So what is the NSA’s net snooping alleged to entail?
Anyone with an interest in privacy who’s following the news will have noticed the recent furore over the US National Security Administration (NSA)’s snooping on people’s communications, especially under its PRISM programme and/or authorisations from the US Foreign Intelligence Service Court (FISC). As a prelude to more in-depth coverage of the issues involved, this article overviews the allegations that have been made about the NSA’s collection of data and the PRISM programme.
If true, the allegations suggest that the NSA has been engaged in mass surveillance of, at least, the communications between US residents and those located elsewhere in the world, including the content of communications going via major internet companies such as Facebook or Google and that this informaton has been shared with Britain’s GCHQ, possibly allowing them to circumvent the restrictions of British law (other revelations regarding GCHQ’s own activities are beyond the scope of this article). Also it is suggested the US may have been spying on its allies in Europe. The details of the allegations are below.
The leaks to the Guardian newspaper via whistleblower Edward Snowden have alleged the following:
For a period of 3 months ending July 19th the metadata pertaining to millions of customers of Verizon were being handed over to the NSA under an unusual blanket order from the FISC:
“Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.
The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government’s domestic spying powers.
Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.
The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.'’
The Guardian made the full court order available online.
- Under the PRISM programme, the Guardian alleged that the NSA had direct access to the communications of users of services from household names such as Google, Facebook, Apple, Microsoft and Yahoo:
“The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.'’
The NSA collects metadata (but not the content) from communications between the US and foreign countries on a mass ongoing basis:
“On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.
The NSA called it the “One-End Foreign (1EF) solution”. It intended the program, codenamed EvilOlive, for “broadening the scope” of what it is able to collect. It relied, legally, on “FAA Authority”, a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.
This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. “The 1EF solution is allowing more than 75% of the traffic to pass through the filter,” the SSO December document reads. “This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories.”
It continued: “After the EvilOlive deployment, traffic has literally doubled.”
The scale of the NSA’s metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.
On December 31, 2012, an SSO official wrote that ShellTrumpet had just “processed its One Trillionth metadata record”.
It is not clear how much of this collection concerns foreigners’ online records and how much concerns those of Americans. Also unclear is the claimed legal authority for this collection.'’
- Britain’s GCHQ is alleged to have access to data gathered via PRISM, potentially circumventing British laws:
“The UK’s electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world’s biggest internet companies through a covertly run operation set up by America’s top spy agency, documents obtained by the Guardian reveal.
The documents show that GCHQ, based in Cheltenham, has had access to the system since at least June 2010, and generated 197 intelligence reports from it last year.
The US-run programme, called Prism, would appear to allow GCHQ to circumvent the formal legal process required to seek personal material such as emails, photos and videos from an internet company based outside the UK.
The use of Prism raises ethical and legal issues about such direct access to potentially millions of internet users, as well as questions about which British ministers knew of the programme.
In a statement to the Guardian, GCHQ, insisted it “takes its obligations under the law very seriously”‘’.
- The US has apparently been spying on its EU allies:
“US intelligence services are spying on the European Union mission in New York and its embassy in Washington, according to the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden.
One document lists 38 embassies and missions, describing them as “targets”. It details an extraordinary range of spying methods used against each target, from bugs implanted in electronic communications gear to taps into cables to the collection of transmissions with specialised antennae.
Along with traditional ideological adversaries and sensitive Middle Eastern countries, the list of targets includes the EU missions and the French, Italian and Greek embassies, as well as a number of other American allies, including Japan, Mexico, South Korea, India and Turkey. The list in the September 2010 document does not mention the UK, Germany or other western European states.'’