We all know that the NSA uses word games to hide and downplay its activities. Words like "collect," "conversations," "communications," and even "surveillance" have suffered tortured definitions that create confusion rather than clarity.
Theres another one to watch: "targeted" v. "mass" surveillance.
Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programswhich the government claims are authorized under Section 702 of the FISA Amendments Actto collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,[1]the searching of communications held by service providers like Google and Facebook, and, according to the government's own investigators, the retention of significantly more than 250 million Internet communications per year.[2]
Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as "targeted surveillance," asserting that it is incorrect when EFF and many others call it "mass surveillance."
Our answer: if "mass surveillance" includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition.
This word game is important because Section 702 is set to expire in December 2017. EFF and our colleagues who banded together to stop the Section 215 telephone records surveillance are gathering our strength for this next step in reining in the NSA. At the same time, the government spin doctors are trying to avoid careful examination by convincing Congress and the American people that this is just "targeted" surveillance and doesnt impact innocent people.
PRISM and Upstream surveillance are two types of surveillance that the government admits that it conducts under Section 702 of the FISA Amendments Act, passed in 2008. Each kind of surveillance gives the U.S. government access to vast quantities of Internet communications.[3]
Upstream gives the NSA access to communications flowing through the fiber-optic Internet backbone cables within the United States.[4] This happens because the NSA, with the help of telecommunications companies like AT&T, makes wholesale copies of the communications streams passing through certain fiber-optic backbone cables. Upstream is at issue in EFFs Jewel v. NSA case.
PRISM gives the government access to communications in the possession of third-party Internet service providers, such as Google, Yahoo, or Facebook. Less is known about how PRISM actually works, something Congress should shine some light on between now and December 2017.[5]
Note that those two programs existed prior to 2008they were just done under a shifting set of legal theories and authorities.[6] EFF has had evidence of the Upstream program from whistleblower Mark Klein since 2006, and we have been suing to stop it ever since.
Despite government claims to the contrary, heres why PRISM and Upstream are "mass surveillance":
(1) Breadth of acquisition: First, the scope of collection under both PRISM and Upstream surveillance is exceedingly broad. The NSA acquires hundreds of millions, if not billions, of communications under these programs annually.[7] Although, in the U.S. governments view, the programs are nominally "targeted," that targeting sweeps so broadly that the communications of innocent third parties are inevitably and intentionally vacuumed up in the process. For example, a review of a "large cache of intercepted conversations" provided by Edward Snowden and analyzed by the Washington Post revealed that 9 out of 10 account holders "were not the intended surveillance targets but were caught in a net the agency had cast for somebody else."[8] The material reviewed by the Post consisted of 160,000 intercepted e-mail and instant message conversations, 7,900 documents (including "medical records sent from one family member to another, resumes from job hunters and academic transcripts of schoolchildren"), and more than 5,000 private photos.[9] In all, the cache revealed the "daily lives of more than 10,000 account holders who were not targeted [but were] catalogued and recorded nevertheless."[10] The Post estimated that, at the U.S. governments annual rate of "targeting," collection under Section 702 would encompass more than 900,000 user accounts annually. By any definition, this is "mass surveillance."
(2) Indiscriminate full-content searching. Second, in the course of accomplishing its so-called "targeted" Upstream surveillance, the U.S. government, in part through its agent AT&T, indiscriminately searches the contents of billions of Internet communications as they flow through the nations domestic, fiber-optic Internet backbone. This type of surveillance, known as "about surveillance," involves the NSA's retention of communications that are neither to nor from a target of surveillance; rather, it authorizes the NSA to obtain any communications "about" the target.[11] Even if the acquisition of communications containing information "about" a surveillance target could, somehow, still be considered "targeted," the method for accomplishing that surveillance cannot be: "about" surveillance entails a content search of all, or substantially all, international Internet communications transiting the United States.[12] Again, by any definition, Upstream surveillance is "mass surveillance." For PRISM, while less is known, it seems the government is able to search throughor require the companies like Google and Facebook to search throughall the customer data stored by the corporations for communications to or from its targets.
To accomplish Upstream surveillance, the NSA copies (or has its agents like AT&T copy) Internet traffic as it flows through the fiber-optic backbone. This copying, even if the messages are only retained briefly, matters under the law. Under U.S. constitutional law, when the federal government "meaningfully interferes"with an individuals protected communications, those communications have been "seized" for purposes of the U.S. Constitutions Fourth Amendment. Thus, when the U.S. government copies (or has copied) communications wholesale and diverts them for searching, it has "seized" those communications under the Fourth Amendment.
Similarly, U.S. wiretapping law triggers a wiretap at the point of "interception by a device," which occurs when the Upstream mechanisms gain access to our communications.[13]
Why does the government insist that its targeted? For Upstream, it may be because the initial collection and searching of the communicationsdone by service providers like AT&T on the governments behalfis really, really fast and much of the information initially collected is then quickly disposed of. In this way the Upstream collection is unlike the telephone records collection where the NSA kept all of the records it seized for years. Yet this difference should not change the conclusion that the surveillance is "mass surveillance." First, all communications flowing through the collection points upstream are seized and searched, including content and metadata. Second, as noted above, the amount of information retainedover 250 million Internet communications per yearis astonishing.
Thus, regardless of the time spent, the seizure and search are comprehensive and invasive. Using advanced computers, the NSA and its agents can do a full-text, content search within a blink of an eye through billions, if not trillions of your communications, including emails, social media, and web searches. Second, as demonstrated above, the government retains a huge amount of the communicationsfar more about innocent people than about its targetsso even based on what is retained the surveillance is better described as "mass" rather than "targeted."
So it is completely correct to characterize Section 702 as mass surveillance. It stems from the confluence of: (1) the method NSA employs to accomplish its surveillance, particularly Upstream, and (2) the breadth of that surveillance.
Next time you see the government or its supporters claim that PRISM and Upstream are "targeted" surveillance programs, youll know better.
[1] See, e.g., Charlie Savage, NSA Said to Search Content of Messages to and From U.S., N.Y. Times (Aug 8, 2013) (The National Security Agency is searching the contents of vast amounts of Americans e-mail and text communications into and out of the country[.]). This article describes an NSA practice known as about surveillancea practice that involves searching the contents of communications as they flow through the nations fiber-optic Internet backbone.
[2] FISA Court Opinion by Judge Bates entitled [Caption Redacted], at 29 (NSA acquires more than two hundred fifty million Internet communications each year pursuant to Section 702), https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surveillance-unconstitutional (Hereinafter, Bates Opinion). According to the PCLOB report, the current number is significantly higher than 250 million communications. PCLOB Report on 702 at 116.
[3] Bates Opinion at 29; PCLOB at 116.
[6] First, the Bush Administration relied solely on broad claims of Executive power, grounded in secret legal interpretations written by the Department of Justice. Many of those interpretations were subsequently abandoned by later Bush Administration officials. Beginning in 2006, DOJ was able to turn to the Foreign Intelligence Surveillance Court to sign off on its surveillance programs. In 2007, Congress finally stepped into the game, passing the Protect America Act; which, a year later, was substantially overhauled and passed again as the FISA Amendments Act. While neither of those statutes mention the breadth of the surveillance and it was not discussed publicly during the Congressional processes, both have been cited by the government as authorizing it.
[11] Bates Opinion at 15.
[12] PCLOB report at 119-120.
[13] See 18 U.S.C 2511(1)(a); U.S. v. Councilman, 418 F.3d 67, 70-71, 79 (1st Cir. 2005) (en banc).
More here: