NYT: U.S. Confirms That It Gathers Online Data Overseas

Related:

7 June 2013, NYT: Electronic Surveillance Under Bush and Obama

6 June 2013, Guardian: NSA Prism program taps in to user data of Apple, Google and others

6 June 2013, WP: U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program

April 2013, Guardian, WP: NSA: PRISM/US-984XN Overview: The SIGAD Used Most in NSA Reporting (excerpts) (PDF)

25 April 2013, Guardian: United States Foreign Intelligence Surveillance Court: In re Application of the Federal Bureau of Investigation for an Order Requiring the Production of Tangible Things from Verizon Business Network Services, Inc. on Behalf of MCI Communication Services, Inc. d/b/a Verizon Business Services (Secondary Order) (PDF)

http://www.nytimes.com/2013/06/07/us/nsa-verizon-calls.html

June 6, 2013

U.S. Confirms That It Gathers Online Data Overseas

By CHARLIE SAVAGE, EDWARD WYATT and PETER BAKER

WASHINGTON -- The federal government has been secretly collecting information on foreigners overseas for nearly six years from the nation's largest Internet companies like Google, Facebook and, most recently, Apple, in search of national security threats, the director of national intelligence confirmed Thursday night.

The confirmation of the classified program came just hours after government officials acknowledged a separate seven-year effort to sweep up records of telephone calls inside the United States. Together, the unfolding revelations opened a window into the growth of government surveillance that began under the Bush administration after the terrorist attacks of Sept. 11, 2001, and has clearly been embraced and even expanded under the Obama administration.

Government officials defended the two surveillance initiatives as authorized under law, known to Congress and necessary to guard the country against terrorist threats. But an array of civil liberties advocates and libertarian conservatives said the disclosures provided the most detailed confirmation yet of what has been long suspected about what the critics call an alarming and ever-widening surveillance state.

The Internet surveillance program collects data from online providers including e-mail, chat services, videos, photos, stored data, file transfers, video conferencing and log-ins, according to classified documents obtained and posted by The Washington Post [1] and then The Guardian [2] on Thursday afternoon.

In confirming its existence, officials said that the program, called Prism, is authorized under a foreign intelligence law that was recently renewed by Congress, and maintained that it minimizes the collection and retention of information "incidentally acquired" about Americans and permanent residents. Several of the Internet companies said they did not allow the government open-ended access to their servers but complied with specific lawful requests for information.

"It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States," James Clapper, the director of national intelligence, said in a statement, describing the law underlying the program. "Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats."

The Prism program grew out of the National Security Agency's desire several years ago to begin addressing the agency's need to keep up with the explosive growth of social media, according to people familiar with the matter.

The dual revelations, in rapid succession, also suggested that someone with access to high-level intelligence secrets had decided to unveil them in the midst of furor over leak investigations. Both were reported by The Guardian, while The Post, relying upon the same presentation, almost simultaneously reported the Internet company tapping. The Post said a disenchanted intelligence official provided it with the documents to expose government overreach.

Before the disclosure of the Internet company surveillance program on Thursday, the White House and Congressional leaders defended the phone program, saying it was legal and necessary to protect national security.

Josh Earnest, a White House spokesman, told reporters aboard Air Force One that the kind of surveillance at issue "has been a critical tool in protecting the nation from terror threats as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States." He added: "The president welcomes a discussion of the trade-offs between security and civil liberties."

The Guardian and The Post posted several slides from the 41-page presentation about the Internet program, listing the companies involved -- which included Yahoo, Microsoft, Paltalk, AOL, Skype and YouTube -- and the dates they joined the program, as well as listing the types of information collected under the program.

The reports came as President Obama was traveling to meet President Xi Jinping of China at an estate in Southern California, a meeting intended to address among other things complaints about Chinese cyberattacks and spying. Now that conversation will take place amid discussion of America's own vast surveillance operations.

But while the administration and lawmakers who supported the telephone records program emphasized that all three branches of government had signed off on it, Anthony Romero of the American Civil Liberties Union denounced the surveillance as an infringement of fundamental individual liberties, no matter how many parts of the government approved of it.

"A pox on all the three houses of government," Mr. Romero said. "On Congress, for legislating such powers, on the FISA court for being such a paper tiger and rubber stamp, and on the Obama administration for not being true to its values."

Others raised concerns about whether the telephone program was effective.

Word of the program emerged when The Guardian posted an April order from the secret foreign intelligence court directing a subsidiary of Verizon Communications to give the N.S.A. "on an ongoing daily basis" until July logs of communications "between the United States and abroad" or "wholly within the United States, including local telephone calls."

On Thursday, Senators Dianne Feinstein of California and Saxby Chambliss of Georgia, the top Democrat and top Republican on the Intelligence Committee, said the court order appeared to be a routine reauthorization as part of a broader program that lawmakers have long known about and supported.

"As far as I know, this is an exact three-month renewal of what has been the case for the past seven years," Ms. Feinstein said, adding that it was carried out by the Foreign Intelligence Surveillance Court "under the business records section of the Patriot Act."

"Therefore, it is lawful," she said. "It has been briefed to Congress."

While refusing to confirm or to directly comment on the reported court order, Verizon, in an internal e-mail to employees, defended its release of calling information to the N.S.A. Randy Milch, an executive vice president and general counsel, wrote that "the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply."

Sprint and AT&T have also received demands for data from national security officials, according to people familiar with the requests. Those companies as well as T-Mobile and CenturyLink declined to say Thursday whether they were or had been under a similar court order.

Lawmakers and administration officials who support the phone program defended it in part by noting that it was only for "metadata" -- like logs of calls sent and received -- and did not involve listening in on people's conversations.

The Internet company program appeared to involve eavesdropping on the contents of communications of foreigners. The senior administration official said its legal basis was the so-called FISA Amendments Act, a 2008 law that allows the government to obtain an order from a national security court to conduct blanket surveillance of foreigners abroad without individualized warrants even if the interception takes place on American soil.

The law, which Congress reauthorized in late 2012, is controversial in part because Americans' e-mails and phone calls can be swept into the database without an individualized court order when they communicate with people overseas. While the newspapers portrayed the classified documents as indicating that the N.S.A. obtained direct access to the companies' servers, several of the companies -- including Google, Facebook, Microsoft and Apple -- denied that the government could do so. Instead, the companies have negotiated with the government technical means to provide specific data in response to court orders, according to people briefed on the arrangements.

"Google cares deeply about the security of our users' data," the company said in a statement. "We disclose user data to government in accordance with the law and we review all such requests carefully. From time to time, people allege that we have created a government 'backdoor' into our systems, but Google does not have a 'backdoor' for the government to access private user data."

While murky questions remained about the Internet company program, the confirmation of the calling log program solved a mystery that has puzzled national security legal policy observers in Washington for years: why a handful of Democrats on the Senate Intelligence Committee were raising cryptic alarms about Section 215 of the Patriot Act, the law Congress enacted after the 9/11 attacks.

Section 215 made it easier for the government to obtain a secret order for business records, so long as they were deemed relevant to a national security investigation.

Section 215 is among the sections of the Patriot Act that have periodically come up for renewal. Since around 2009, a handful of Democratic senators briefed on the program -- including Ron Wyden of Oregon -- have sought to tighten that standard to require a specific nexus to terrorism before someone's records could be obtained, while warning that the statute was being interpreted in an alarming way that they could not detail because it was classified.

On Thursday, Mr. Wyden confirmed that the program is what he and others have been expressing concern about. He said he hoped the disclosure would "force a real debate" about whether such "sweeping, dragnet surveillance" should be permitted -- or is even effective.

But just as efforts by Mr. Wyden and fellow skeptics, including Senators Richard J. Durbin of Illinois and Mark Udall of Colorado, to tighten standards on whose communications logs could be obtained under the Patriot Act have repeatedly failed, their criticism was engulfed in a clamor of broad, bipartisan support for the program.

"If we don't do it," said Senator Lindsey Graham, Republican of South Carolina, "we're crazy."

And Representative Mike Rogers, Republican of Michigan and the chairman of the House Intelligence Committee, claimed in a news conference that the program helped stop a significant domestic terrorist attack in the United States in the last few years. He gave no details.

It has long been known that one aspect of the Bush administration's program of surveillance without court oversight involved vacuuming up communications metadata and mining the database to identify associates -- called a "community of interest" -- of a suspected terrorist.

In December 2005, The New York Times revealed the existence of elements of that program, setting off a debate about civil liberties and the rule of law. But in early 2007, Alberto R. Gonzales, then the attorney general, announced that after months of extensive negotiation, the Foreign Intelligence Surveillance Court had approved "innovative" and "complex" orders bringing the surveillance programs under its authority.

Reporting was contributed by Eric Schmitt, Jonathan Weisman and James Risen from Washington; Brian X. Chen from New York; Vindu Goel, Claire Cain Miller, Nicole Perlroth, Somini Sengupta and Michael S. Schmidt from San Francisco; and Nick Wingfield from Seattle.

[1] http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html

[2] http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data