NSA lawyer reveals tech companies knew about surveillance in their systems under the PRISM system, saying that legal consent had to first be obtained before data gathering could begin. Google, Facebook, Microsoft, Yahoo, and Apple were heavily targeted, but PalTalk, Skype, AOL, and YouTube were also routinely scanned for pertinent information. In the wake of these statements, all of the above companies were quick to say they had never heard of PRISM until the NSA lawyer Rajesh De announced that they had been aware of it all along. This may be true, as it has been confirmed that PRISM is an internal term that was unknown to the public until it was revealed in leaks publish by Edward Snowden.
The NSA maintains that the surveillance carried out is legal under section 702 of the FISA Amendments Act, which allows for information gathering on people who are not U.S. citizens and are likely outside the country, and section 215 of the Patriot Act, which allows for storage of metadata carried by phone calls passed through U.S. carrier switches. PRISM comes into play once the information has been collected. According to Robert Litt, Office of the Director of National Intelligence general counsel, the NSA uses data gathering to collect all of the information it can, and then using PRISM protocols selects the pertinent information to keep and use. Jameel Jaffer, the deputy legal director for the American Civil Liberties Union points out that in order to identify the few communications that about people the NSA actually cares about, they must monitor all of the communications coming in or out of the U.S. Looking at it that way, when an NSA lawyer reveals that tech companies knew about surveillance it hardly seems a surprise at all.
But intelligence officials are quick to defend PRISM, saying that the data collected about U.S. citizens is pared down in such a way that their Fourth Amendment rights are protected. Being mentioned in data brought to NSA attention by a PRISM search will not necessarily result in being hauled away by association with someone considered a threat, or so they say. As well, Rajesh De states the rules for determining whether a person is a non-U.S. citizen, and are outside the U.S. are very clear. Despite the presence of information that may lead to this conclusion, any information to the contrary must also be taken into consideration before action is taken.
After the NSA lawyer reveals tech companies knew about surveillance, the question of whether or not they knew the exact name of the program responsible for sifting through user data becomes irrelevant. The simple admission that massive data banks of every call, email, and text message sent through U.S. networks exists is reason enough for concern. The potential for someone to be on the record so to speak, despite having done nothing wrong, begs the question of what could happen should they come under suspicion. Should intricate records of everything everyone has said be kept? Should they be kept by private government agencies?
By Daniel O’Brien