After days of relatively short and vague statements on a leaked Verizon court order and a slideshow on the PRISM data collection program, Director of National Intelligence James Clapper has released a statement and "fact sheet" detailing more information on what PRISM is and how it's run — at least in theory. Clapper criticized a series of "reckless disclosures" by newspapers, which he asserts failed to include the full context of the program. What follows is a series of points justifying the program, detailing how the law is allegedly applied and its legal limits:
- PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
- Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.
- The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.
- In addition, Section 702 cannot be used to intentionally target any US citizen, or any other US person, or to intentionally target any person known to be in the United States. Likewise, Section 702 cannot be used to target a person outside the United States if the purpose is to acquire information from a person inside the United States.
- Finally, the notion that Section 702 activities are not subject to internal and external oversight is similarly incorrect. Collection of intelligence information under Section 702 is subject to an extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial branches.
Clapper's previous statements pointed to Section 702 of the Foreign Intelligence Surveillance act or FISA, and much of what he's saying is simply laying out the points of the legal doctrine. It's common knowledge that Section 702 is meant to target non-US citizens and that the FISA court is meant to provide oversight of requests — though contrary to his implication, an "imminent" threat can justify waiting until after the surveillance has been started to obtain a court order. As with almost all defenses of Obama Administration policies, though, Clapper's assertion that the law is used only in a highly conservative way is doubtful. He discusses "minimization" procedures meant to limit collecting information about US citizens, but previous leaks have pointed to a "51 percent" certainty rate about whether someone is actually a foreigner outside the US and have shown little evidence that minimization procedures are in place.
While focusing on the letter of the law and the government's good intentions, Clapper dodges any mention of how much information (or what kind) is actually collected with the PRISM program. But like Obama and other government officials, he insists that the data they found was vital to national security. "Communications collected under Section 702 have yielded intelligence regarding proliferation networks and have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies," he says, adding that surveillance has also "provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks."