Former spy outs himself as Prism whistleblower
A disillusioned ex-CIA worker has outed himself as the source behind multiple disclosures of a comprehensive US government spying programme that is claimed to have access to customer data from nine major tech firms.
Edward Snowden, a former IT specialist for the National Security Agency, claimed responsibility in The Guardian for leaking documents outlining Prism, a data extraction tool with access to information from firms including Facebook, Google and Apple. According to the leaked documents, UK spies have been able to tap the system since June 2010. He also provided documents detailing a secret court order directing Verizon to turn over all its calling records for a three-month period.
They are not reading our data, they are storing it in bits and bytes that can be searched
Snowden cast himself as a whistleblower alarmed about overreaching by the US intelligence establishment, which was given broad powers after the 9/11 attacks and can now take advantage of the huge growth in digital data.
Barack Obama and other US leaders have vigorously defended the NSA’s efforts as both legal and necessary. US Director of National Intelligence James Clapper took the rare step of responding in detail to stories about Prism.
Intelligence officials and the technology companies allegedly involved said Prism is much less invasive than initially suggested by stories in the The Guardian and the Washington Post. Several people familiar with negotiations between the Silicon Valley giants and intelligence officials said the NSA could not rummage at will through company servers and that requests for data had to be about specific accounts believed to be overseas.
Still, the revelations alarmed civil liberties advocates and some lawmakers who had supported the US Patriot Act, which gave intelligence agencies new powers after 9/11, and another law granting telecommunication carriers immunity for eavesdropping at the request of the government.
“This is the law, but the way the law is being interpreted has really concerned me,” Democratic Senator Mark Udall told ABC. “It’s just to me a violation of our privacy, particularly if it’s done in ways that we don’t know about.”
Of primary concern for Udall and others was that millions of Americans have had their phone habits and other records perused by computer programs and analysts hunting for connections to terrorists or foreign governments – even though the NSA is generally barred from spying on US citizens.
One former high-ranking NSA official told Reuters that such broad assembly of records was essential to investigations.
“If a known terrorist in Yemen calls someone in the US, why did he call them and what happened when the person in US starts making calls elsewhere in the US?” he asked. “On the surface it looks like the emergence of a terrorism cell.”
Data-mining programs map such connections and provide grounds for further inquiry, potentially including the contents of calls, according to former operatives and Justice Department officials.
Among the remaining unknowns, even after four days of media coverage, is how much data beyond phone numbers is collected from US residents, how that data is “minimised” to prevent excess scrutiny, how it is analysed and how long it is kept.
The NSA “keeps the emails essentially forever. I don’t think there is any question about it,” said Mark Rossini, a former FBI supervisor who was assigned to a CIA counter-terrorism unit and who said he was briefed on Prism.
“They are not reading our data, they are storing it in bits and bytes that can be searched,” Rossini said. The same is likely true of the mass of phone calls copied from AT&T offices to facilities controlled by the NSA, as disclosed by an AT&T whistleblower in 2006, he added.
Series of disclosures
The revelations began with a Guardian report on a secret court order demanding all Verizon phone records over a three-month period. The scope of the request appeared to undermine the government’s contention that its surveillance efforts are highly targeted and do not involve large numbers of US citizens – instead focusing on overseas suspects, including in the UK.
The Guardian and the Washington Post also published slides from an internal NSA presentation asserting that Prism gathered emails, documents and other information “directly from the servers” of nine US internet companies.
The companies quickly disputed the claim that they offered “direct access” to “bulk” data and insisted that they responded only to requests for specific information as required by law.
Still, the scope of the program, the secrecy surrounding it, and its emergence as a lynchpin of US espionage operations has created an uproar. The NSA slides stated that more than 1,400 items in Obama’s intelligence briefings last year came from PRISM.
They also said UK intelligence agencies generated almost 200 reports on the basis of Prism’s data. GCHQ hasn’t denied its involvement in the programme and is expected to clarify its position to the Intelligence Security Committee today.
It remains unclear exactly how the online firms provide information to the government, in part because virtually everything about Prism is considered a national security secret. It was also not clear why some companies, notably Twitter, said they were able to resist and were absent from the Prism slides.
Several companies said a human being had to approve each tracking request. US government and industry sources said some of the companies appear to have installed special equipment to facilitate intelligence requests.
In addition, tracking all the online activities of a specific person or group over a period of time, for example, could yield a great deal of data and require special systems to track and retrieve it. Americans will still have some of their data sucked up, stored and digested in multiple ways, former intelligence operatives said.
Rossini said he believed intelligence analysts could perform searches, such as someone within two connections of a terrorism suspect mentioning “bomb” in an international email. The searches would only be used for terrorism or foreign intelligence, not ordinary crime, he said.
However, protections for Americans give little comfort to foreign governments and the hundreds of millions of overseas customers of US internet firms.
Indeed, Prism appears to be an effective tool for the NSA precisely because US companies dominate the Internet, and global communications even among people overseas often pass through the United States. That is galling to those in Europe who have argued that local technology companies need to be nurtured to combat US economic and political domination.