacy and how he felt it was being steadily eroded by the behaviour of the intelligence services.
His manner was calm and relaxed but he has been understandably twitchy since he went into hiding, waiting for the knock on the hotel door. A fire alarm goes off. "That has not happened before," he said, betraying anxiety wondering if was real, a test or a CIA ploy to get him out onto the street.
Strewn about the side of his bed are his suitcase, a plate with the remains of room-service breakfast, and a copy of Angler, the biography of former vice-president Dick Cheney.
Ever since last week's news stories began to appear in the Guardian, Snowden has vigilantly watched TV and read the internet to see the effects of his choices. He seemed satisfied that the debate he longed to provoke was finally taking place.
He lay, propped up against pillows, watching CNN's Wolf Blitzer ask a discussion panel about government intrusion if they had any idea who the leaker was. From 8,000 miles away, the leaker looked on impassively, not even indulging in a wry smile.
Snowden said that he admires both Ellsberg and Manning, but argues that there is one important distinction between himself and the army private, whose trial coincidentally began the week Snowden's leaks began to make news.
"I carefully evaluated every single document I disclosed to ensure that each was legitimately in the public interest," he said. "There are all sorts of documents that would have made a big impact that I didn't turn over, because harming people isn't my goal. Transparency is."
He purposely chose, he said, to give the documents to journalists whose judgment he trusted about what should be public and what should remain concealed.
As for his future, he is vague. He hoped the publicity the leaks have generated will offer him some protection, making it "harder for them to get dirty".
He views his best hope as the possibility of asylum, with Iceland – with its reputation of a champion of internet freedom – at the top of his list. He knows that may prove a wish unfulfilled.
But after the intense political controversy he has already created with just the first week's haul of stories, "I feel satisfied that this was all worth it. I have no regrets."
While I respect all of this, is there really anyone out there who didn't think the gov't and its infinite resources weren't already monitoring every single semi-public aspect of its citizenry's lives? I'm glad it's coming to light (albeit slowly, thank you liberal left media) but who's really fooling who here?
While I respect all of this, is there really anyone out there who didn't think the gov't and its infinite resources weren't already monitoring every single semi-public aspect of its citizenry's lives? I'm glad it's coming to light (albeit slowly, thank you liberal left media) but who's really fooling who here?

That's the key word here. The fact is, NOTHING is private from the NSA according to this. And that, is a big fucking issue.
Today's reporting:
Wired on how the NSA and government lie with their statistics:
Thanks to the Guardian’s scoop, we now know definitively just how misleading these numbers are. You see, while the feds are required to disclose the number of orders they apply for and receive (almost always the same number, by the way), they aren’t required to say how many people are targeted in each order. So a single order issued to Verizon Business Solutions in April covered metadata for every phone call made by every customer. That’s from one order out of what will probably be about 200 reported in next year’s numbers.
Also Revealed by Verizon Leak: How Domestic Spies Lie With Numbers

  • by Kevin Poulsen
  • June 6, 2013
Here’s a seemingly comforting statistic. In all of 2012, the Obama administration went to the secretive Foreign Intelligence Surveillance Court only 200 times to ask for Americans’ “business records” under the USA Patriot Act.
Every year the Justice Department gives Congress a tally of the classified wiretap orders sought and issued in terrorist and spy cases – it was 1,789 last year. At the same time, it reports the number of demands for “business records” in such cases, issued under Section 215 of the USA Patriot Act. And while the number of such orders has generally grown over the years, its always managed to stay relatively low. In 2011, it was 205. There were 96 orders in 2010, and only 21 in 2009.
Thanks to the Guardian’s scoop, we now know definitively just how misleading these numbers are. You see, while the feds are required to disclose the number of orders they apply for and receive (almost always the same number, by the way), they aren’t required to say how many people are targeted in each order. So a single order issued to Verizon Business Solutions in April covered metadata for every phone call made by every customer. That’s from one order out of what will probably be about 200 reported in next year’s numbers.
The public numbers are the one bit of accountability around the surveillance court, and the Justice Department used them to misdirect the public away from a massive domestic spying operation that, several Senators approvingly noted today, has been running for seven years.
In 2011, Acting Assistant Attorney General Todd Hinnen relied on the same misleading numbers when he told the House Judiciary Committee that “on average, we seek and obtain section 215 orders less than 40 times per year.” Congressman James Sensenbrenner rightly took Hinnen to task today for juking the stats. “The Department’s testimony left the Committee with the impression that the Administration was using the business records provision sparingly and for specific materials,” Sensenbrenner writes (.pdf). “The recently released FISA order, however, could not have been drafted more broadly.”
Leaks reveal the truth in small slices. In 2006, a technician at an AT&T switching center in San Francisco followed some fiber optic splices straight into an NSA wiretapping program parked on the backbones of the internet. Now someone with access to a single Patriot Act order served on Verizon Business Solutions leaked it to the Guardian, so today’s news is that the FBI and the NSA are engaged in wholesale spying on Verizon customers. But the whole pie is certainly bigger than that.
There are hints of broader surveillance in the Verizon order. In addition to call records, the order demands cell phone data, like customers’ IMSI (International Mobile Subscriber Identity) number and another identifier that reveals the make and model of the phone. The mobile data is a non sequitur in that particular order, because Verizon Business Services isn’t a mobile carrier; it’s the long distance and landline business Verizon acquired as MCI in 2005.
The obvious conclusion is that the Foreign Intelligence Surveillance Court uses the same catchall boilerplate order over and over again, just changing the company name and the date. The court that’s supposed to be protecting Americans from abusive domestic surveillance is not only failing in that duty, it’s also lazy.
Thanks to that laziness we can fairly surmise that the orders are routine, and are served on other carriers. Probably all of them. And probably continuously, renewed every three months for the last seven years.
That means the Administration has a database of every call to suicide prevention, every tip to a government fraud whistleblowing hotline, every call to the “find a meeting” number for every Alcoholics Anonymous chapter. And all it told us was that it uses the USA Patriot Act every now and then.

Here's a good op-ed from TechCrunch (some good Tweets on the story in here)

Blanket Surveillance. Total Secrecy. What Could Possibly Go Wrong?

  • by Jon Evans
  • June 8, 2013
Imagine that one day you came home to find a shiny little bubble of one-way glass in an upper corner of every single room, and a notice left on your kitchen table: “As required by the Safe Society Act, we have installed remotely controlled cameras throughout your home. (Also your office.) But don’t worry! They’ll probably only be activated if the government believes that a non-US citizen might have entered this building.” Would that give you warm fuzzy feelings of safety and security?
I ask because that’s a pretty good metaphor for what happened this week. I refer of course to PRISM. You may have noticed the flurry of reports followed by a flurry of denials regarding the “top-secret National Security Administration data-mining program that taps directly into the Google, Facebook, Microsoft and Apple servers among others.”
Meanwhile, with (surprisingly) much less furore, the Wall Street Journal took the previous revelation that the NSA “is secretly collecting phone record information for all U.S. calls on the Verizon network,” and expanded it considerably:
The National Security Agency’s monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency’s activities.​
At first nobody knew what PRISM was. Both Larry Page and Mark Zuckerberg personally and strongly denied the initial allegations, and the Washington Post backed away from its initial claim that the tech companies “participate knowingly.” So who could say what was really going on, given the doublespeak that the NSA uses when discussing surveillance, and the weird way that Page, Zuck, and every other accused tech company (except, oddly, Microsoft) all kept chanting the strange mantra “no direct access” in their denials?
The New York Times, apparently. Hats off to them, and to Twitter; and shame on all the PRISM companies. The NYT’s report on PRISM — which you should all click through to and read — says that:
Twitter declined to make it easier for the government. But other companies were more compliant… The companies were legally required to share the data under the Foreign Intelligence Surveillance Act… they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence… FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms… employees whose job it is to comply with FISA requests are not allowed to discuss the details even with others at the company…​
Which is appalling enough right there: but let’s not lose sight of the even bigger and uglier picture, one which includes the WSJ’s claims. Going back to my cameras-in-the-home metaphor, until this week we all knew that the government could break in and install cameras in every home if they wanted to … but now we know they’ve actually done it. Oh, the ones in your home probably haven’t been turned on yet, but they’re there. They’ve been there for years.
I'm just going to say one more thing. Working societies do not spy on their citizens en masse. It's kind of civics 101.—
umair haque (@umairh) June 07, 2013
In digital era, privacy must be a priority. Is it just me, or is secret blanket surveillance obscenely outrageous?
Al Gore (@algore) June 06, 2013
"We have never disclosed our private keys to any government agency", said no one at all today.—
(@Pinboard) June 07, 2013
And how has the government responded to these revelations? Mostly with frothing fury. Senator Dianne Feinstein immediately called for an investigation….into the leak. Director of National Intelligence James Clapper called this “unauthorized disclosure of information” “reprehensible.”
That’s what really gets my blood boiling. There is no reasonable justification for keeping even the existence of FISA requests and programs like PRISM secret. Does the NSA really think that its targets currently believe that all their online activity is perfectly safe and secure? Well, in the extremely unlikely and idiotic case that that was the reason for total secrecy, then hey, that barn has sure burned down now, hasn’t it?
If the programs needed secrecy to succeed, will NSA shut them down now? If not, did they ever need be secret? Or did I just blow your mind?—
Matt Apuzzo (@mattapuzzo) June 07, 2013
The powers that be can shout “national security!” and “terrorism!” as stridently as they like, but it seems patently obvious to me that they’re just afraid that the American public might not like it if they find out how much they’re being spied on — and that their blanket surveillance programs might not be legal.
As Bruce Schneier points out, what we don’t know is far scarier than what we do. And to quote the EFF:
The specifics remain shrouded in secrecy, but Senators Ron Wyden, Mark Udall, Rand Paul, and Jeff Merkley, among others, have indicated repeatedly that Americans would be “stunned” to find out how the government is interpreting and using these provisions.​
You just can't *be* ethical under conditions of complete secrecy. Ethics involves constantly checking in with those your ethics effects.—
Danny O'B (@mala) June 07, 2013
The sad thing is, this is typical of the Obama administration, which has already prosecuted twice as many whistleblowers as all previous presidential administrations combined. “I welcome this debate. And I think it’s healthy for our democracy… I think that’s good that we’re having this discussion,” Obama said yesterday. Hours later, Reuters reported: “President Barack Obama’s administration is likely to open a criminal investigation into the leaking of highly classified documents that revealed the secret surveillance of Americans’ telephone and email traffic.”
Page and Zuckerberg say “There needs to be a more transparent approach … the level of secrecy around the current legal procedures undermines the freedoms we all cherish” and “We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe,” respectively. Too right. But the current administration has shown no real interest in greater openness, much less two-way transparency.
So the only other solution is for the tech world to do what it can to normalize end-to-end encryption of all online activity. Right now HTTPS can (probably) protect your data while it’s in transit between your apps and the Apple/Google/Microsoft/Yahoo servers; but if your government insists on star-chamber surveillance, then that’s no longer enough.
Instead we’ll need to start encrypting our communications all the way from sender to recipient. Security is hard, and there aren’t many good tools for this, yet. What’s more, this would be bad for Google’s business model. But if governments continue to pass and then stretch the bounds of outrageous and draconian laws like FISA, then it’s only a matter of time before angry techies make end-to-end encryption easier to use, and its use becomes widespread.
If there’s any thin silver lining to this debacle, it’s that by insisting on secrecy, and clandestine so-called “accountability,” governments are actually hastening how fast and how thoroughly the online data they so badly want will become unreadable. Given the contempt with which they’re currently treating the populace, I for one can’t wait.
Here's a good piece on the culpability of journalists (and their complete incompetence in some instances) surrounding reporting on this:
Some outlets focused on “direct access.” Others reported on “access,” but were not clear about direct or indirect access.
Yet more reporting focused on awareness of the program and authorization or lack thereof on the part of the largest social media firms cited on the leaked NSA slides.
Journalists are not asking what “access” means in order to clarify what each corporation understands direct and indirect access to mean with regard to their systems.
Does “direct access” mean someone physically camped out on site within reach of the data center?
Does “direct access” mean someone with global administrative rights and capability offsite of the data center? Some might call this remote access, but without clarification, what is the truth?
I don’t know about you but I can drive a Mack truck through the gap between these two questions.
Truck-sized Holes: Journalists Challenged by Technology Blindness

  • by Rayne
  • June 9, 2013
Note: The following piece was written just before news broke about Booz Allen Hamilton employee Edward Snowden. With this in mind, let’s look at the reporting we’ve see up to this point; problems with reporting to date may remain even with the new disclosures.
ZDNet bemoaned the failure of journalism in the wake of disclosures this past week regarding the National Security Administration’s surveillance program; they took issue in particular with the Washington Post’s June 7 report. The challenge to journalists at WaPo and other outlets, particularly those who do not have a strong grasp of information technology, can be seen in the reporting around access to social media systems.
Some outlets focused on “direct access.” Others reported on “access,” but were not clear about direct or indirect access.
Yet more reporting focused on awareness of the program and authorization or lack thereof on the part of the largest social media firms cited on the leaked NSA slides.
Journalists are not asking what “access” means in order to clarify what each corporation understands direct and indirect access to mean with regard to their systems.
Does “direct access” mean someone physically camped out on site within reach of the data center?
Does “direct access” mean someone with global administrative rights and capability offsite of the data center? Some might call this remote access, but without clarification, what is the truth?
I don’t know about you but I can drive a Mack truck through the gap between these two questions.
So which “direct access” have the social media firms not permitted? Which “direct access” has been taken without authorization of corporate management? ZDNet focuses carefully on authorization, noting the changes in Washington Post’s story with regard to “knowingly participated,” changed later to read “whose cooperation is essential PRISM operations.”
This begs the same questions with regard to any other form of access which is not direct. Note carefully that a key NSA slide is entitled, “Dates when PRISM Collection Began For Each Provider.” It doesn’t actually say “gained access,” direct or otherwise.
The next challenge surrounds the questions of authorization and participation. Some news outlets point to the denials by social media firms Yahoo and Google, in which these firms claim no participation in PRISM. Yet the NSA slides show “acquired access to servers” for these firms.
Again, I can deftly maneuver a 40-foot dry van between these two attributes. The NSA’s acquisition of access does not require conscious authorization or active participation in PRISM. Of course this also hinges on the meaning of “access.”
[Insert Princess Bride pop culture reference here: "I do not think that word means what you think it means."]
There’s one more wrinkle further clouding reporting, about which journalists are not demanding clarification, and that is the program itself.
An Apple spokesman said it had “never heard” of Prism.​
[Guardian, 13-JUN-2013]
The natural followup for all other reporters:
— Have any Apple employees, management or its board of directors heard of PRISM?
— Have any Apple employees, management or its board of directors heard of US-984XN?
— Have any Apple employees, management or its board of directors heard of any U.S., state/local, or international government project not named PRISM or US-984XN through which non-corporate employees are granted direct access, remote access, or access in any shape or form to data flowing into or out of data center servers?
— Are any of Apple employees, management or its board of directors aware of any government-installed or government-monitored network installations directly outside the data centers, through which incoming and/or outgoing data flows into the WAN?
— How many federal or state court orders requiring copies of data, apart from National Security Letters, have the social media providers complied with — top secret or otherwise?
Insert Google, Yahoo, Paltalk, AOL here instead of Apple and ask the same questions. (Don’t waste time with Stuxnet-enabler Microsoft.)
Having brought up US-984XN, the next challenge is compartmentalization, by which I mean a program inside a program. What if PRISM is inside US-984XN, or vice versa? What does the larger of the two programs look like, if this is the case? Can a compartmentalized program explain the carefully worded denials or lack of recognition when it comes to PRISM?
Does the larger program — directed by Presidential Policy Directive 20 (pdf) issued 16-OCT-2012 and likely shaped by predecessor National Security Presidential Directive 54 issued 08-JAN-2008 — included monitoring systems sitting outside the social media corporate data centers, installed somewhere along the WAN?
Will any journalist start asking the network service providers? Granted, they’ll likely offer non-denial denials, but it’d be nice to have them on record. The truth may be disclosed by the shape of the black hole formed by their reluctant responses.
Perhaps ZDNet will look more carefully at the Guardian’s report, which spawned much of the subsequent confusion among its technologically uninformed competitors. Where exactly did the Guardian obtain the fact or come to the conclusion that the NSA had obtained “direct access” to major social medial providers’ servers? The public cannot see this in the slides they have revealed so far.
Don’t even get me started on the possibility of wireless network sniffing systems invisibly monitoring content sent between towers and the internet’s backbone.
Or the lack of questions about the NSA slide tagline, “The SIGAD Used Most in NSA Reporting” (boldface theirs).
Or questions about the WaPo’s redaction of the title, “PRISM Collection Manager, S35333″ from the slide the Guardian had already published.

And this op-ed, by Ian Welch, is just a fantastic takedown of the quasi-Stasi state being setup by this country:
I don’t have a lot to say about Prism, it’s nothing that I find surprising at all. I would have been surprised if they weren’t doing this. That does not, of course, mean that they should be doing it. Basically, assume you’re being watched at all times. That does not mean a human being is watching you, but assume that an algorithim is watching your behaviour, and will flag you if your pattern of contacts seems suspicious. Once you are tagged, assume that everything you’ve done online, and most of what you’ve done in the real world if you’re in most major metropolitan centers, can be back traced. As pattern recognition becomes better, this will become even easier to do, and, indeed, automatic. The online and the offline will be linked together.
Again, this is nothing I didn’t believe was already happening, which isn’t to say that proof isn’t a nice thing to have, for all the dullards with their heads in the sand, who refuse to believe the obvious till it becomes as obvious as a boot stomping their face, over and over again.
The Logic of the Surveillance State

2013 June 9
by Ian Welsh
I don’t have a lot to say about Prism, it’s nothing that I find surprising at all. I would have been surprised if they weren’t doing this. That does not, of course, mean that they should be doing it. Basically, assume you’re being watched at all times. That does not mean a human being is watching you, but assume that an algorithim is watching your behaviour, and will flag you if your pattern of contacts seems suspicious. Once you are tagged, assume that everything you’ve done online, and most of what you’ve done in the real world if you’re in most major metropolitan centers, can be back traced. As pattern recognition becomes better, this will become even easier to do, and, indeed, automatic. The online and the offline will be linked together.
Again, this is nothing I didn’t believe was already happening, which isn’t to say that proof isn’t a nice thing to have, for all the dullards with their heads in the sand, who refuse to believe the obvious till it becomes as obvious as a boot stomping their face, over and over again.
This feeds directly in to the nature of our society, both domestically in Western countries and internationally. Our society is fundamentally unjust, as the charts in the Failure of Liberalism post make clear. It is fundamentally unfair internationally, and much of the so-called progress of the last few decades has been a mirage (for example, Indians now live on less calories a day than they did 40 years ago.) The women being raped, and the men and women being butchered in the Congo are killed because of how we structure the international economy, and the people who die in factory fires, likewise.
Surveillance states aren’t uncommon at all. Chinese and Japanese history are full of curfews, and people having to carry papers at all times, and restrictions on travel, and so on. The late Roman empire was, in certain respects, a surveillance state. Of course the USSR was, East Germany was, and indeed, many European countries, even today, require citizens to carry and show papers.
The problem with surveillance states, and with oppression in general, is the cost. This cost is both direct, in the resources that are required, and indirect in the lost productivity and creativity caused by constant surveillance. Surveillance states, oppressive states, are not creative places, they are not fecund economically. They can be efficient and productive, for as long as they last, which is until the system of control is subverted, as it was in the USSR. We forget, in light of the late USSR’s problems, that it did create an economic miracle in the early years, and tremendously boost production. Mancur Olson’s “Power and Prosperity” gives a good account of why it worked, and why it stopped working.
Liberalism, in its classic form, is, among other things, the proposition that you get more out of people if you treat them well. Conservatism is the proposition that you get more out of people if you treat them badly.
Post war Liberalism was a giant experiment in “treat people well”. The Reagan/Thatcher counter-revolution was a giant experiment in “treat people worse”. The empirical result is this: the rich are richer and more powerful in a society that treats people like shit, but a society which treats people well has a stronger economy, all other things being equal, than one that treats them badly. This was, also, the result of the USSR/West competition. (Treating people well or badly isn’t just about equality.)
Liberalism, classic and modern, believes that a properly functioning “freer” society is a more powerful society, all other things being equal. This was, explicitly, Adam Smith’s argument. Build a strong peacetime economy, and in wartime you will crush despotic nations into the dirt.
If you want despotism, as elites, if you want to treat everyone badly, so you personally become more powerful and rich, then, you’ve got two problems: an internal one (revolt) and an external one: war and being outcompeted by other nations elites, who will come and take away your power, one way or the other (this isn’t always violently, though it can be.)
The solution is a transnational elite, in broad agreement on the issues, who do not believe in nationalism, and who play by the same rules and ideology. If you’re all the same, if nations are just flags, if you feel more kinship for your fellow oligarchs, well then, you’re safe. There’s still competition, to be sure, but as a class, you’re secure.
That leaves the internal problem, of revolt. The worse you treat people, the more you’re scared of them. The more you clamp down. This is really, really expensive and it breaks down over generations, causing internal rot, till you can’t get the system to do anything, no matter how many levers you push.
What is being run right now is a vast experiment to see if modern technology has fixed these problems with surveillance and opporessive states. Is it cheap enough to go full Stasi, and with that level of surveillance can you keep control over the economy, keep the levers working, make people do what you want, and not all slack off and resist passively, by only going through the motions?
The oligarchs are betting that the technology has made that change. With the end of serious war between primary nations (enforced by nukes, among other things), with the creation of a transnational ruling class, and with the ability to scale surveillance, it may be possible to take and keep control indefinitely, and bypass the well understood problems of oligarchy and police and surveillance states.
The NSA Black Hole: 5 Basic Things We Still Don’t Know About the Agency’s Snooping

by Justin Elliott, Theodoric Meyer
  • June 10, 2013
The headquarters of the National Security Agency at Fort Meade, Maryland.
Last week saw revelations [1] that the FBI and the National Security Agency have been collecting Americans’ phone records en masse and that the agencies have access to data from nine tech companies.
But secrecy around the programs has meant even basic questions are still unanswered. Here’s what we still don’t know:
Has the NSA been collecting all Americans’ phone records, and for how long?
It’s not entirely clear.
The Guardian published a court order [2] that directed a Verizon subsidiary to turn over phone metadata -- the time and duration of calls, as well as phone numbers and location data -- to the NSA “on an ongoing daily basis” for a three-month period. Citing unnamed sources, the Wall Street Journal reported [3] the program also covers AT&T and Sprint and that it covers the majority of Americans. And Director of National Intelligence James Clapper himself acknowledged [4] that the “collection” is “broad in scope.”
How long has the dragnet has existed? At least seven years, and maybe going back to 2001.
Senate Intelligence Committee chair Dianne Feinstein, D-Calif., and vice chair Saxby Chambliss, R-Ga., said last week that the NSA has been collecting the records going back to 2006 [5]. That’s the same year that USA Today revealed [6] a similar-sounding mass collection of metadata, which the paper said had been taking place since 2001. The relationship between the program we got a glimpse of in the Verizon order and the one revealed by USA Today in 2006 is still not clear: USA Today described a program not authorized by warrants. The program detailed last week does have court approval.
What surveillance powers does the government believe it has under the Patriot Act?
That’s classified.
The Verizon court order relies on Section 215 of the Patriot Act [5]. That provision [7] allows the FBI to ask the Foreign Intelligence Surveillance Court for a secret order requiring companies, like Verizon, to produce records – “any tangible things” – as part of a “foreign intelligence” or terrorism investigation. As with any law, exactly what the wording means is a matter for courts to decide. But the Foreign Intelligence Surveillance Court’s interpretation of Section 215 is secret.
As Harvard Law Professor Noah Feldman recently wrote [8], the details of that interpretation matter a lot: “Read narrowly, this language might require that information requested be shown to be important or necessary to the investigation. Read widely, it would include essentially anything even slightly relevant — which is to say, everything.”
In the case of the Verizon order [2] -- signed by a judge who sits on the secret court and requiring the company to hand over “all call detail records" -- it appears that the court is allowing a broad interpretation of the Patriot Act. But we still don’t know the specifics.
Has the NSA’s massive collection of metadata thwarted any terrorist attacks?
It depends which senator you ask. And evidence that would help settle the matter is, yes, classified.
Sen. Mark Udall, D-Colo., told [9] CNN on Sunday, “It's unclear to me that we've developed any intelligence through the metadata program that's led to the disruption of plots that we could [not] have developed through other data and other intelligence.”
He said he could not elaborate on his case “without further declassification.”
Sen. Feinstein told [10] ABC that the collection of phone records described in the Verizon order had been “used” in the case of would-be New York subway bomber Najibullah Zazi [11]. Later in the interview, Feinstein said she couldn’t disclose more because the information is classified. (It’s worth noting that there’s also evidence that old-fashioned police work [12] helped solve the Zazi case — and that other reports [13] suggest the Prism program, not the phone records, helped solve the case.)
How much information, and from whom, is the government sweeping up through Prism?
It’s not clear.
Intelligence director Clapper said in his declassified description [14] that the government can’t get information using Prism unless there is an “appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States.”
One thing we don’t know is how the government determines who is a “foreign target.” The Washington Post reported [15] that NSA analysts use “search terms” to try to achieve “51 percent confidence” in a target’s “foreignness.” How do they do that? Unclear.
We’ve also never seen a court order related to Prism -- they are secret -- so we don’t know how broad they are. The Post reported [16] that the court orders can be sweeping, and apply for up to a year. Though Google has maintained [17] it has not "received blanket orders of the kind being discussed in the media."
So, how does Prism work?
In his statement [14] Saturday, Clapper described Prism as a computer system that allows the government to collect “foreign intelligence information from electronic communication service providers under court supervision.”
That much seems clear. But the exact role of the tech companies is still murky.
Relying on a leaked PowerPoint presentation, the Washington Post originally [15] described Prism as an FBI and NSA program to tap “directly into the central servers” of nine tech companies including Google and Facebook. Some of the companies denied [18] giving the government “direct access” to their servers. In a later story [16], published Saturday, the newspaper cited unnamed intelligence sources saying that the description from the PowerPoint was technically inaccurate.
The Post quotes a classified NSA report saying that Prism allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” not the company servers themselves. So what does any of that mean? We don't know.
Government Spying on Americans … and then Giving Info to Giant Corporations

Posted on June 11, 2013 by WashingtonsBlog
Big Banks and Other Corporate Bigwigs Benefit from Illegal Spying

You’ve heard that the government spies on all Americans.
But you might not know that the government shares some of that information with big corporations.
Reuters reported in 2011 that the NSA shares intelligence with Wall Street banks in the name of “battling hackers.”
The National Security Agency, a secretive arm of the U.S. military, has begun providing Wall Street banks with intelligence on foreign hackers, a sign of growing U.S. fears of financial sabotage.The assistance from the agency that conducts electronic spying overseas is part of an effort by American banks and other financial firms to get help from the U.S. military and private defense contractors to fend off cyber attacks, according to interviews with U.S. officials, security experts and defense industry executives.
The Federal Bureau of Investigation has also warned banks of particular threats amid concerns that hackers could potentially exploit security vulnerabilities to wreak havoc across global markets and cause economic mayhem.
NSA Director Keith Alexander, who runs the U.S. military’s cyber operations, told Reuters the agency is currently talking to financial firms about sharing electronic information on malicious software, possibly by expanding a pilot program through which it offers similar data to the defense industry.
NSA, which has long been charged with protecting classified government networks from attack, is already working with Nasdaq to beef up its defenses after hackers infiltrated its computer systems last year and installed malicious software that allowed them to spy on the directors of publicly held companies.
The NSA’s work with Wall Street marks a milestone in the agency’s efforts to make its cyber intelligence available more broadly to the private sector.
Greater cooperation with industry became possible after a deal reached a year ago between the Pentagon and the Department of Homeland Security, allowing NSA to provide cyber expertise to other government agencies and certain private companies.​
In March, PC Magazine noted:
“Right now, the ability to share real-time information is complicated and there are legal barriers. We have to overcome that,” Gen Keith B. Alexander, director of the National Security Agency and commander of U.S. Cyber Command, said during a Thursday appearance at Georgia Tech’s Cyber Security Symposium.
[Alexander has been pushing for the anti-privacy Internet bill known as "CISPA" to be passed.] “It allows the government to start working with industry and … discuss with each of these sector about the best approach,” he said.​
CISPA would allow the NSA to more openly share data with corporations in the name of protecting against “cyber threats.” But that phrase is too squisy. As the Electronic Frontier Foundation notes:
A “cybersecurity purpose” only means that a company has to think that a user is trying to harm its network. What does that mean, exactly? The definition is broad and vague. The definition allows purposes such as guarding against “improper” information modification, ensuring “timely” access to information or “preserving authorized restrictions on access…protecting…proprietary information” (i.e. DRM).​
More importantly, as the ACLU notes, “Fusion Centers” – a hybrid of military, intelligence agency, police and private corporations set up in centers throughout the country, and run by the Department of Justice and Department of Homeland Security – allow big businesses like Boeing to get access to classified information which gives them an unfair advantage over smaller competitors:
Participation in fusion centers might give Boeing access to the trade secrets or security vulnerabilities of competing companies, or might give it an advantage in competing for government contracts. Expecting a Boeing analyst to distinguish between information that represents a security risk to Boeing and information that represents a business risk may be too much to ask.​
A 2008 Department of Homeland Security Privacy Office review of fusion centers concluded that they presented risks to privacy because of ambiguous lines of authority, rules and oversight, the participation of the military and private sector, data mining, excessive secrecy, inaccurate or incomplete information and the dangers of mission creep.
The Senate Permanent Subcommittee on Investigations found in 2012 that fusion centers spy on citizens, produce ‘shoddy’ work unrelated to terrorism or real threats:
“The Subcommittee investigation found that DHS-assigned detailees to the fusion centers forwarded ‘intelligence’ of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism.”​
Under the FBI’s Infraguard program, businesses sometimes receive intel even before elected officials.
Law enforcement agencies spy on protesters and then share the info – at taxpayer expense – with the giant Wall Street banks
And a security expert says that all Occupy Wall Street protesters had their cellphone information logged by the government.
Alternet notes:
Ironically, records indicate that corporate entities engaged in such public-private intelligence sharing partnerships were often the very same corporate entities criticized, and protested against, by the Occupy Wall Street movement as having undue influence in the functions of public government.​
In essence, big banks and giant corporations are seen as being part of “critical infrastructure” and “key resources” … so the government protects them. That creates a dynamic where the government will do quite a bit to protect the big boys against any real or imagined threats … whether from activists or even smaller competitors. (Remember that the government has completely propped up the big banks, even though they went bankrupt due to stupid gambles.)
The Investigative Fund at the Nation reports:
The $103,000 no-bid contract awarded by the Pennsylvania Department of Homeland Security to the Institute of Terrorism Research and Response (ITRR) in 2009 is a drop in the bucket. ITRR, a private security firm headed by a former PA chief of police, was given the task of providing the department with thrice-weekly intelligence bulletins that identified threats to the state’s critical infrastructure. Instead of focusing on real threats, however, ITRR turned its attention to law-abiding activist groups including Tea Party protesters, pro-life activists, and anti-fracking environmental organizations. The bulletins included information about when and where local environmental groups would be meeting, upcoming protests, and anti-fracking activists’ internal strategy. As I recently wrote in my Investigative Fund/Earth Island Journal story, the bulletins were then distributed to local police chiefs, state, federal, and private intelligence agencies, and the security directors of the natural gas companies, as well as industry groups and PR firms. The state’s Department of Homeland Security was essentially providing intelligence to the natural gas industry about their detractors. And Pennsylvania taxpayers were footing the bill.
Perhaps because it was a relatively small contract the Pennsylvania spy scandal was brushed aside as an unfortunate mistake. Then-Governor Ed Rendell, whose own ties to the natural gas industry have recently been exposed, called the episode “deeply embarrassing.” The state terminated its contract with ITRR, a one-day Senate hearing was held, and the matter largely forgotten. But the Pennsylvania story is not an isolated case. In fact, it represents a larger pattern of corporate and police spying on activists and everyday citizens exercising their First Amendment rights.
A report published by the Center for Media and Democracy last month detailed how Homeland Security fusion centers, corporations, and local law enforcement agencies have teamed up to spy on Occupy Wall Street protesters. Fusion centers, created between 2003 and 2007 by the Department of Homeland Security, are centers for the sharing of federal-level information between the CIA, FBI, US military, local governments, and more. The more than 70 fusion centers, whose primary task is to analyze and share information with public and private actors, are part of Homeland Security’s growing “Information Sharing Environment” (ISE). According to their website, ISE “provides analysts, operators, and investigators with integrated and synthesized terrorism, weapons of mass destruction, and homeland security information needed to enhance national security and help keep our people safe.” The other big domestic public-private intelligence sharing ventures are Infragard, managed by the FBI’s Cyber Division Public/Private Alliance Unit, and the Domestic Security Alliance Council (DSAC), which openly states that its mission includes “advancing the ability of the U.S. private sector to protect its employees, assets and proprietary information.”
The little known DSAC brings together representatives from the FBI, the Department of Homeland Security’s Office of Intelligence and Analysis, and some of the nation’s most powerful corporations. Twenty-nine corporations and banks are on the DSAC Leadership Board, including Bank of America, ConocoPhillips, and Wal-Mart. The Department of Homeland Security also has a Private Sector Information-Sharing Working Group, which includes representatives from more than 50 Fortune 500 companies. They have pushed for increased funding of public-private intelligence sharing partnerships, largely through the expansion of fusion centers. According to the Department of Homeland Security website, “Our nation faces an evolving threat environment, in which threats not only emanate from outside our borders, but also from within our communities. This new environment demonstrates the increasingly critical role fusion centers play to support the sharing of threat related information between the federal government and federal, state, local, tribal, and territorial partners.”
As Mike German, an FBI special agent for 16 years who now works for the ACLU told me, “These systems and this type of collection is so rife with inappropriate speculation and error — both intentional and unintentional — that your good behavior doesn’t protect you.”
[T]he fossil fuel industry is seeking to protect itself from an increasingly restless environmental movement. One way of doing so is to paint the opposition as extremists or potential terrorists. “It’s the new politics of the petro-state,” Jeff Monaghan, a researcher with the Surveillance Studies Center at Queen’s University in Ontario, said. “It’s like this is not only environmental activism it’s activism against our way of life. It’s activism against the economy and the system. Because the system is now a petro system.”
Indeed, because of its enormous shale gas reserves, the United States is already being talked of as a future petro-state, and shale gas development a matter of national security. In his keynote address at the 2011 Shale Gas Insight Conference sponsored by the Marcellus Shale Coalition, Tom Ridge, former head of the Department of Homeland Security, described shale gas as vital to US national security. Everything that goes along with it — the rigs, pipelines, and compressor stations (not to mention air and water pollution) — will be viewed as part of the nation’s critical infrastructure. According to the Center for Media and Democracy report, “The stated purpose of protecting ‘critical infrastructure/key resources’ has come to serve as the single largest avenue for corporate involvement in the ‘homeland security’ apparatus.”​
And given that some 70% of the national intelligence budget is spent on private sector contractors. that millions of private contractors have clearance to view information gathered by spy agencies – including kids like 29 year old spying whistleblower Edward Snowden, who explained that he had the power to spy on anyone in the country – and that information gained by the NSA by spying on Americans is being shared with agencies in other countries, at least some of the confidential information is undoubtedly leaking into private hands for profit, without the government’s knowledge or consent.
As the ACLU noted in 2004:
There is a long and unfortunate history of cooperation between government security agencies and powerful corporations to deprive individuals of their privacy and other civil liberties, and any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future.​
Indeed, the government has been affirmatively helping the big banks, giant oil companies and other large corporations cover up fraud and to go after critics. For example, Business Week reported on May 23, 2006:
President George W. Bush has bestowed on his intelligence czar, John Negroponte, broad authority, in the name of national security, to excuse publicly traded companies from their usual accounting and securities-disclosure obligations.​
Reuters noted in 2010:
U.S. securities regulators originally treated the New York Federal Reserve’s bid to keep secret many of the details of the American International Group bailout like a request to protect matters of national security, according to emails obtained by Reuters.​
Wired reported the same year:
The DHS issued a directive to employees in July 2009 requiring a wide range of public records requests to pass through political appointees for vetting. These included any requests dealing with a “controversial or sensitive subject” or pertaining to meetings involving prominent business leaders and elected officials. Requests from lawmakers, journalists, and activist and watchdog groups were also placed under this scrutiny.​
In an effort to protect Bank of America from the threatened Wikileaks expose of wrongdoing – the Department of Justice told Bank of America to a hire a specific hardball-playing law firm to assemble a team to take down WikiLeaks (and see this)
The government and big banks actually coordinated on the violent crackdown of the anti-big bank Occupy protest.
The government is also using anti-terrorism laws to keep people from learning what pollutants are in their own community, in order to protect the fracking, coal and other polluting industries. See this, this, this, this and this.
Investigating factory farming can get one labeled a terrorist.
Infringing the copyright of a big corporation may also get labeled as a terrorist … and a swat team may be deployed to your house. See this, this, this and this. As the executive director of the Information Society Project at Yale Law School notes:
This administration … publishes a newsletter about its efforts with language that compares copyright infringement to terrorism.​
In short, the “national security” apparatus has been hijacked to serve the needs of big business.
NSA Built Back Door In All Windows Software by 1999

Posted on June 7, 2013 by WashingtonsBlog
Government Built Spy-Access Into Most Popular Consumer Program Before 9/11

In researching the stunning pervasiveness of spying by the government (it’s much more wide spread than you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.
Digging a little further, we found a 1999 article by leading European computer publication Heise which noted that the NSA had already built a backdoor into all Windows software:
A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.​
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren [an expert in computer security]. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.​
Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft’s developers had failed to remove or “strip” the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called “KEY”. The other was called “NSAKEY”.​
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to “Advances in Cryptology, Crypto’99″ conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the “NSA” key was built into their software. But they refused to talk about what the key did, or why it had been put there without users’ knowledge.​
A third key?!​
But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was “stunned” to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the “entropy” of programming code.​
Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.​
Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone’s and everyone’s Windows computer to intelligence gathering techniques deployed by NSA’s burgeoning corps of “information warriors”.​
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system“. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.​
“How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a ‘back door’ for NSA – making it orders of magnitude easier for the US government to access your computer?” he asked.​
We have repeatedly pointed out that widespread spying on Americans began prior to 9/11.
Leaked documents won't make it easier to fight NSA in court
Legal precedents protecting domestic surveillance have been building for years
By Matt Stroud

When Amnesty International filed a lawsuit against the federal government in 2009 to stop authorities from monitoring communications between US citizens and citizens abroad, the Supreme Court likened the lawsuit to a conspiracy theory.
The court’s majority opinion called any suspicion that US citizen communications would be monitored "highly speculative." What’s more, the court argued, no one had been specifically hurt by any US government spying program, so there was no need to stop government surveillance in the future. Amnesty’s case was rejected by the nation’s highest court. In other words, their argument was shut down completely by the federal government.
And not much has changed since then.
While President Obama has now openly acknowledged the existence of broad surveillance programs that may shock and surprise the public, no one can say for sure who has been targeted and how they were affected. Options for challenging that surveillance are therefore extremely limited.
The Amnesty case solidified the National Security Agency’s legal standing to surveil any communications involving anyone outside the US. And while parts of last week’s leaks could allow new legal challenges to the NSA’s authority to search as it wishes, the deck is heavily stacked against privacy advocates: US courts have set precedents allowing government agencies to invoke "national security" in the name of withholding information.
That’s as true now as it was a week ago.
No harm no foul

Perhaps the most prominent US spying case is Clapper v. Amnesty International USA. It began in 2009, when Amnesty filed a lawsuit against federal law enforcement agencies including the NSA. The lawsuit is named for James Robert Clapper, Jr., the US director of national intelligence, though he was sued alongside the director of the National Security Agency, the chief of the Central Security Service, and the attorney general of the United States.
Amnesty opposed the portion of Section 702 of the Foreign Intelligence Surveillance Act (FISA) that allows law enforcement agencies to ask permission to set up surveillance on pretty much any targets as long as those targets are "non-United States persons located outside the United States."
Though the law says law enforcement agencies "may not intentionally target any person known at the time of acquisition to be located in the United States," Amnesty’s lawyers saw major potential problems. Its lawyers argued that Section 702 would easily allow federal law enforcement agencies to surveil US citizens — and especially Amnesty employees — simply because those citizens communicated with non-US citizens abroad.
The New York district court turned down Amnesty’s argument. It was too vague and Amnesty couldn’t prove that any US citizen had been targeted. So Amnesty appealed all the way to the US Supreme Court.
"we’re almost in the same place still."
On February 26th this year, Supreme Court justice Samuel Alito offered his majority opinion — and it wasn’t far off from the New York district court’s. Alito defended the federal government’s right to collect data. There were "no specific facts demonstrating" that domestic communications between US citizens had been stored or mined by law enforcement agencies, so there was no need to eliminate any portion of Section 702.
"It is highly speculative," Alito wrote, "whether the government will imminently target communications" of Amnesty International employees who are US citizens. Furthermore, since US persons "cannot be targeted" under US law, Amnesty’s "theory necessarily rests on their assertion that their foreign contacts will be targeted." Alito dismissed that assertion: "they have no actual knowledge of the government’s ... targeting practices," he wrote, and even if they did, "they can only speculate as to whether the government will seek to use [that] surveillance instead of one of the government’s numerous other surveillance methods."
Alito’s broader point — one that’s been parroted by various congressmen and even President Obama — is that no specific person has been able to show that they’ve been targeted or harmed in any way by the massive federal data collection program. So even if the Supreme Court takes for granted that people are being surveilled, no one’s been able to prove in court that they’ve been hurt in any way by that surveillance.
For those trying to mount a legal attack on surveillance programs, that’s a big problem. Under US law, individuals can’t challenge a law unless the suing party can prove they have been — or will soon be — harmed by that law. This principle is called "standing." If the suing party can’t prove they’ve been harmed, that party "lacks standing." It's Alito’s argument in Clapper: Amnesty can’t prove that the NSA’s surveillance hurts anyone, so it therefore lacks standing.
Because of that, "we’re almost in the same place still," Mark Rumold, staff attorney at the Electronic Frontier Foundation, told Talking Points Memo last week. "We know the program operates and it operates largely similar to how we envisioned it operating. But it still doesn’t give us a particular person whose information was obtained under [Section 702]."
Showing harm

The Clapper case is over and done with, in other words. And last week’s revelations will do little to change that. What could change, however, is the Patriot Act.
That’s the opinion of Faiza Patel. The co-director of New York University’s Liberty and National Security Program at the Brennan Center, Patel points out that last week’s most significant revelation may not be that companies such as Google, Facebook, and Apple have provided (unwittingly or not) information to federal law enforcement agencies, but that Verizon’s participation in data mining may show the kind of legitimate harm that’s seemingly absent from Amnesty’s argument in Clapper.
Patel argues that the secret court order requiring Verizon to turn over troves of call data might allow a new lawsuit challenging federal data collection.
"It’s very difficult to challenge surveillance because it’s secret, so you never know for certain that you’ve been surveilled," she told The Verge. "But now everyone who’s a Verizon business customer knows that their information was collected by the government. The steps they take to prevent collection" — whether it’s switching to a more expensive, more secure internet service provider or using some unnamed technology — "could be their ‘harm,’ if you will. They might need to spend money on particular types of technology to prevent this kind of data collection on their accounts."
"it’s secret, so you never know for certain that you’ve been surveilled."
That would show an expense, she said, and thus a reason to file another lawsuit against federal law enforcement agencies participating in domestic data collection.
The point, she said, is that — whether through another challenge to Clapper or some soon-to-be-filed class action lawsuit related to Verizon’s data disclosures — avenues remain in the US court system to challenge widespread surveillance and to get a clearer picture of the federal data collection program.
"It’s very difficult for the public to understand what it is that’s being done and how this information is being gathered," she said. "Add to that the technological complexity of some of the issues and you have a real lack of understanding. Hopefully what these revelations do is put a crack in that secret facade so people can try to understand what’s really happening."
The Smart Kids Are Going To Keep Leaking Forever

Daniel Ellsberg attended Harvard and Cambridge, became a decorated Marine and Pentagon analyst—and then, at 38, produced the greatest document leak in American history. He cited unjust warfare and official lies. Edward Snowden dropped out of high school and produced perhaps the second greatest leak at 29. He cited Reddit. The bad news for American intelligence: the Snowdens are here to stay.
Daniel Ellsberg attended Harvard and Cambridge, became a decorated Marine and Pentagon analyst—and then, at 38, produced the greatest document leak in American history. He cited unjust warfare and official lies. Edward Snowden dropped out of high school and produced perhaps the second greatest leak at 29. He cited Reddit. The bad news for American intelligence: the Snowdens are here to stay.
Like Bradley Manning and even Aaron Swartz before him, Snowden is an uncommonly (overly?) brave ideologue. He is part of a new wave of radicalized nerd martyrs with limited allegiance to the monolithic institutions of state power that have traditionally recruited and manufactured our spies. There was a time when the U.S. intelligence community was populated by straight-laced company men like Ellsberg—men (yes, men, mostly) who justified their actions with the authority of God, country, and their Ivy League alma maters. And when, like Ellsberg and Philip Agee before him, they turned on their masters, it was in service of other, competing authorities.
But our comic book-sized spy apparatus doesn't just need good soldiers anymore. It needs smart employees who aren’t old. Spy monoliths like the NSA crave analysts, technicians, and officers who grew up making and breaking the same systems they’ll be tapping around the world. The NSA actively seeks out hackers—the bandits! These kids—the Snowdens—are different than the staid spooks who preceded them.
They probably grew up stealing music. They at least know what Reddit and 4chan are—there’s a decent chance Snowden used the latter.
How long until the internet figures out Edward Snowden's reddit account?
— Alexis Ohanian (@alexisohanian) June 9, 2013
They don't need Ivy League grooming—or much more than a middle-school education. Snowden was able to reach a startlingly high clearance perch without any diplomas at all. They don’t need to be trained and hammered by the military before being deemed fit for The Company—or in Manning’s case, they can be grossly disenchanted right from the barracks. Ellsberg’s path of Ivy League schooling, rigorous military training, and then sudden radicalization no longer supplies the NSA’s needs—those guys sell Bloomberg terminals now or whatever. Real nerds are the prizes, and along with their comp sci CVs comes a peculiar new kind of extremsm: anti-government anger doesn’t fester in Greek Marxist cells, where violence just flops from one extreme to another—it hovers around libertarian subreddits, Hacker News, Anonymous IRC cabals, and EFF meetups. When Ellsberg snapped, it was a thwack against a lifetime of American tradition. It doesn't look like Snowden or Manning were ever good at tradition (or cared to be)—they're not so much loners, as David Brooks says, but grunts in a different kind of army, a broad internet culture. These new mega-leakers turn their sights on state secrets not so much because the flag looks threatened, but in defense of principles that could be applied to downloaders on any corner of the global internet. Nationalism is for olds. Dreamy-eyed geo-drama tops everything else for these kids. Bradley Manning said it in 2010:
(02:26:01 PM) bradass87: i dont believe in good guys versus bad guys anymore… i only a plethora of states acting in self interest… with varying ethics and moral standards of course, but self-interest nonetheless​
Now it’s Edward Snowden’s turn:
“I don't want to live in a world where there's no privacy and therefore no room for intellectual exploration and creativity."​
Picture of Edward Snowden with @eff and @torproject stickers on his laptop. Honored to have the stickers there.…
— Kurt Opsahl (@kurtopsahl) June 9, 2013
That’s a world where overreaching copyright, corporations, and DRM are the devils, where massive data repositories aren’t scary because they exist, but because they’re not open source. Information Wants To Be Free, the bumper stickers and Reddit sloganeering goes—the freedom of a Ron Paul message board, of Bitcoin speculation, dystopian videogames, TOR encryption, and information dumps, not the freedom that goes along with the home of the brave. Snowden’s motivations—the liberation of data as a global political end, not a means—don’t make his self-immolation outing in the press any less daring. But don't be shocked to see the humblest of geeks shifting the planet and tormenting governments anymore—there are only more waiting to get their security clearances.
I'm amazed at the polls. The surveillance community must be dancing on the tables at the NSA.
Wow, holy shit. I just saw some screenshots of the presentation that was the root of the leak. It's pretty incredible, I didn't really grasp that the NSA actually has wiretaps on fiber-optic networks.

They're basically vacuuming everything up real time, all day all night.

Screenshots in this article:

The Guardian is doing some pretty good reporting:
I love how every tech company out there is trying to protect their bottom line with denials. The fucking NSA slide SAYS "COLLECTED DIRECTLY FROM SERVERS OF THESE US SERVICE PROVIDERS"...

I had always believed that we're already in a police state and have been for a long time, but to have it sink in by being proven true changes things. Snowden is right, its "turn-key tyranny".

The Times Editorial Board on the bullshit calls for 'discussions' when everything they want to discuss is a secret:

A Real Debate on Surveillance

  • June 10, 2013

For years, as the federal surveillance state grew into every corner of American society, the highest officials worked to pretend that it didn’t exist. Now that Americans are learning what really takes place behind locked doors, many officials claim they are eager to talk about it. “That’s a conversation that I welcome having,” President Obama said on Saturday. Senator Dianne Feinstein, chairwoman of the Intelligence Committee, said on Sunday that she was open to holding a public hearing on the subject now, a hearing next month, a hearing every month.

This newfound interest in openness is a little hard to take seriously, not only because of the hypocrisy involved but because neither official seems to want to do more than talk about being open. If the president wants to have a meaningful discussion, he can order his intelligence directors to explain to the public precisely how the National Security Agency’s widespread collection of domestic telephone data works. Since there’s not much point in camouflaging the program anymore, it’s time for the public to get answers to some basic questions.

Are the calls and texts of ordinary Americans mined for patterns that might put innocent people under suspicion? Why is data from every phone call collected, and not just those made by people whom the government suspects of terrorist activity? How long is the data kept, and can it be used for routine police investigations? Why was a private contractor like Edward Snowden allowed to have access to it? So far, no one at the White House seems interested in a substantive public debate.

Ms. Feinstein said on ABC News’s “This Week” program on Sunday that a secret court order on the phone-data program (leaked by Mr. Snowden) didn’t tell the full story. Another court document explained the strictures on the program, but that wasn’t leaked, she said, sounding almost regretful that it remains under seal. Ms. Feinstein doesn’t have the authority to release it herself, but she could at least demand that the administration make it public.

While they’re at it, some of the opinions of the Foreign Intelligence Surveillance Court that made these data-collection programs possible could be released. Ms. Feinstein was rebuffed when she asked the court for redacted summaries of its opinions; as chairwoman, she should use her power to demand that the administration find ways to make the court even slightly more transparent.

For years, members of Congress ignored evidence that domestic intelligence-gathering had grown beyond their control, and, even now, few seem disturbed to learn that every detail about the public’s calling and texting habits now reside in a N.S.A. database.

Representative Jim Sensenbrenner, a Republican of Wisconsin, wrote a letter to Attorney General Eric Holder Jr. last week, saying that, as the author of the Patriot Act, he didn’t believe that the collection of phone records was consistent with his interpretation of the law. But, over the years, Mr. Sensenbrenner has been repeatedly warned by critics that the law was so broad that it was subject to precisely this kind of abuse.

Senator Feinstein has held several closed-door briefings for lawmakers. If she wants to hold hearings that are useful to the public, she should focus on the laws that fostered the growth of domestic spying, and the testimony should not consist of blithe assurances that the government can be trusted. The public needs explanations of how an overreaching intelligence community pushed that trust to the brink.

And a separate article from the NYT on the same issue. Note inside the hyprocacy of the Feinstein and Obama on this issue:
Debate on Secret Data Looks Unlikely, Partly Because of Secrecy
  • June 10, 2013
WASHINGTON — Edward J. Snowden said he had leaked secret documents about National Security Agency surveillance to spark a public debate about civil liberties. President Obama, while deploring the leak, endorsed the same goal of a vigorous public discussion of the “trade-offs” between national security and personal privacy. “I think it’s healthy for our democracy, “ he said on Friday of the prospect of re-examining surveillance policy.
But the legal and political obstacles to such a debate, whether in Congress or more broadly, are formidable. They only begin with the facts that the programs at issue are highly classified and that Mr. Snowden is now a hunted man, potentially facing a prison sentence for disclosing the very secrets that started the discussion that Mr. Obama welcomed.
On Monday, the White House spokesman, Jay Carney, was pressed about just how the surveillance dialogue the president invited might take place.
Asked whether Mr. Obama would himself lead the debate or push for new legislation, Mr. Carney demurred. “I don’t have anything to preview,” he said, adding that the president’s major national security speech May 23, before the N.S.A. disclosures, showed “his interest in having the debate and the legitimacy of asking probing questions about these matters.”
Steven Aftergood, who runs the Project on Government Secrecy at the Federation of American Scientists in Washington, said: “If President Obama really welcomed a debate, there are all kinds of things he could do in terms of declassification and disclosure to foster it. But he’s not doing any of them.”
Nor is it clear that political pressure from either Congress or the public will be sufficient to prompt the administration to open the door wider on government surveillance.
Congressional leaders of both parties have so far expressed support for the newly disclosed initiatives, and the legislation governing such surveillance was renewed for five years at the end of 2012.
Representative Jim Langevin, a Rhode Island Democrat on the Intelligence Committee, said on Monday that among those in Congress who are most informed, the consensus was strong and bipartisan. “Those who have been fully briefed are comfortable with the capabilities used, the way they have been used and the due diligence exercised in making sure the agency responsible for carrying out and using the tools has been doing so within confines of the law,” he said. “There is nothing nefarious going on here.”
Lawmakers also have political incentives to endorse the programs many have voted for previously.
“The Democrats want to support Obama, and the Republicans supported FISA expansion,” said Peter Swire, an expert on privacy at Ohio State University, referring to the Foreign Intelligence Surveillance Act. “Both parties face internal tensions on this issue.”
So far, there is no groundswell of public anger to shift Congressional views. In a Washington Post-Pew Research Center poll conducted after the N.S.A. revelations, 56 percent of those polled said it was acceptable for the agency to get secret court orders to track the phone calls of millions of Americans; 41 percent said it was unacceptable.
The paradox produced by the N.S.A. disclosures — the administration beginning a criminal investigation of the man who prompted the discussion Mr. Obama called useful — is only the latest of his presidency, as he has struggled to manage a sprawling security bureaucracy that encompasses drone strikes, cyberattacks, sweeping surveillance and a ballooning amount of classified information.
Despite a stated devotion to government transparency, he waited for years to speak publicly about drones and has yet to say a single word in public about the United States’ offensive use of cyberweapons. His administration, meanwhile, has set a record in prosecuting leakers.
“The U.S. is pushing to make sure that cyberprograms comply with international law and international standards,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “But it won’t say what ours are.”
Mr. Lewis said the discussion of cyberweapons was “overclassified” in part because of the central role of the N.S.A., which old agency jokes say means No Such Agency or Never Say Anything. “The N.S.A. classifies its lunch menu,” he said.
If there were to be a major rethinking of surveillance rules, it would almost certainly have to start with Congress. But complaints about the N.S.A. programs have been largely limited to lawmakers from the Democrats’ liberal wing and the Republicans’ libertarian wing, some of whom have joined Congress since the focus on antiterrorism has decreased. Representatives Justin Amash, Republican of Michigan, and John Conyers Jr. of Michigan, the ranking Democrat on the House Judiciary Committee, are completing legislation that would make it tougher for the government to scoop up phone records and make public many of the opinions of the Foreign Intelligence Surveillance Court.
Republican and Democratic leaders in Congress and the leaders of the intelligence committees, however, remain strongly supportive of the N.S.A. programs, marshaling national security arguments to trump privacy concerns.
“I flew over the World Trade Center going to Senator Lautenberg’s funeral,” Senator Dianne Feinstein of California, the chairwoman of the Senate Intelligence Committee, said Sunday on ABC’s “This Week,” referring to Frank R. Lautenberg of New Jersey. “And I thought of those bodies jumping out of that building hitting the canopy. Part of our obligation is keeping America safe.”
Conceivably some views about the scope and propriety of the programs could change after closed briefings on the N.S.A. programs planned for House members on Tuesday and senators on Thursday. But even when a member of Congress does not like a secret program, classification rules make it tough to protest. Representative Jan Schakowsky, Democrat of Illinois and a critic of government surveillance, received a private briefing on the N.S.A.’s Internet program last year but is constrained in talking about it, said a spokeswoman, Sabrina Singh.
“She welcomes the public debate, but it’s a tough line for her to talk about because she knows more than the public,” Ms. Singh said. “It’s something she is wrestling with.”
The public, so far, continues to show a high tolerance for what the government claims is necessary to prevent terrorism. Polls also reflect a certain resignation about the erosion of privacy at a time of targeted online advertising, location-tracking cellphones and intrusive government programs.
In an Allstate/National Journal poll a week before the N.S.A. revelations, for instance, 85 percent of those polled said they thought it somewhat or very likely that businesses and the government could access citizens’ phone calls, e-mails and Internet use without their consent.
David E. Sanger contributed reporting from Washington, Somini Sengupta from San Francisco, and Megan Thee-Brenan from New York.
Secret Court Ruling Put Tech Companies in Data Bind

  • June 13, 2013
SAN FRANCISCO — In a secret court in Washington, Yahoo’s top lawyers made their case. The government had sought help in spying on certain foreign users, without a warrant, and Yahoo had refused, saying the broad requests were unconstitutional.
The judges disagreed. That left Yahoo two choices: Hand over the data or break the law.
So Yahoo became part of the National Security Agency’s secret Internet surveillance program, Prism, according to leaked N.S.A. documents, as did seven other Internet companies.
Like almost all the actions of the secret court, which operates under the Foreign Intelligence Surveillance Act, the details of its disagreement with Yahoo were never made public beyond a heavily redacted court order, one of the few public documents ever to emerge from the court. The name of the company had not been revealed until now. Yahoo’s involvement was confirmed by two people with knowledge of the proceedings. Yahoo declined to comment.
But the decision has had lasting repercussions for the dozens of companies that store troves of their users’ personal information and receive these national security requests — it puts them on notice that they need not even try to test their legality. And despite the murky details, the case offers a glimpse of the push and pull among tech companies and the intelligence and law enforcement agencies that try to tap into the reams of personal data stored on their servers.
It also highlights a paradox of Silicon Valley: while tech companies eagerly vacuum up user data to track their users and sell ever more targeted ads, many also have a libertarian streak ingrained in their corporate cultures that resists sharing that data with the government.
“Even though they have an awful reputation on consumer privacy issues, when it comes to government privacy, they generally tend to put their users first,” said Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union. “There’s this libertarian, pro-civil liberties vein that runs through the tech companies.”
Lawyers who handle national security requests for tech companies say they rarely fight in court, but frequently push back privately by negotiating with the government, even if they ultimately have to comply. In addition to Yahoo, which fought disclosures under FISA, other companies, including Google, Twitter, smaller communications providers and a group of librarians, have fought in court elements of National Security Letters, which the F.B.I. uses to secretly collect information about Americans. Last year, the government issued more than 1,850 FISA requests and 15,000 National Security Letters.
“The tech companies try to pick their battles,” said Stephen I. Vladeck, a law professor at American University who has challenged government counterterrorism surveillance. “Behind the scenes, different tech companies show different degrees of cooperativeness or pugnaciousness.”
But Mr. Vladeck added that even if a company resisted, “that may not be enough, because any pushback is secret and at the end of the day, even the most well-intentioned companies are not going to be standing in the shoes of their customers.”
FISA requests can be as broad as seeking court approval to ask a company to turn over information about the online activities of people in a certain country. Between 2008 and 2012, only two of 8,591 applications were rejected, according to data gathered by the Electronic Privacy Information Center, a nonprofit research center in Washington. Without obtaining court approval, intelligence agents can then add more specific requests — like names of individuals and additional Internet services to track — every day for a year.
National Security Letters are limited to the name, address, length of service and toll billing records of a service’s subscribers.
Because national security requests ban recipients from even acknowledging their existence, it is difficult to know exactly how, and how often, the companies cooperate or resist. Small companies are more likely to take the government to court, lawyers said, because they have fewer government relationships and customers, and fewer disincentives to rock the boat. One of the few known challenges to a National Security Letter, for instance, came from a small Internet provider in New York, the Calyx Internet Access Corporation.
The Yahoo ruling, from 2008, shows the company argued that the order violated its users’ Fourth Amendment rights against unreasonable searches and seizures. The court called that worry “overblown.”
“Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse,” the court said, adding that the government’s “efforts to protect national security should not be frustrated by the courts.”
One of the most notable challenges to a National Security Letter came from an unidentified electronic communications service provider in San Francisco. In 2011, the company was presented with a letter from the F.B.I., asking for account information of a subscriber for an investigation into “international terrorism or clandestine intelligence activities.”
The company went to court. In March, a Federal District Court judge, Susan Illston, ruled the information request unconstitutional, along with the gag order. The case is under appeal, which is why the company cannot be named.
Google filed a challenge this year against 19 National Security Letters in the same federal court, and in May, Judge Illston ruled against the company. Google was not identified in the case, but its involvement was confirmed by a person briefed on the case.
In 2011, Twitter successfully challenged a silence order on a National Security Letter related to WikiLeaks members.
Other companies are asking for permission to talk about national security requests. Google negotiated with Justice officials to publish the number of letters they received, and were allowed to say they each received between zero and 999 last year, as did Microsoft. The companies, along with Facebook and Twitter, said Tuesday that the government should give them more freedom to disclose national security requests.
The companies comply with a vast majority of nonsecret requests, including subpoenas and search warrants, by providing at least some of the data.
For many of the requests to tech companies, the government relies on a 2008 amendment to FISA. Even though the FISA court requires so-called minimization procedures to limit incidental eavesdropping on people not in the original order, including Americans, the scale of electronic communication is so vast that such information — say, on an e-mail string — is often picked up, lawyers say.
Last year, the FISA court said the minimization rules were unconstitutional, and on Wednesday, ruled that it had no objection to sharing that opinion publicly. It is now up to a federal court.
Nicole Perlroth and Somini Sengupta contributed reporting from San Francisco.
Escape from PRISM: how Twitter defies government data-sharing
  • by Adrianne Jeffries
  • June 13, 2013
When the list of prominent internet companies participating in a semi-secret government surveillance program called PRISM leaked, most of the world’s massive tech firms were not on it. But one company received particular attention for its absence: Twitter, which was approached by the National Security Agency but never joined the program. "Twitter deserves kudos for refusing to give in," wrote Techdirt.
Unlike Google or Facebook, which were both on the list, Twitter doesn’t have a lot of private data on its 200 million users. In fact, Twitter is much younger and smaller than the nine giants participating in PRISM; if it had been included, it would have stuck out. It’s much more surprising that larger companies such as Amazon and BlackBerry weren't included in the program.
However, Twitter’s refusal to join PRISM highlighted the fact that the company has a history of being uncooperative, and often antagonistic, when the government asks for user data.
Twitter has a history of being uncooperative, and often antagonistic, with the government
Current and previous employees of Twitter point to the company’s top lawyer, Alex Macgillivray, a smart, serious, and strong-willed advocate who believes Twitter is a platform for free expression and must remain as neutral as a pen. Macgillivray, who everyone simply calls "Amac" (pronounced "eh-mack") after his Twitter handle, "doesn’t give a shit" when the government comes knocking with demands and intimidation, sources told The Verge.
In practice, that still means Twitter complies with a majority — 69 percent — of government requests for information, earning the highest rating on the Electronic Frontier Foundation’s privacy scorecard. That’s much lower than Google, which complies with 88 percent of orders. Both companies have a policy of notifying users whenever their information is requested, but Twitter makes the government fight for every inch, often going to court even when victory is uncertain. When a judge attached a gag order to a request for user accounts connected to WikiLeaks, Twitter fought the order in a secret court and won. More recently, Twitter tussled with the New York City Police Department over a request for information on an Occupy Wall Street protester, and lost.
Twitter has earned a reputation for not just resisting government intrusion, but actively pushing back against it. However, the company may be collecting more plaudits than it deserves for abstaining from the government’s PRISM program — and it’s uncertain how long the young company can keep up its defiant front.
How long can Twitter keep up its defiant front?
The details of PRISM are still emerging, but leaked documents and press reports suggest it is a computerized system that makes it easier for the government to retrieve real-time data on users who are outside the US. There are many reasons why Twitter may have been able to excuse itself while others felt compelled to comply.
First, Twitter would have been a lower priority for the government than Google, Facebook, Yahoo, Skype, and the rest of the participating companies (even the relatively underground service Dropbox, which was reported to be in the process of joining, would have more potentially sensitive information to share). Twitter doesn’t have much data on its users: most posts are public, and the company doesn’t collect addresses, credit card information, or identifying information beyond IP addresses. Twitter received 1,858 government requests for user data in 2012; Google got 21,389.
It’s also possible that Twitter did not have the ability to build the system the government wanted. Twitter is famous for its growing pains; just a few years ago, the company’s iconic "fail whale" was a persistent reminder of its technical troubles. Even today, it has difficulty displaying old tweets and direct messages. Twitter could have argued that a PRISM interface would be too onerous a burden for a company that is still patching up its foundation. This excuse won’t be valid much longer, however, as Twitter shores up its internal structure.
Twitter may be incapable of building what the NSA wanted
Until recently Twitter was also focused on data minimization — collecting and storing only the barest of information — in part because of its shaky architecture. But pressure from advertisers may reverse this trend. Advertisers need more data points in order to target their ads and verify that they’re reaching users. For example, Twitter does not collect location information unless users check a box to display it on their tweets. But as monetization becomes more important, the company may be tempted to store all location information for advertisers. And the more data Twitter stores, the more attractive it is to government officials. "There is this cheesy line from the movie Field of Dreams: ‘If you build it, they will come,’" user privacy and policy expert Chris Soghoian told The Verge. "And if you store your customer data, the government’s going to come and ask for it later."
Twitter founders Evan Williams and Jason Goldman knew Macgillivray at Google, and they hired him because he shared their ideals (Goldman once went toe-to-toe with Sheryl Sandberg over censorship on the Blogger platform). However, most of the founding Twitter team has moved on, leaving Macgillivray to set the agenda on user rights.
To date, Macgillivray’s pro-user, damn-the-man attitude has permeated Twitter. He honed his philosophy at Harvard’s Berkman Center for Internet and Society and then at Google, where he was instrumental in introducing the company’s transparency reports and fought the Justice Department when it requested information on user search queries. He brought over a number of colleagues from Google, including head of litigation and intellectual property Benjamin Lee, who shared his views.
"Twitter declined to make it easier for the government."
— Biz Stone (@biz) June 8, 2013
Macgillivray isn’t a total anarchist; he’s business-minded, as long as profit goals don’t conflict with user interests. Yet he has been known to clash with Twitter CEO Dick Costolo, who recently bragged at the AllThingsD conference that Twitter’s mobile team is moving too fast to "[go] through legal." Macgillivray has retained his influence over Twitter's policies so far, but the company's priorities are changing as it grows.
The EFF declined to comment for this story, saying that it was hesitant to endorse Twitter despite the company’s good record because of its uncertainty about the future. After the recent revelation of two major government surveillance programs, Twitter joined Google, Facebook, and Microsoft in calling on the government for increased transparency around user data requests. But the company’s continued growth, coupled with pressure to make money in advance of an IPO, will be the true test of Twitter’s commitment to user privacy.
Lots of news out today. First, more than half of senators skipped a briefing on the program yesterday:
More than half of US senators skipped confidential briefing on NSA surveillance
By Joshua Kopstein on June 15, 2013

As anger continues to foment over the US National Security Agency's controversial surveillance programs, a confidential briefing on the topic held Thursday was attended by only 47 of 100 US senators.
The Hill reports that the briefing hosted several key players in the formation and execution of government surveillance programs, including NSA director Gen. Keith Alexander and Director of National Intelligence James Clapper, as well as a former judge from the secret FISA court which authorizes surveillance requests. But many senators instead elected to catch early flights home for Father's Day weekend, leaving dozens of chairs in the chamber empty.
The meeting comes a little more than a week after a series of disclosures published by The Guardian and the Washington Post showed that the NSA has been collecting the phone records and metadata of all Verizon business customers on an "ongoing, daily basis," and obtaining private communications from services such as Facebook, Google, and Skype under a program called PRISM. The Hill was not able to learn who did and did not attend the session.
"If members were more diligent about attending briefings they would be far better informed about what’s going on."
"It’s hard to get this story out. Even now we have this big briefing — we’ve got Alexander, we’ve got the FBI, we’ve got the Justice Department, we have the FISA Court there, we have Clapper there — and people are leaving," said Senate intelligence committee chair Diane Feinstein. "If members were more diligent about attending briefings they would be far better informed about what’s going on, and they would also be far more willing to challenge the intelligence community on the conclusions that they come to." NSA chief Gen. Keith Alexander has claimed that the surveillance programs have thwarted "dozens" of terrorist attacks, and directed the agency to declassify the exact number by sometime next week.
Both Feinstein and House Majority Leader Harry Reid have adamantly defended the programs, and repeatedly insisted that members of Congress had been fully briefed. But many members have said otherwise, suggesting the true nature of the programs may have been concealed.
Congress has voted twice for the FISA Amendments Act, which extends government surveillance powers. But secret interpretations of section 215 of the Patriot Act and section 702 of the FISA Amendments Act — which authorize metadata collection and PRISM internet surveillance, respectively — have left the majority of Congress in the dark about how the law is actually applied. NPR is reporting that the Obama administration is considering declassifying a key court order that authorized the NSA's collection of phone records and metadata.

Seems that the Feds let it slip yesterday that you could, in fact, listen in to someone's phone calls without a warrant:
Congressman suggests NSA can listen in on your phone calls without specific warrant

By Jeff Blagdon on June 15, 2013
Since the story about the NSA’s secret compilation of Americans’ phone call metadata broke earlier this month, the overwhelming response from government has been "nobody is listening to your telephone calls" — that the data being collected is limited to things like phone numbers and call durations. Well, perhaps unsurprisingly, it now looks like the feds might actually be listening. Or at the very least, they might not require a court order just to do so.

"We heard precisely the opposite at the briefing the other day."

CNET has posted text from a Thursday House Judiciary Committee hearing at which FBI director Robert Mueller (pictured above) testified that the government would need a "special, particularized order" from the secret FISA court in order to target a particular individual’s phone for a wiretap. After checking to make sure the details weren’t classified, Rep. Jerrold Nadler (D-NY) challenged Mueller's statement, saying, "we heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that… In other words, what you just said is incorrect. So there’s a conflict."

Update: There is some debate over the scope of Nadler's revelation. The Congressman's reference is to "specific information," and not necessarily active listening to calls made on a targeted phone. Nevertheless, Nadler is adamant that he "asked the question both times," and that intelligence officials have offered up two opposing answers.

Last year, the Senate voted to extend the FISA Amendments Act of 2008, which expanded the government's ability to conduct warrantless surveillance on domestic communications. While the FISA court’s proceedings are being held in secret, in recent days, the government has shown some willingness to open up, and is now considering whether to declassify the leaked Verizon court order responsible for raising national awareness of the phone metadata program. It has also allowed companies like Facebook and Microsoft to publish the number of requests they receive for user data, but only in large intervals and only as long as it’s obfuscated by being included as part of the total number of law enforcement requests. Google and Twitter have taken a more principled stance, arguing that the deal would be "a step back" for users.
This is an excellent op-ed from Glenn Greenwald in today's Guardian. This bears reading in full and I HIGHLY suggest you do so:

On partisanship, propaganda and PRISM

Addressing many of the issues arising from last weeks' NSA stories

  • by Glenn Greenwald
  • June 14, 2013
I haven't been able to write this week here because I've been participating in the debate over the fallout from last week's NSA stories, and because we are very busy working on and writing the next series of stories that will begin appearing very shortly. I did, though, want to note a few points, and particularly highlight what Democratic Rep. Loretta Sanchez said after Congress on Wednesday was given a classified briefing by NSA officials on the agency's previously secret surveillance activities:

"What we learned in there is significantly more than what is out in the media today. . . . I can't speak to what we learned in there, and I don't know if there are other leaks, if there's more information somewhere, if somebody else is going to step up, but I will tell you that I believe it's the tip of the iceberg . . . . I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too."​
The Congresswoman is absolutely right: what we have reported thus far is merely "the tip of the iceberg" of what the NSA is doing in spying on Americans and the world. She's also right that when it comes to NSA spying, "there is significantly more than what is out in the media today", and that's exactly what we're working to rectify.
But just consider what she's saying: as a member of Congress, she had no idea how invasive and vast the NSA's surveillance activities are. Sen. Jon Tester, who is a member of the Homeland Security Committee, said the same thing, telling MSNBC about the disclosures that "I don't see how that compromises the security of this country whatsoever" and adding: "quite frankly, it helps people like me become aware of a situation that I wasn't aware of before because I don't sit on that Intelligence Committee."
How can anyone think that it's remotely healthy in a democracy to have the NSA building a massive spying apparatus about which even members of Congress, including Senators on the Homeland Security Committee, are totally ignorant and find "astounding" when they learn of them? How can anyone claim with a straight face that there is robust oversight when even members of the Senate Intelligence Committee are so constrained in their ability to act that they are reduced to issuing vague, impotent warnings to the public about what they call radical "secret law" enabling domestic spying that would "stun" Americans to learn about it, but are barred to disclose what it is they're so alarmed by? Put another way, how can anyone contest the value and justifiability of the stories that we were able to publish as a result of Edward Snowden's whistleblowing: stories that informed the American public - including even the US Congress - about these incredibly consequential programs? What kind of person would think that it would be preferable to remain in the dark - totally ignorant - about them?
I have a column in the Guardian's newspaper edition tomorrow examining the fallout from these stories. That will be posted here and I won't repeat that now. I will, though, note the following brief items:
(1) Much of US politics, and most of the pundit reaction to the NSA stories, are summarized by this one single visual from Pew:

The most vocal media critics of our NSA reporting, and the most vehement defenders of NSA surveillance, have been, by far, Democratic (especially Obama-loyal) pundits. As I've written many times, one of the most significant aspects of the Obama legacy has been the transformation of Democrats from pretend-opponents of the Bush War on Terror and National Security State into their biggest proponents: exactly what the CIA presciently and excitedly predicted in 2008 would happen with Obama's election.
Some Democrats have tried to distinguish 2006 from 2013 by claiming that the former involved illegal spying while the latter does not. But the claim that current NSA spying is legal is dubious in the extreme: the Obama DOJ has repeatedly thwarted efforts by the ACLU, EFF and others to obtain judicial rulings on their legality and constitutionality by invoking procedural claims of secrecy, immunity and standing. If Democrats are so sure these spying programs are legal, why has the Obama DOJ been so eager to block courts from adjudicating that question?
More to the point, Democratic critiques of Bush's spying were about more than just legality. I know that because I actively participated in the campaign to amplify those critiques. Indeed, by 2006, most of Bush's spying programs - definitely his bulk collection of phone records - were already being conducted under the supervision and with the blessing of the FISA court. Moreover, leading members of Congress - including Nancy Pelosi - were repeatedly briefed on all aspects of Bush's NSA spying program. So the distinctions Democrats are seeking to draw are mostly illusory.
To see how that this is so, just listen to then-Senator Joe Biden in 2006 attack the NSA for collecting phone records: he does criticize the program for lacking FISA supervision, but also claims to be alarmed by just how invasive and privacy-destroying that sort of bulk record collection is. He says he "doesn't think" that the program passes the Fourth Amendment test: how can Bush's bulk collection program be unconstitutional while Obama's program is? But he also rejected Bush's defense (exactly the argument Obama is making now) - that "we're not listening to the phone calls, we're just looking for patterns" - by saying this:
I don't have to listen to your phone calls to know what you're doing. If I know every single phone call you made, I'm able to determine every single person you talked to. I can get a pattern about your life that is very, very intrusive. . . . If it's true that 200 million Americans' phone calls were monitored - in terms of not listening to what they said, but to whom they spoke and who spoke to them - I don't know, the Congress should investigative this."​
Is collecting everyone's phone records not "very intrusive" when Democrats are doing it? Just listen to that short segment to see how every defense Obama defenders are making now were the ones Bush defenders made back then. Again, leading members of Congress and the FISA court were both briefed on and participants in the Bush telephone record collection program as well, yet Joe Biden and most Democrats found those programs very alarming and "very intrusive" back then.
(2) Notwithstanding the partisan-driven Democratic support for these programs, and notwithstanding the sustained demonization campaign aimed at Edward Snowden from official Washington, polling data, though mixed, has thus far been surprisingly encouraging.
A Time Magazine poll found that 54% of Americans believe Snowden did "a good thing", while only 30% disagreed. That approval rating is higher than the one enjoyed by both Congress and President Obama. While a majority think he should be nonetheless prosecuted, a plurality of young Americans, who overwhelmingly view Snowden favorably, do not even want to see him charged. Reuters found that more Americans see Snowden as a "patriot" than a "traitor". A Gallup poll this week found that more Americans disapprove (53%) than approve (37%) of the two NSA spying programs revealed last week by the Guardian.
(3) Thomas Drake, an NSA whistleblower who was unsuccessfully prosecuted by the Obama DOJ, writes in the Guardian that as a long-time NSA official, he saw all of the same things at the NSA that Edward Snowden is now warning Americans about. Drake calls Snowden's acts "an amazingly brave and courageous act of civil disobedience." William Binney, the mathematician who resigned after a 30-year career as a senior NSA official in protest of post-9/11 domestic surveillance, said on Democracy Now this week that Snowden's claims about the NSA are absolutely true.
Meanwhile, Daniel Ellsberg, writing in the Guardian, wrote that "there has not been in American history a more important leak than Edward Snowden's release of NSA material – and that definitely includes the Pentagon Papers 40 years ago." He added: "Snowden did what he did because he recognized the NSA's surveillance programs for what they are: dangerous, unconstitutional activity."
Listen to actual experts and patriots - people who have spent their careers inside the NSA and who risked their liberty for the good of the country - and the truth of Snowden's claims and the justifiability of his acts become manifest.
(4) As we were about to begin publishing these NSA stories, a veteran journalist friend warned me that the tactic used by Democratic partisans would be to cling and endlessly harp on any alleged inaccuracy in any one of the stories we publish as a means of distracting attention away from the revelations and discrediting the entire project. That proved quite prescient, as that is exactly what they have done.
Thus far we have revealed four independent programs: the bulk collection of telephone records, the PRISM program, Obama's implementation of an aggressive foreign and domestic cyber-operations policy, and false claims by NSA officials to Congress. Every one of those articles was vetted by multiple Guardian editors and journalists - not just me. Democratic partisans have raised questions about only one of the stories - the only one that happened to be also published by the Washington Post (and presumably vetted by multiple Post editors and journalists) - in order to claim that an alleged inaccuracy in it means our journalism in general is discredited.
They are wrong. The story was not inaccurate. The Washington Post revised parts of its article, but its reporter, Bart Gellman, stands by its core claims ("From their workstations anywhere in the world, government employees cleared for PRISM access may 'task' the system and receive results from an Internet company without further interaction with the company's staff").
The Guardian has not revised any of our article and has no intention to do so. That's because we did not claim that the NSA document alleging direct collection from the servers was true; we reported - accurately - that the NSA document claims that the program allows direct collection from the companies' servers. Before publishing, we went to the internet companies named in the documents and asked about these claims. When they denied it, we purposely presented the story as one of a major discrepancy between what the NSA document claims and what the internet companies claim, as the headline itself makes indisputably clear:

The NSA document says exactly what we reported. Just read it and judge for yourself (PRISM is "collection directly from the servers of these US service provers"). It's amusingly naive how some people seem to think that because government officials or corporate executives issue carefully crafted denials, this resolves the matter. Read the ACLU's tech expert, Chris Soghoian, explain why the tech companies' denials are far less significant and far more semantic than many are claiming.
Nor do these denials make any sense. If all the tech companies are doing under PRISM is providing what they've always provided to the NSA, but simply doing it by a different technological means, then why would a new program be necessary at all? How can NSA officials claim that a program that does nothing more than change the means for how this data is delivered is vital in stopping terrorist threats? Why does the NSA document hail the program as one that enables new forms of collection? Why would it be "top secret" if all this was were just some new way of transmitting court-ordered data? How is PRISM any different in any meaningful way from how the relationship between the companies and the NSA has always functioned?
As a follow-up to our article, the New York Times reported on extensive secret negotiations between Silicon Valley executives and NSA officials over government access to the companies' data. It's precisely because these arrangements are secret and murky yet incredibly significant that we published our story about these conflicting claims. They ought to be resolved in public, not in secret. The public should know exactly what access the NSA is trying to obtain to the data of these companies, and should know exactly what access these companies is providing. Self-serving, unchecked, lawyer-vetted denials by these companies doesn't remotely resolve these questions.
In a Nation post yesterday, Rick Perlstein falsely accuses me of not having addressed the questions about the PRISM story. I've done at least half-a-dozen television shows in the last week where I was asked about exactly those questions and answered fully with exactly what I've written here (see this appearance with Chris Hayes as just the latest example); the fact that Perlstein couldn't be bothered to use Google doesn't entitled him to falsely claim I haven't addressed these questions. I have repeatedly, and do so here again.
I know that many Democrats want to cling to the belief that, in Perlstein's words, "the powers that be will find it very easy to seize on this one error to discredit [my] NSA revelation, even the ones he nailed dead to rights". Perlstein cleverly writes that "such distraction campaigns are how power does its dirtiest work" as he promotes exactly that.
But that won't happen. The documents and revelations are too powerful. The story isn't me, or Edward Snowden, or the eagerness of Democratic partisans to defend the NSA as a means of defending Preisdent Obama, and try as they might, Democrats won't succeed in making the story be any of those things. The story is the worldwide surveillance apparatus the NSA is constructing in the dark and the way that has grown under Obama, and that's where my focus is going to remain.
(5) NYU Journalism professor Jay Rosen examines complaints that my having strong, candidly acknowledged opinions on surveillance policies somehow means that the journalism I do on those issues is suspect. It is very worth reading what he has to say on this topic as it gets to the heart about several core myths about what journalism is.
(6) Last week, prior to the revelation of our source's identity, I wrote that "ever since the Nixon administration broke into the office of Daniel Ellsberg's psychoanalyst's office, the tactic of the US government has been to attack and demonize whistleblowers as a means of distracting attention from their own exposed wrongdoing and destroying the credibility of the messenger so that everyone tunes out the message" and "that attempt will undoubtedly be made here."
The predictable personality assaults on Snowden have begun in full force from official Washington and their media spokespeople. They are only going to intensify. There is nobody who political officials and their supine media class hate more than those who meaningfully dissent from their institutional orthodoxies and shine light on what they do. The hatred for such individuals is boundless.
There are two great columns on this dynamic. This one by Reuters' Jack Shafer explores how elite Washington reveres powerful leakers that glorify political officials, but only hate marginalized and powerless leakers who discredit Washington and its institutions. And perhaps the best column yet on Snowden comes this morning from the Daily Beast's Kirsten Powers: just please take the time to read it all, as it really conveys the political and psychological rot that is driving the attacks on him and on his very carefully vetted disclosures.
Here's the Daily Beast article that Greenwald references. VERY illuminating:
The Sickening Snowden Backlash
It's appalling to hear the Washington bureaucrats and their media allies trash Edward Snowden as a traitor, when it's our leaders and the NSA who have betrayed us, writes Kirsten Powers.
  • by Kirsten Powers
  • June 14, 2013
Hell hath no fury like the Washington establishment scorned.
Since Edward Snowden came forward to identify himself as the leaker of the National Security Agency spying programs, the D.C. mandarins have been working overtime to discredit the man many view as a hero for revealing crucial information the government had wrongfully kept secret. Apparently, if you think hiding information about spying on Americans is bad, you are misguided. The real problem is that Snowden didn’t understand that his role is to sit and be quiet while the “best and the brightest” keep Americans in the dark about government snooping on private citizens.

John Boehner (top left), Edward Snowden and Dianne Feinstein. (Clockwise from top left: Getty (2); AP)
By refusing to play this role, Snowden has been called a "traitor" by House Majority Leader John Boehner. Sen. Dianne Feinstein called the leaks "an act of treason." The fury among the protectors of the status quo is so great that you have longtime Washington Post columnist Richard Cohen smearing Snowden as a “cross-dressing Little Red Riding Hood.” The New York Times’s David Brooks lamented that Snowden, who put himself in peril for the greater good, was too “individualistic.” It seems that he wasn’t sufficiently indoctrinated to blindly worship the establishment institutions that have routinely failed us. Brooks argued that “for society to function well, there have to be basic levels of trust and cooperation, a respect for institutions and deference to common procedures.”
This is backward. It’s the institutions that need to demonstrate respect for the public they allegedly serve. If Snowden or any other American is skeptical of institutional power, it is not due to any personal failing on their part. The lack of respect is a direct outgrowth of the bad behavior of the nation’s institutions, behavior that has undermined Americans’ trust in them. According to Gallup’s “confidence in institutions” poll, trust is at an historic low, with Congress clocking in at a 13 percent approval rating in 2012. Yes, this is the same Congress that has “oversight” of the government spying programs.
When one major institution (the Washington media establishment) so seamlessly partners with another (the U.S. government) in trashing a whistleblower, it’s not hard to understand why Americans might be jaded. The New Yorker’s Jeffrey Toobin wrote that Snowden is "a grandiose narcissist who deserves to be in prison."MSNBC’s Lawrence O’Donnell complained about Snowden’s naiveté and “maturity level,” as if only a child would believe the government should be transparent about its activity.Politico’s Roger Simon called Snowden “the slacker who came in from the cold,” with “all the qualifications to become a grocery bagger.” That people feel comfortable sneering about grocery workers—a respectable job—and writing off Snowden’s years working as a security guard as sloth tells you a bit about the culture of the nation’s capital, doesn’t it?
But he didn’t finish high school! Actually, Snowden earned a general equivalency diploma (GED), but that hasn’t stopped his detractors from spitting this accusation like an epithet. On Wednesday's Late Show With David Letterman, Tom Brokaw dismissed Snowden as "a high school dropout who is a military washout." On Tuesday, Sen. Susan Collins, mocked the 29-year-old man as “a high school drop-out who had little maturity [and] had not successfully completed anything he had undertaken.” Yes, if only he had gone to Harvard or Yale like our last four presidents, who have done such a bang-up job running the country. By the way, according to Glenn Greenwald, Snowden actually worked as a contractor for four years at the NSA, which suggests some level of specialized skill.
It says something about the lack of a positive case for keeping the NSA spying programs secret that the main line of defense is to attack Snowden for lacking the proper credentials to speak out against the government.
In an interview with George Stephanopoulous, Speaker John Boehner called Edward Snowden a traitor, just one politician to rebuke the whistleblower.
Apparently we are supposed to “respect institutions” so much that we never feel entitled to information about how they operate, even when it involves our private communications. Only because of Snowden do we know that our government is storing records of our phone data that can be mined for God only knows how long. This same government opted to not prosecute its workers who destroyed CIA interrogation records that might have implicated the government in law breaking. Does this seem right?
Director of National Intelligence James Clapper blatantly lied to Congress about the activity of the NSA, and there seems to be no ramifications. Yet the Washington establishment wants to put Snowden in jail and throw away the key for telling the truth. We are told to blindly respect an institution that persecutes whistleblowers for leaks of overclassified government information while watching the Obama administration’s leaking of secret government information to aggrandize the president during his reelection campaign. So, please tell us more about how we should have more respect for our institutions.
Whether one supports or opposes the NSA spying programs, Snowden has done a public service by exposing them and igniting a debate about government surveillance that even the president says he welcomes. There is no reason for the mere existence of either program to have been classified by the Most Transparent Administration in History. The claims that terrorists have been tipped off by these revelations are not credible. Nobody seriously believes that until now terrorists didn’t know the American government is monitoring their email and phone calls. Sen. Jon Tester (D-MT) told MSNBC Wednesday, “I don't see how [Snowden’s leaks] compromises the security of this country whatsoever.”
In his 2003 book, Why Societies Need Dissent, liberal law professor Cass Sunstein pointed out that, in society, “a single dissenter or voice of sanity is likely to have a huge impact.” But the problem for dissenters is that they “have little incentive to speak out, because they would gain nothing from dissenting” and in fact might be punished.
Snowden knew this and he did it anyway. He clearly understands something that those screaming "traitor" do not: the allegiance we have as Americans is to the Constitution, not the institution of government. Snowden summed it up best when he told a South China Morning Post reporter this week, “I’m neither a traitor nor a hero. I’m an American.”

And here's a good op-ed piece on the selective nature of prosecuting leakers:
Edward Snowden and the selective targeting of leaks

  • June 11, 2013
Edward Snowden’s expansive disclosures to the Guardian and the Washington Post about various National Security Agency (NSA) surveillance programs have only two corollaries in contemporary history—the classified cache Bradley Manning allegedly released to WikiLeaks a few years ago and Daniel Ellsberg’s dissemination of the voluminous Pentagon Papers to the New York Times and other newspapers in 1971.
Leakers like Snowden, Manning and Ellsberg don’t merely risk being called narcissists, traitors or mental cases for having liberated state secrets for public scrutiny. They absolutely guarantee it. In the last two days, the New York Times’s David Brooks, Politico’s Roger Simon, the Washington Post‘s Richard Cohen and others have vilified Snowden for revealing the government’s aggressive spying on its own citizens, calling him self-indulgent, a loser and a narcissist.
Yet even as the insults pile up and the amateur psychoanalysis intensifies, keep in mind that Snowden’s leak has more in common with the standard Washington leak than should make the likes of Brooks, Simon and Cohen comfortable. Without defending Snowden for breaking his vow to safeguard secrets, he’s only done in the macro what the national security establishment does in the micro every day of the week to manage, manipulate and influence ongoing policy debates. Keeping the policy leak separate from the heretic leak is crucial to understanding how these stories play out in the press.
Secrets are sacrosanct in Washington until officials find political expediency in either declassifying them or leaking them selectively. It doesn’t really matter which modern presidential administration you decide to scrutinize for this behavior, as all of them are guilty. For instance, President George W. Bush’s administration declassified or leaked whole barrels of intelligence, raw and otherwise, to convince the public and Congress making war on Iraq was a good idea. Bush himself ordered the release of classified prewar intelligence about Iraq through Vice President Dick Cheney and Chief of Staff I. Lewis “Scooter” Libby to New York Times reporter Judith Miller in July 2003.
Sometimes the index finger of government has no idea of what the thumb is up to. In 2007, Vice President Cheney went directly to Bush with his complaint about what he considered to be a damaging national security leak in a column by the Washington Post’s David Ignatius. “Whoever is leaking information like this to the press is doing a real disservice, Mr. President,” Cheney said. Later, Bush’s national security adviser paid a visit to Cheney to explain that Bush, um, had authorized him to make the leak to Ignatius.
In 2010, NBC News reporter Michael Isikoff detailed similar secrecy machinations by the Obama administration, which leaked to Bob Woodward “a wealth of eye-popping details from a highly classified briefing” to President-elect Barack Obama two days after the November 2008 election. Among the disclosures to appear in Woodward’s book “Obama’s Wars” were, Isikoff wrote, “the code names of previously unknown NSA programs, the existence of a clandestine paramilitary army run by the CIA in Afghanistan, and details of a secret Chinese cyberpenetration of Obama and John McCain campaign computers.”
The secrets shared with Woodward were so delicate Obama transition chief John Podesta was barred from attendance at the briefing, which was conducted inside a windowless, secure room known as a Sensitive Compartmented Information Facility, or “SCIF.”
Isikoff asked, quite logically, how the Obama administration could pursue a double standard in which it prosecuted mid-level bureaucrats and military officers for their leaks to the press but allowed administration officials to dispense bigger secrets to Woodward. The best answer Isikoff could find came from John Rizzo, a former CIA general counsel, who surmised that prosecuting leaks to Woodward would be damn-near impossible to prosecute if the president or the CIA director authorized them.
The political uses of official leaks never goes unnoticed by the opposing party. In 2012, as the presidential campaigns gathered speed, after the New York Times published stories about classified programs, including the “kill list,” the drone program, details about the Osama bin Laden raid, and Stuxnet, all considered successes by the administration. The reports infuriated Sen. John McCain (R-Ariz.), who essentially accused the Obama White House of leaking these top secrets for political gain.
“This is not a game. This is far more important than mere politics. Laws have apparently been broken,” McCain cried. To the best of my knowledge, no investigation of these alleged leaks to the press have been ordered or are active, and I have yet to hear Messrs. Brooks, Simon and Cohen describe these leakers of those details as self-indulgent, losers or narcissists. [Addendum, 9:24 p.m.: There is a Stuxnet investigation.]
Another variety of the political leak is the counter-leak or convenient declassification, designed to neutralize or stigmatize an unauthorized leaker. The National Journal’s Ron Fournier, a former Washington bureau chief for the Associated Press, explicitly charges the Obama administration with dispensing intelligence about the bin Laden raid to the press to “promote the president’s reelection bid.” He claims that virtually every unauthorized leak ends up being matched by the release of classified information or “authorized” leak. Indeed, immediately following Snowden’s NSA leaks, Rep. Mike Rogers (R-Mich.), the chairman of the House of Representatives Intelligence Committee, is said to have claimed NSA spying helped defeat a planned attack on the New York City subway system, although that claim is disputed.
Sometimes the counter-leak is more revealing than the leak it was intended to bury. In 2012, then-national security adviser John Brennan went a tad too far counter-leaking in his attempt to nullify an Associated Press report about the foiled underwear bomber plot. In a conference call with TV news pundits, Brennan offered that the plot could never succeed because the United States had “inside control” of it, which helped expose a double-agent working for Western intelligence. Instead of being prosecuted for leaking sensitive, classified intelligence, Brennan was promoted to director of the CIA; that’s the privilege of the policy leak.
Authorized leaks from the top aren’t the only ones that generally go unpunished. Sometimes when policy debates get driven underground by secrecy, members of the governing elite band together and tell their story to the press. The most recent example of this banding would be the 2005 stories in the New York Times about a previous secret NSA surveillance program. The Times series by James Risen and Eric Lichtblau enraged the Bush White House, but there nobody was charged with leaking because the series portrayed itself (accurately, I would guess) as the product of intense, internal government dissent. As Risen and Lichtblau wrote, nearly “a dozen current and former officials” spoke to the paper anonymously about the program “because of their concerns about the operation’s legality and oversight.”
The willingness of the government to punish leakers is inversely proportional to the leakers’ rank and status, which is bad news for someone so lacking in those attributes as Edward Snowden. But as the Snowden prosecution commences, we should question his selective prosecution. Let’s ask, as Isikoff did of the Obama administration officials who leaked to Woodward, why Snowden is singled out for punishment when he’s essentially done what the insider dissenters did when they spoke with Risen and Lichtblau in 2005 about an invasive NSA program. He deserves the same justice and the same punishment they received.
We owe Snowden a debt of gratitude for restarting—or should I say starting?—the public debate over the government’s secret but “legal” intrusions into our privacy. His leaks, filtered through the Guardian and the Washington Post, give us a once-in-a-generation opportunity to place limits on our power-mad government.
This is just a fascinating piece on the philosophy of the secrecy complex:
The Real War on Reality

Classified Information and State Secrets, Cyberattacks and Hackers, Mercenaries and Private Military Contractors, Philosophy, Surveillance of Citizens by Government
If there is one thing we can take away from the news of recent weeks it is this: the modern American surveillance state is not really the stuff of paranoid fantasies; it has arrived.
The revelations about the National Security Agency’s PRISM data collection program have raised awareness — and understandably, concern and fears — among American and those abroad, about the reach and power of secret intelligence gatherers operating behind the facades of government and business.
Surveillance and deception are not just fodder for the next “Matrix” movie, but a real sort of epistemic warfare.​
But those revelations, captivating as they are, have been partial —they primarily focus on one government agency and on the surveillance end of intelligence work, purportedly done in the interest of national security. What has received less attention is the fact that most intelligence work today is not carried out by government agencies but by private intelligence firms and that much of that work involves another common aspect of intelligence work: deception. That is, it is involved not just with the concealment of reality, but with the manufacture of it.
The realm of secrecy and deception among shadowy yet powerful forces may sound like the province of investigative reporters, thriller novelists and Hollywood moviemakers — and it is — but it is also a matter for philosophers. More accurately, understanding deception and and how it can be exposed has been a principle project of philosophy for the last 2500 years. And it is a place where the work of journalists, philosophers and other truth-seekers can meet.
In one of the most referenced allegories in the Western intellectual tradition, Plato describes a group of individuals shackled inside a cave with a fire behind them. They are able to see only shadows cast upon a wall by the people walking behind them. They mistake shadows for reality. To see things as they truly are, they need to be unshackled and make their way outside the cave. Reporting on the world as it truly is outside the cave is one of the foundational duties of philosophers.
In a more contemporary sense, we should also think of the efforts to operate in total secrecy and engage in the creation of false impressions and realities as a problem area in epistemology — the branch of philosophy concerned with the nature of knowledge. And philosophers interested in optimizing our knowledge should consider such surveillance and deception not just fodder for the next “Matrix” movie, but as real sort of epistemic warfare.

To get some perspective on the manipulative role that private intelligence agencies play in our society, it is worth examining information that has been revealed by some significant hacks in the past few years of previously secret data.
Important insight into the world these companies came from a 2010 hack by a group best known as LulzSec (at the time the group was called Internet Feds), which targeted the private intelligence firm HBGary Federal. That hack yielded 75,000 e-mails. It revealed, for example, that Bank of America approached the Department of Justice over concerns about information that WikiLeaks had about it. The Department of Justice in turn referred Bank of America to the lobbying firm Hunton and Willliams, which in turn connected the bank with a group of information security firms collectively known as Team Themis.
Team Themis (a group that included HBGary and the private intelligence and security firms Palantir Technologies, Berico Technologies and Endgame Systems) was effectively brought in to find a way to undermine the credibility of WikiLeaks and the journalist Glenn Greenwald (who recently broke the story of Edward Snowden’s leak of the N.S.A.’s Prism program), because of Greenwald’s support for WikiLeaks. Specifically, the plan called for actions to “sabotage or discredit the opposing organization” including a plan to submit fake documents and then call out the error. As for Greenwald, it was argued that he would cave “if pushed” because he would “choose professional preservation over cause.” That evidently wasn’t the case.
Team Themis also developed a proposal for the Chamber of Commerce to undermine the credibility of one of its critics, a group called Chamber Watch. The proposal called for first creating a “false document, perhaps highlighting periodical financial information,” giving it to a progressive group opposing the Chamber, and then subsequently exposing the document as a fake to “prove that U.S. Chamber Watch cannot be trusted with information and/or tell the truth.”
(A photocopy of the proposal can be found here.)
In addition, the group proposed creating a “fake insider persona” to infiltrate Chamber Watch. They would “create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second.”
Psyops need not be conducted by nation states; they can be undertaken by anyone with the capabilities and the incentive to conduct them.​
The hack also revealed evidence that Team Themis was developing a “persona management” system — a program, developed at the specific request of the United States Air Force, that allowed one user to control multiple online identities (“sock puppets”) for commenting in social media spaces, thus giving the appearance of grass roots support. The contract was eventually awarded to another private intelligence firm.
This may sound like nothing so much as a “Matrix”-like fantasy, but it is distinctly real, and resembles in some ways the employment of “Psyops” (psychological operations), which as most students of recent American history know, have been part of the nation’s military strategy for decades. The military’s “Unconventional Warfare Training Manual” defines Psyops as “planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals.” In other words, it is sometimes more effective to deceive a population into a false reality than it is to impose its will with force or conventional weapons. Of course this could also apply to one’s own population if you chose to view it as an “enemy” whose “motives, reasoning, and behavior” needed to be controlled.
Psyops need not be conducted by nation states; they can be undertaken by anyone with the capabilities and the incentive to conduct them, and in the case of private intelligence contractors, there are both incentives (billions of dollars in contracts) and capabilities.
Several months after the hack of HBGary, a Chicago area activist and hacker named Jeremy Hammond successfully hacked into another private intelligence firm — Strategic Forcasting Inc., or Stratfor), and released approximately five million e-mails. This hack provided a remarkable insight into how the private security and intelligence companies view themselves vis a vis government security agencies like the C.I.A. In a 2004 e-mail to Stratfor employees, the firm’s founder and chairman George Friedman was downright dismissive of the C.I.A.’s capabilities relative to their own: “Everyone in Langley [the C.I.A.] knows that we do things they have never been able to do with a small fraction of their resources. They have always asked how we did it. We can now show them and maybe they can learn.”
The Stratfor e-mails provided us just one more narrow glimpse into the world of the private security firms, but the view was frightening. The leaked e-mails revealed surveillance activities to monitor protestors in Occupy Austin as well as Occupy’s relation to the environmental group Deep Green Resistance. Staffers discussed how one of their own men went undercover (“U/C”) and inquired about an Occupy Austin General Assembly meeting to gain insight into how the group operates.

Stratfor was also involved in monitoring activists who were seeking reparations for victims of a chemical plant disaster in Bhopal, India, including a group called Bophal Medical Appeal. But the targets also included The Yes Men, a satirical group that had humiliated Dow Chemical with a fake news conference announcing reparations for the victims. Stratfor regularly copied several Dow officers on the minutia of activities by the two members of the Yes Men.
One intriguing e-mail revealed that the Coca-Cola company was asking Stratfor for intelligence on PETA (People for the Ethical Treatment of Animals) with Stratfor vice president for Intelligence claiming that “The F.B.I. has a classified investigation on PETA operatives. I’ll see what I can uncover.” From this one could get the impression that the F.B.I. was in effect working as a private detective Stratfor and its corporate clients.
Stratfor also had a broad-ranging public relations campaign. The e-mails revealed numerous media companies on its payroll. While one motivation for the partnerships was presumably to have sources of intelligence, Stratfor worked hard to have soap boxes from which to project its interests. In one 2007 e-mail, it seemed that Stratfor was close to securing a regular show on NPR: “[the producer] agreed that she wants to not just get George or Stratfor on one time on NPR but help us figure the right way to have a relationship between ‘Morning Edition’ and Stratfor.”
On May 28 Jeremy Hammond pled guilty to the Stratfor hack, noting that even if he could successfully defend himself against the charges he was facing, the Department of Justice promised him that he would face the same charges in eight different districts and he would be shipped to all of them in turn. He would become a defendant for life. He had no choice but to plea to a deal in which he may be sentenced to 10 years in prison. But even as he made the plea he issued a statement, saying “I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.” (In a video interview conducted by Glenn Greenwald with Edward Snowden in Hong Kong this week, Snowden expressed a similar ethical stance regarding his actions.)
Given the scope and content of what Hammond’s hacks exposed, his supporters agree that what he did was right. In their view, the private intelligence industry is effectively engaged in Psyops against American public., engaging in “planned operations to convey selected information to [us] to influence [our] emotions, motives, objective reasoning and, ultimately, [our] behavior”? Or as the philosopher might put it, they are engaged in epistemic warfare.
The Greek word deployed by Plato in “The Cave” — aletheia — is typically translated as truth, but is more aptly translated as “disclosure” or “uncovering” — literally, “the state of not being hidden.” Martin Heidegger, in an essay on the allegory of the cave, suggested that the process of uncovering was actually a precondition for having truth. It would then follow that the goal of the truth-seeker is to help people in this disclosure — it is to defeat the illusory representations that prevent us from seeing the world the way it is. There is no propositional truth to be had until this first task is complete.
This is the key to understanding why hackers like Jeremy Hammond are held in such high regard by their supporters. They aren’t just fellow activists or fellow hackers — they are defending us from epistemic attack. Their actions help lift the hood that is periodically pulled over our eyes to blind us from the truth.
Peter Ludlow is a professor of philosophy at Northwestern University and is currently co-producing (with Vivien Weisman) a documentary on Hacktivist actions against private intelligence firms and the surveillance state.

And this should be fairly obvious to anyone even paying the slightest bit of attention:
Retired Federal Judge: Your Faith In Secret Surveillance Court Is Dramatically Misplaced
by Nicole Flatow
A retired federal judge warned Friday against blind faith in the secret court deciding the scope of U.S. government surveillance. During a panel discussion on constitutional privacy protection in the wake of a leaked Foreign Intelligence Surveillance Court decision that revealed widespread NSA data collection, U.S. District Judge Nancy Gertner stood up in the audience to counter the statements of conservative law professor Nathan Sales that secret surveillance requests are subject to meaningful judicial review. She cautioned:
As a former Article III judge, I can tell you that your faith in the FISA Court is dramatically misplaced.
Two reasons: One … The Fourth Amendment frameworks have been substantially diluted in the ordinary police case. One can only imagine what the dilution is in a national security setting. Two, the people who make it on the FISA court, who are appointed to the FISA court, are not judges like me. Enough said.​
Gertner, now a professor at Harvard Law School who teaches criminal law and criminal procedure, was a civil rights and criminal defense lawyer before being confirmed to the federal bench in 1993. In an interview with ThinkProgress, Gertner explained that the selection process for the secret national security court formed in 1978 is more “anointment” than appointment, with the Chief Justice of the United States — now John G. Roberts — selecting from a pool of already-conservative federal judges those he thinks are most suited to decide national security cases in secret:
It’s an anointment process. It’s not a selection process. But you know, it’s not boat rockers. So you have a [federal] bench which is way more conservative than before. This is a subset of that. And it’s a subset of that who are operating under privacy, confidentiality, and national security. To suggest that there is meaningful review it seems to me is an illusion.
Gertner, an attendee at the American Constitution Society’s national convention, stood up during a panel discussion to make her comment after Sales, a law professor at George Mason University, suggested that individuals have some protection from excessive government surveillance because the Internet Service Providers who field government requests for information have the opportunity to challenge those requests before the secret court. “This isn’t a a paper tiger,” he said. “This is a court that engages in judicial review.” Gertner urged the audience to be skeptical about the court’s oversight, both because of its severely conservative make-up, and its secrecy. The judge whose order was leaked by former NSA contractor Edward Snowden was Judge Roger Vinson, who authored the error-riddled federal court decision striking down the Affordable Care Act that even his fellow conservatives rejected.
Gertner also questioned the need for a secret court, noting that national security protections exist within the civilian court system:
I’m very troubled by that. When you get cases in court, in regular civilian court that have national security issues that have classified information, we developed a process whereby the parties would develop security clearances and it could be presented to the court without it being disclosed to anyone else. It is not entirely clear to me why a civilian court with those protections that is otherwise transparent couldn’t do the job. That’s the way we did it before. Then we moved to this national security court. The notion that we have to have a conversation about major incursions on civil liberties and that we have step back and say we don’t really know, we haven’t seen the standards, we haven’t seen the opinions is extraordinary troubling in a democracy.
The surveillance court has authorized almost every request for government surveillance since 1979, and flat-out rejected just .03 percent of the government requests, the Wall Street Journal reported Sunday. In the wake of the leak, the secret court held Wednesday that its own rules did not prevent the release of its decisions, should a federal court order their release. The plaintiffs will now have to continue their lawsuit to make one particular decision public. Senators introduced a bill this week to require the Attorney General to declassify all major FISC decisions.
This is a great piece from Bloomberg on the cozy agreements that tech companies are making with the government:
U.S. Agencies Said to Swap Data With Thousands of Firms
by Michael Riley
  • June 14, 2013
Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said.
These programs, whose participants are known as trusted partners, extend far beyond what was revealed by Edward Snowden, a computer technician who did work for the National Security Agency. The role of private companies has come under intense scrutiny since his disclosure this month that the NSA is collecting millions of U.S. residents’ telephone records and the computer communications of foreigners from Google Inc (GOOG). and other Internet companies under court order.
Many of these same Internet and telecommunications companies voluntarily provide U.S. intelligence organizations with additional data, such as equipment specifications, that don’t involve private communications of their customers, the four people said.
Makers of hardware and software, banks, Internet security providers, satellite telecommunications companies and many other companies also participate in the government programs. In some cases, the information gathered may be used not just to defend the nation but to help infiltrate computers of its adversaries.
Along with the NSA, the Central Intelligence Agency (0112917D), the Federal Bureau of Investigation and branches of the U.S. military have agreements with such companies to gather data that might seem innocuous but could be highly useful in the hands of U.S. intelligence or cyber warfare units, according to the people, who have either worked for the government or are in companies that have these accords.
Microsoft Bugs

Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government “an early start” on risk assessment and mitigation.
Willing Cooperation

Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judge’s order if it were done in the U.S., one of the four people said.
In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily.
The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar with the agreements.
Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.’s major spy agencies, the people familiar with those programs said.
‘Thank Them’

Michael Hayden, who formerly directed the National Security Agency and the CIA, described the attention paid to important company partners: “If I were the director and had a relationship with a company who was doing things that were not just directed by law but were also valuable to the defense of the Republic, I would go out of my way to thank them and give them a sense as to why this is necessary and useful.”
“You would keep it closely held within the company and there would be very few cleared individuals,” Hayden said.
Cooperation between nine U.S. Internet companies and the NSA’s Special Source Operations unit came to light along with a secret program called Prism. According to a slide deck provided by Snowden, the program gathers e-mails, videos, and other private data of foreign surveillance targets through arrangements that vary by company, overseen by a secret panel of judges.
U.S. intelligence agencies have grown far more dependent on such arrangements as the flow of much of the world’s information has grown exponentially through switches, cables and other network equipment maintained by U.S. companies.
Equipment Specs

In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isn’t subject to oversight because it doesn’t involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military.
Typically, a key executive at a company and a small number of technical people cooperate with different agencies and sometimes multiple units within an agency, according to the four people who described the arrangements.
Committing Officer

If necessary, a company executive, known as a “committing officer,” is given documents that guarantee immunity from civil actions resulting from the transfer of data. The companies are provided with regular updates, which may include the broad parameters of how that information is used.
Intel Corp. (INTC)’s McAfee unit, which makes Internet security software, regularly cooperates with the NSA, FBI and the CIA, for example, and is a valuable partner because of its broad view of malicious Internet traffic, including espionage operations by foreign powers, according to one of the four people, who is familiar with the arrangement.
Such a relationship would start with an approach to McAfee’s chief executive, who would then clear specific individuals to work with investigators or provide the requested data, the person said. The public would be surprised at how much help the government seeks, the person said.
McAfee firewalls collect information on hackers who use legitimate servers to do their work, and the company data can be used to pinpoint where attacks begin. The company also has knowledge of the architecture of information networks worldwide, which may be useful to spy agencies who tap into them, the person said.
McAfee’s Data

McAfee (MFE)’s data and analysis doesn’t include information on individuals, said Michael Fey, the company’s world wide chief technology officer.
“We do not share any type of personal information with our government agency partners,” Fey said in an e-mailed statement. “McAfee’s function is to provide security technology, education, and threat intelligence to governments. This threat intelligence includes trending data on emerging new threats, cyber-attack patterns and vector activity, as well as analysis on the integrity of software, system vulnerabilities, and hacker group activity.”
In exchange, leaders of companies are showered with attention and information by the agencies to help maintain the relationship, the person said.
In other cases, companies are given quick warnings about threats that could affect their bottom line, including serious Internet attacks and who is behind them.
China’s Military

Following an attack on his company by Chinese hackers in 2010, Sergey Brin, Google’s co-founder, was provided with highly sensitive government intelligence linking the attack to a specific unit of the People’s Liberation Army, China’s military, according to one of the people, who is familiar with the government’s investigation. Brin was given a temporary classified clearance to sit in on the briefing, the person said.
According to information provided by Snowden, Google, owner of the world’s most popular search engine, had at that point been a Prism participant for more than a year.
Google CEO Larry Page said in a blog posting June 7 that he hadn’t heard of a program called Prism until after Snowden’s disclosures and that the Mountain View, California-based company didn’t allow the U.S. government direct access to its servers or some back-door to its data centers. He said Google provides user data to governments “only in accordance with the law.”
Leslie Miller, a spokeswoman for Google, didn’t provide an immediate response yesterday.
The information provided by Snowden also exposed a secret NSA program known as Blarney. As the program was described in the Washington Post (WPO), the agency gathers metadata on computers and devices that are used to send e-mails or browse the Internet through principal data routes, known as a backbone.

That metadata includes which version of the operating system, browser and Java software are being used on millions of devices around the world, information that U.S. spy agencies could use to infiltrate those computers or phones and spy on their users.
“It’s highly offensive information,” said Glenn Chisholm, the former chief information officer for Telstra Corp (TLS)., one of Australia’s largest telecommunications companies, contrasting it to defensive information used to protect computers rather than infiltrate them.
According to Snowden’s information, Blarney’s purpose is “to gain access and exploit foreign intelligence,” the Post said.
It’s unclear whether U.S. Internet service providers gave information to the NSA as part of Blarney, and if so, whether the transfer of that data required a judge’s order.
Less Scrutiny

Stewart Baker, former general counsel for the NSA, said if metadata involved communications between two foreign computers that just happened to be crossing a U.S. fiber optic cable “then the likelihood is it would demand less legal scrutiny than when communications are being extracted one by one.”
Lawmakers who oversee U.S. intelligence agencies may not understand the significance of some of the metadata being collected, said Jacob Olcott, a former cybersecurity assistant for Senator John D. Rockefeller IV of West Virginia, the Democratic chairman of the Senate Commerce Committee.
“That’s what makes this issue of oversight so challenging,” said Olcott, now a principal at Good Harbor Security Risk Management in Washington. “You have a situation where the technology and technical policy is far outpacing the background and expertise of most elected members of Congress or their staffs.”
While companies are offered powerful inducements to cooperate with U.S. intelligence, many executives are motivated by patriotism or a sense they are defending national security, the people familiar with the trusted partner programs said.
Einstein 3

U.S telecommunications, Internet, power companies and others provide U.S. intelligence agencies with details of their systems’ architecture or equipment schematics so the agencies can analyze potential vulnerabilities.
“It’s natural behavior for governments to want to know about the country’s critical infrastructure,” said Chisholm, chief security officer at Irvine, California-based Cylance Inc.
Even strictly defensive systems can have unintended consequences for privacy. Einstein 3, a costly program originally developed by the NSA, is meant to protect government systems from hackers. The program, which has been made public and is being installed, will closely analyze the billions of e-mails sent to government computers every year to see if they contain spy tools or malicious software.
Einstein 3 could also expose the private content of the e-mails under certain circumstances, according to a person familiar with the system, who asked not to be named because he wasn’t authorized to discuss the matter.
AT&T, Verizon

Before they agreed to install the system on their networks, some of the five major Internet companies -- AT&T Inc. (T), Verizon Communications Inc (VZ)., Sprint Nextel Corp. (S), Level 3 Communications Inc (LVLT). and CenturyLink Inc (CTL). -- asked for guarantees that they wouldn’t be held liable under U.S. wiretap laws. Those companies that asked received a letter signed by the U.S. attorney general indicating such exposure didn’t meet the legal definition of a wiretap and granting them immunity from civil lawsuits, the person said.
Mark Siegel, a spokesman for Dallas-based AT&T, the nation’s biggest phone carrier, declined to comment. Edward McFadden, a spokesman for New York-based Verizon, the second-largest phone company, declined to comment.
Scott Sloat, a spokesman for Overland Park, Kansas-based Sprint, and Monica Martinez, a spokeswoman for Broomfield, Colorado-based Level 3, didn’t immediately respond to requests for comment.
Linda Johnson, a spokeswoman for Centurylink, formerly Qwest Corp., said her Monroe, Louisiana-based company participates in the Enhanced Cybersecurity Services program and the Intrusion Prevention Security Services program, which includes Einstein 3. Both programs are managed by the U.S. Department of Homeland Security.
Beyond that, she said, “CenturyLink does not comment on matters pertaining to national security.”

Also, Facebook and Microsoft released their government request numbers today:
Facebook, Microsoft Disclose Government Data Requests, But Google Balks
Facebook received 9,000-10,000 requests for user data from US government entities in the second half of 2012.

The social-networking site said the requests, relating to between 18,000 and 19,000 accounts, covered issues from local crime to national security.

Microsoft meanwhile said it received 6,000 and 7,000 requests for data from between 31,000 and 32,000 accounts.

Leaks by a former computer technician suggest the US electronic surveillance programme is far larger than was known.

Internet companies - including Facebook, Google, Yahoo, Apple and Microsoft - were reported last week to have granted the National Security Agency (NSA) "direct access" to their servers under a data collection programme called Prism.

The firms denied the accusations, saying they gave no such access but did comply with lawful requests.

Several also called on the government to grant them permission to release data about the number of classified orders they received.

'Tiny fraction'

In an effort to reassure its users, Facebook lawyer Ted Ullyot wrote on the company's blog that following discussions with the relevant authorities it could for the first time report all US national security-related requests for data.

"As of today, the government will only authorise us to communicate about these numbers in aggregate, and as a range," he said.
Continue reading the main story
“Start Quote

Transparency alone may not be enough to restore public confidence, but it's a great place to start”

John Frank Microsoft Vice-President

For the six months ending 31 December 2012, the total number of user-data requests Facebook received was between 9,000 and 10,000, relating to between 18,000 and 19,000 accounts.

"These requests run the gamut - from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat," Mr Ullyot said.

"With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of 1% of our user accounts were the subject of any kind of US state, local, or federal US government request."

Mr Ullyot did not indicate to what extent the company had fulfilled the requests, but said Facebook had "aggressively" protected its users' data.

"We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested," he said.

Later, Microsoft also published information about the volume of national security orders during the second half of 2012, stressing that they had an impact on only "a tiny fraction of Microsoft's global customer base".

While praising the Department of Justice and Federal Bureau of Investigation for permitting the disclosures, Microsoft Vice-President John Frank called on them to "take further steps".

"With more time, we hope they will take further steps. Transparency alone may not be enough to restore public confidence, but it's a great place to start," he wrote in a statement.

Earlier this month, Edward Snowden, a former employee of defence contractor Booz Allen Hamilton and former CIA technical assistant, leaked details of the Prism programme.

The 29-year-old fled the US to Hong Kong shortly before the Guardian and Washington Post newspapers published his revelations.

His whereabouts are unknown, and he has vowed to fight extradition to the US should the authorities attempt to prosecute him.
Here's a good speech from Rep Grayson on the House floor yesterday. Good for those who have had absolutely no access to the story so far:

Users who are viewing this thread

Top Bottom