US phone and net surveillance extends to the rest of the world
The Trans-Pacific Partnership may make it harder to protect citizens
Digital Consumers by Dr Jeremy Malcolm
HAVE a Facebook or Gmail account? Been using Skype? Made any phone calls to the United States recently? Chances are the US National Security Agency (NSA) knows all about it.
Whilst the Internet is telling jokes about this already, the revelation of widespread NSA surveillance of innocent Internet users worldwide is more than just deeply discomforting. It's also an abuse of human rights that could have long-term unintended consequences for the United States – even potentially derailing a pending trade negotiation with Asia Pacific economies.
How it went down
Although the basics have been widely reported, there is still a lot of confusion out there about how all the pieces fit together, so here's the rundown.
First, on Thursday, June 6, came the revelation in the Guardian of a secret court order requiring US phone carrier Verizon to disclose a complete set of records of telephone calls made over a three-month period.
Less than a day later the Guardian and Washington Post claimed that under a separate secret US government programme, named PRISM, the NSA had direct access to the servers of major Internet companies including Google, Facebook, and Yahoo, enabling it to obtain content ranging from emails to chat transcripts, voice calls, photos and videos.
By Friday, June 7, all of the Internet companies concerned had denied knowledge of the PRISM programme, and President Obama defended both that programme and the secret court order to Verizon as a modest encroachments on privacy.
It was on Sunday, June 9, that 29-year-old former NSA-contractor Edward Snowden came forward as the informant, for which he had released a set of PowerPoint slides as evidence.
How the phone records were obtained
It's important to separate the two revelations – the Verizon phone records and the Internet surveillance.
The former has nothing directly to do with PRISM. Those phone records were obtained through a warrant from the Foreign Intelligence Surveillance Court (FISC), which sits in secret to authorise surveillance involving US parties for national security purposes.
Its authority to do this, under the FISA Amendments Act, was last renewed only in 2012 and lasts until 2017.
In general, the FISA Amendments Act only authorises the surveillance of communications to which there is at least one foreign party – though that only needs to be established on a bare balance of probabilities.
But in the case of a large scale dragnet such as the Verizon court order, phone calls between two US parties can also be drawn in. During the Bush era this would have been illegal – but it has been authorised under subsequent Patriot Act amendments.
It is also important to note that it is only because Verizon phone calls include at least one US-based party that the FISC's authority was required at all. If it were a foreign phone carrier placing calls between foreign citizens, no court order would have been required under the US Constitution, which only protects the privacy rights of Americans.
It is also now clear that all phone carriers receive similar orders to those that Verizon received, and that the leaked court order was simply the latest in a series of similar orders issued on a rolling quarterly basis.
What is metadata?
Though not used in this instance because of the breadth of the request, a court order can often be bypassed through the use of National Security Letters, which allow US Government agencies such as the FBI (Federal Bureau of Investigation) and CIA (Central Intelligence Agency) to require the disclosure of information from carriers and ISPs for national security purposes.
The recipients of National Security Letters are prohibited from disclosing their content – or even that they were received.
The limitation is that the information requested can only amount to ‘metadata’ rather than the content of communications. But ‘metadata’ is a slippery concept. Although actual voice recordings aren't included, it does include a unique identifier for your mobile phone.
It gets even more slippery when the metadata comes from Internet communications rather than phone calls. Metadata from email, social media and chat logs can reveal much about the content they relate to.
How does PRISM work?
Although the initial reports suggested a broader scope, we now know that PRISM isn't really a separate surveillance programme in its own right, but just an NSA system which facilitates the transfer of information from Internet companies under various other programmes for the use of NSA operatives.
The affected companies' denial of knowledge of PRISM is therefore most probably true.
But those other programmes are bad enough. In addition to those already mentioned, a programme similar to that used to obtain the Verizon call data is used to obtain metadata about Internet communications.
This programme, called Blarney, gathers and stores metadata as it flows along Internet network backbones. Another Patriot Act amendment authorises the interception of the content of foreign-to-foreign communications that transit through the United States.
This is what we think we know, but it is difficult to know how much of the truth has yet been told. On March 12, 2013, the NSA's James Clapper had told the United States Senate Select Committee on Intelligence that the NSA does not wittingly collect any type of data on millions or hundreds of millions of Americans.
In the light of subsequent revelations, there is no way around it – that was a lie.
Next page: The response and what you can do