Pretty soon, we’re going to start wondering whose data isn’t being vacuumed up by the spooks.
Analysts at the National Security Agency can now secretly access real-time user data provided by as many as 50 American companies, ranging from credit rating agencies to internet service providers, two government officials familiar with the arrangements said.
Several of the companies have provided records continuously since 2006, while others have given the agency sporadic access, these officials said. These officials disclosed the number of participating companies in order to provide context for a series of disclosures about the NSA’s domestic collection policies. The officials, contacted independently, repeatedly said that “domestic collection” does not mean that the target is based in the U.S. or is a U.S. citizen; rather, it refers only to the origin of the data.
The Wall Street Journal reported today that U.S. credit card companies had also provided customer information. The officials would not disclose the names of the companies because, they said, doing so would provide U.S. enemies with a list of companies to avoid. They declined to confirm the list of participants in an internet monitoring program revealed by the Washington Post and the Guardian, but both confirmed that the program existed.
“The idea is to create a mosaic. We get a tip. We vet it. Then we mine the data for intelligence,” one of the officials said.
In a statement, Director of National Intelligence James Clapper said that programs collect communications “pursuant to section 702 of the Foreign Intelligence Surveillance Act, ” and “cannot be used to intentionally target any U.S. citizen, any other U.S person, or anyone within the United States.”
He called the leaks “reprehensible” and said the program “is among the most important” sources of “valuable” intelligence information the government takes in.
The program may, indeed, be valuable but at what cost? Nobody I have read is disputing the idea that the kinds of data collection in which the NSA is engaged doesn’t yield vital intelligence that helps keep us safe. But there are still questions about how the surveillance is conducted and how the privacy of Americans is protected.
One of the officials who spoke to me said that because data types are not standardized, the NSA needs several different collection tools, of which PRISM, disclosed today by the Guardian and the Washington Post, is one. PRISM works well because it is able to handle several different types of data streams using different basic encryption methods, the person said. It is a “front end” system, or software, that allows an NSA analyst to search through the data and pull out items of significance, which are then stored in any number of databases. PRISM works with another NSA program to encrypt and remove from the analysts’ screen data that a computer or the analyst deems to be from a U.S. person who is not the subject of the investigation, the person said. A FISA order is required to continue monitoring and analyzing these datasets, although the monitoring can start before an application package is submitted to the Foreign Intelligence Surveillance Court.
It sounds like reasonable safeguards are in place, but, as with the Bush surveillance program, mistakes can happen and innocent Americans end up being surveiled. And the potential for abuse is frightening. That’s the real problem with these NSA programs. Someone in power with an appetite for gathering information on political enemies, might subvert the whole process. It isn’t likely, but neither were a lot of Nixon’s domestic spying scandals either.
We can’t blame the companies since they have very little room to refuse a request from our intelligence agencies. But perhaps we should raise our expectations that companies involved in this program will resist a little harder when the government comes calling and asking for their data.