NSA surveillance 101: What US intelligence agencies are doing, what they know

Whose phone and Internet communications are being monitored by the government, exactly?

Most, if not all, phone numbers and other data associated with calls carried by major US phone companies – but not the contents of the call itself – are being collected, including those of many Americans, leaked documents indicate. In April, a subsidiary of Verizon was ordered to send to the National Security Agency (NSA) “on an ongoing daily basis” through July the “telephony metadata” or communications logs “between the United States and abroad” or “wholly within the United States, including local telephone calls,” according to a four-page “top secret” order by the Foreign Intelligence Surveillance Court signed by a federal judge. The document was leaked to The Guardian, a London newspaper that received the leaked document, and to The Washington Post.

Under a separate program called PRISM, major chunks of social media data ascribed to foreign users are being shared with the US government by Internet companies, although it’s not clear how much or how tightly circumscribed that collection is.

What is phone-record data-mining, and how does it work?

Telephone metadata includes the phone number of the caller and the person called, as well as other data like the identifier number for international cellphone users, calling card numbers, the time the call was made, and its duration and location. Permission to listen to a phone call requires a separate order, US officials say. But the process allows the metadata to be searched for links to bad actors.

For instance, a phone number plucked from a terrorist’s laptop computer could be compared with phone metadata already stored, and perhaps provide new leads. In a process called “contact chaining,” other numbers associated with that phone number could be tracked in the database to discover other associations. Warrants might then be sought for wiretaps on those phones.

What is PRISM?

Terrorists know that communicating by phone is dangerous for them. So they have shifted to the Internet. Thus, the NSA now hunts for terrorist threats hidden in the flood of social media data, leaked documents show.

PRISM (for Planning tool for Resource Integration, Synchronization, and Management) collects digital photos, stored data, file transfers, e-mail, chat services, videos, and video conferencing from nine Internet companies, according to a “top secret” NSA document describing the program and posted on the Washington Post website. By law, the program is confined to “foreign targets located outside the United States,” says a statement by Director of National Intelligence James Clapper. Internet data have been provided under a government order by Microsoft, Google, Yahoo!, Facebook, PalTalk, YouTube, Skype, AOL and Apple, according to the leaked NSA document. While the telephone metadata program was widely known in Congress, PRISM’s existence seemed to take many lawmakers by surprise.

How much oversight exists?

Congressional intelligence committees in the House and Senate are regularly briefed on intelligence programs, including PRISM and the telephone metadata program, US officials say. But while President Obama said that “every member” of Congress has been briefed, it appears that it is primarily members of the intelligence committees who knew about them.

Additional oversight comes from the FISA (Foreign Intelligence Surveillance Act) court, which orders companies to share data and is overseen by several federal judges. FISA court opinions and reports are given to Congress semi-annually. Also, the inspectors general of various agencies may review their agencies’ compliance with the law. Critics say that far more oversight is needed.

What other safeguards do critics want?

The NSA says it has in place “minimization procedures” in cases where data of US residents are “incidentally intercepted.” But some in Congress are calling for more scrutiny of intelligence programs by both Congress and the courts. Sen. Ron Wyden (D) of Oregon is leading a growing call for public hearings into surveillance programs. Others want to beef up day-to-day oversight of them.

Embarrassed Internet companies are calling for more transparency, too. Gag orders currently prevent them from describing what they give the government. Google has requested the right to report the numbers and scope of the national security data requests it receives. Likewise, Facebook says it wants to “include information about the size and scope of national security requests we receive.” Microsoft issued a similar statement as did Yahoo!

So, what do the feds have on me?

Nobody knows except the government. It seems plausible that phone call records – the metadata of Americans’ calls – may be sitting in an NSA database. It’s possible that social media data posted on the Web are in a NSA database, too. But until Google and others can reveal what kinds of data were given to the government, we won’t know.

What will happen to Edward Snowden, the admitted leaker?

A federal criminal investigation is reportedly under way, and Mr. Snowden could be charged with violating the federal Espionage Act. But Snowden, who is reported to be in Hong Kong, appears likely to resist extradition to the United States. Once the US makes such a request to Hong Kong, Snowden can then apply for asylum with the Office of the United Nations High Commissioner for Refugees there, Hong Kong legal experts say. Some countries, including Russia, are reportedly considering offering him asylum.