The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on June 8, 2013

Gov: PRISM, “authorized by Congress,” is “not an undisclosed collection or data mining program”

Gov: PRISM, “authorized by Congress,” is “not an undisclosed collection or data mining program”
Alex Wilhelm
Story by

Alex Wilhelm

Alex Wilhelm is a San Francisco-based writer. You can find Alex on Twitter, and on Facebook. You can reach Alex via email at [email protected] Alex Wilhelm is a San Francisco-based writer. You can find Alex on Twitter, and on Facebook. You can reach Alex via email at [email protected]

The information continues to pour regarding PRISM and the NSA’s larger data acquisition techniques. Earlier today, in the face of a rebellious press, spreading outrage both domestic and foreign, and flying rumor, the US Director of National Intelligence released a brief, sharp statement, and a set of facts concerning the NSA’s activities.

They are both mandatory reading. We’ll begin with the statement of James Clapper, current Director of National Intelligence. [Bolding: TNW]:

Over the last week we have seen reckless disclosures of intelligence community measures used to keep Americans safe. In a rush to publish, media outlets have not given the full context–including the extent to which these programs are overseen by all three branches of government–to these effective tools.

In particular, the surveillance activities published in The Guardian and The Washington Post are lawful and conducted under authorities widely known and discussed, and fully debated and authorized by Congress. Their purpose is to obtain foreign intelligence information, including information necessary to thwart terrorist and cyber attacks against the United States and its allies.

Our ability to discuss these activities is limited by our need to protect intelligence sources and methods. Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a “playbook” of how to avoid detection. Nonetheless, Section 702 has proven vital to keeping the nation and our allies safe. It continues to be one of our most important tools for the protection of the nation’s security.

However, there are significant misimpressions that have resulted from the recent articles. Not all the inaccuracies can be corrected without further revealing classified information. I have, however, declassified for release the attached details about the recent unauthorized disclosures in hope that it will help dispel some of the myths and add necessary context to what has been published.

This is about what we heard from the President, that the government does collect data, it’s for our own good, and that Congress has been informed all along. Now, to the new information.

The following set of notes represents a slice of what was released today. For the entire drawer, head here. I’ve extracted what I find to be the most important segments for your digestion. [Bolding: TNW]:

PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since  its inception in 2008.

Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.

The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition.

In addition, Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States.

The Congress. After extensive public debate, the Congress reauthorized Section 702 in December 2012. The law specifically requires a variety of reports about Section 702 to the Congress.

The DNI and AG provide exhaustive semiannual reports assessing compliance with the targeting and minimization procedures. In short, the information provided to Congress by the Executive Branch with respect to these activities provides an unprecedented degree of accountability and transparency.

The report goes on to list in all but zero detail what the program has managed to do, listing for example the impairment of the spread of weapons of mass destruction.

Perhaps the most interesting to the above, setting aside the continuing strident statements that Congress has approved the program and provides oversight, is that the government specifically states that it does not “unilaterally obtain information from the servers of U.S. electronic communication service providers.” Thus, we can be certain that whatever form the program takes, US companies are complicit, even if perhaps only in legal situations that are impossible to allay.

That said, Twitter managed to avoid participation in whatever PRISM fully is, and Apple held out more than a half decade longer than Microsoft.

I frankly expect that within the next week we’ll have a full picture of what PRISM is, and how it functions. There is simply too much information in the marketplace for the rest of its secrets to not shake loose. The above will not quiet critics of both the government and the private enterprises that it works with.

Adding to that fact is the recently discovered Boundless Informant program, which the Guardian states collected “almost 3 billion pieces of intelligence from US computer networks” over a one month period earlier in 2013. That’s hardly granular disclosure.

Top Image Credit: Andrew Malone