NSA PRISM Creates Stir, But Appears Legal

Massive information-sharing program involves Google, Facebook and other technology heavyweights, top secret document details. But NSA looks to have acted inside the law.

Has the National Security Agency been illegally spying on Americans?
The
Guardian
newspaper in Britain Thursday
published a top-secret document
, dated April 2013, outlining an information-sharing program -- code-named PRISM -- that counts seven of the countrys biggest technology giants as participants, including Apple, Facebook and Google.
Run by the NSA, the program reportedly provides the agency with access to real-time information as well as stored data from the businesses systems. According to a chart included in the NSA document, the agency has direct access to servers, and is able to access email, voice and video chat, videos, photos, stored data, VoIP, file transfers, video conference, login activity, social network details as well as special requests. The current providers of such data are listed as Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL and Apple. But the document said that the program is continuing to expand, naming Dropbox as an upcoming provider of data.
Those revelations came in the wake of a report released earlier this week that detailed a
secret U.S. court order that compelled Verizon
to share all of its customers call records, as well as details relating to subscribers emails, Web searches and credit card activity. Similar programs count AT&T and Sprint as information providers,
The Wall Street Journal
reported
Friday.
[ Where is the balance between security and civil liberties? See
Boston Bombers Cant Elude Citys Tech Infrastructure
. ]
Responding to the outing of the PRISM program, James R. Clapper, the U.S. director of National Intelligence,
issued a statement on recent unauthorized disclosures of classified information
Thursday, saying that the article omits key information regarding how a classified intelligence collection program is used to prevent terrorist attacks and the numerous safeguards that protect privacy and civil liberties.
Clapper continued, I believe it is important for the American people to understand the limits of this targeted counterterrorism program and the principles that govern its use. To that end, he said that hed directed that some information relating to the business records accessed be the program be declassified and immediately released to the public.
Friday, the
Guardian
reported
that the NSAs British equivalent, known as the Government Communications Headquarters (GCHQ), has enjoyed access to PRISM since 2010, and last year generated 197 intelligence reports using the program.
PRISM began in 2007. The first participant was Microsoft, followed by Yahoo (2008); Google, Facebook and PalTalk (2009); YouTube (2010); Skype and AOL (2011); and Apple (2012), reported the
Guardian
.
In response to questions about their PRISM participation, all of the technology companies named in the PRISM document
issued curiously similar statements
that largely included legal and technical hedges, saying they complied with court orders, but never gave the government direct access or a back door into their systems.
A statement issued by Google reads, Google cares deeply about the security of our users data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government back door into our systems, but Google does not have a back door for the government to access private user data.
While some businesses, including Apple,
said theyd never heard of PRISM
, none of the businesses denied being part of such a program. Then again, they may be
subject to a gag order
.
My read on PRISM: named [companies] provide an API to specific content and target activity under FISA. Think of it as push notification for NSA,
tweeted
security researcher Ashkan Soltani. This isnt direct access nor is it a backdoor which is why the talking points are all similar. Its a targeted API.
But is PRISM legal? The short answer appears to be -- no matter how unpalatable a massive domestic Internet surveillance program might sound -- yes.
From what Ive seen so far, it sounds like the program is the way the government is implementing the FISA Amendments Act of 2008 and the Protect America Act of 2007, which were enacted in response to the 2005 disclosure of the Bush Administrations
warrantless wiretapping program
, said George Washington University professor Orin Kerr, a former Department of Justice computer crime prosecutor, in a
blog post
.
Even so, the scale of the domestic surveillance programs, launched by President George W. Bush and reauthorized by President Barack Obama, has drawn criticism from a number of civil rights and privacy groups. Many lawmakers, like Senators Wyden and Udall, warned that the Executive Branchs interpretations of the Patriot Act and the FISA Amendments Act were dangerously broad, said Center for Democracy and Technology (CDT) senior counsel Greg Nojeim, in a statement. Now we know just how right they were, and just how badly Congress needs to reform those laws.
Based on the leaked PRISM materials, however, the takeaway from the program doesnt appear to differ significantly from previously used law enforcement data-gathering techniques. Theres less difference between this collection-first program and the usual law enforcement data search than first meets the eye, said
attorney Stewart A. Baker
, who served as NSA general counsel from 1992 to 1994. In the standard law enforcement search, the government establishes the relevance of its inquiry and is then allowed to collect the data. In the new collection-first model, the government collects the data and then must establish the relevance of each inquiry before its allowed to conduct a search.
If you trust the government to follow the rules, both models end up in much the same place, Baker said.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
NSA PRISM Creates Stir, But Appears Legal