The Privacy and Civil Liberties Oversight Board, a White House watchdog group that condemned the Obama administration's phone surveillance program earlier this year, has released another report — and civil liberties groups aren't happy about it. The report took on Section 702 of the Foreign Intelligence Surveillance Act, which the NSA, CIA, and FBI have used to justify collecting the contents of emails and other electronic communications from web services or directly through internet backbone cables. It's the rule that governs PRISM, one of the first surveillance systems to be revealed by Edward Snowden. According to the board, though, it's completely legal.
The board addresses two known programs that are run under Section 702: PRISM collection and upstream collection. PRISM isn't the only surveillance database, but here, it refers to a program where the government requests data from an internet service provider or a web service. Upstream collection, by contrast, bypasses both these parties and heads straight for the large cables that form the "backbone" of the internet. Both are used to collect information about non-citizens who aren't in the United States. Unlike the phone metadata program, it doesn't collect everything in a database, just the results of certain search terms. For the PCLOB, that distinction is crucial. "Although the program is large ... it consists entirely of targeting individual persons and acquiring communications associated with those persons," the report reads. "The program does not operate by collecting communications in bulk."
"The program does not operate by collecting communications in bulk."
Another key question is how effective the program really was. The phone metadata program is known to have helped in thwarting one terrorist plot, but the board believes Section 702 has let the NSA and other agencies get results. The board says it's seen 20 cases where PRISM or upstream surveillance helped an existing investigation, as well as 30 cases where it catalyzed a new one. "A rough count of these cases identifies well over one hundred arrests on terrorism-related offenses," it says. One example, already widely cited, is the case of Najibulla Zazi, who was arrested in 2009 after the FBI collected communications about his plan to bomb the New York subway. "Overall, the Board has found that the information the program collects has been valuable and effective in protecting the nation's security and producing useful foreign intelligence," it said in the introduction.
Overall, the board decided that "PRISM collection is clearly authorized by the statute," as is upstream data collection. And the law, as it's interpreted now, doesn't go beyond the rules of the Fourth Amendment. It's also "impressed" with the government's efforts to avoid collecting data from US citizens. It admits, however, that no matter how responsibly agencies act, the absolute scope of the program is broad. In 2011, the NSA collected 26.5 million pieces of communication from tapping cables alone, and other agencies also use the information. In a letter to Senator Ron Wyden (D-OR), the Office of the Director of National Intelligence said that in 2013, the NSA approved 198 "US person identifiers" — search terms like a US person's email address, which were used to run 9,500 total metadata queries. The CIA has conducted 1,900 queries with US person identifiers. The FBI doesn't track queries at all.
Panel suggests NSA review how it gets rid of US citizens' data
This scope worried the board. While it found "no evidence of intentional abuse," it noted that the program raised privacy concerns, and that some parts "push the program close to the line of constitutional reasonableness." As a result, the report recommends a series of changes in the intelligence community, though none of them are drastic. It wants the NSA to more clearly specify how it justifies targeting a specific person as a national security threat, and it wants tighter controls on how the FBI can use information gathered through the program. More generally, it should evaluate how well the program weeds out data from US citizens or people within the country, conducting periodic reviews. Two members added their own statement pushing for the FISA court to be more involved in approving search terms, but two others said that even the recommendations in the larger report went too far in limiting the program.
Unsurprisingly, civil liberties groups are unpleased with the report. "If the Board's last report on the bulk collection of phone records was a bombshell, this one is a dud," said Kevin Bankston of the Open Technology Institute. "As we know from documents released by the NSA earlier this week, government agents are searching through the data they've acquired through this surveillance authority ... tens of thousands of times a year without having to get a warrant first." The Electronic Frontier Foundation says that "the board focuses only on the government's methods for searching and filtering out unwanted information. This ignores the fact that the government is collecting and searching through the content of millions of emails, social networking posts, and other internet communications." Senators Al Franken (D-MN) and Dean Heller (R-NV) have also criticized another recent report from the intelligence community, calling it "a far cry from the kind of transparency that the American people demand and deserve."
What information is still classified?
One of the biggest problems with the report is that it's hard to tell what the board wasn't actually allowed to see. The phone metadata program, while still heavily classified, has been more widely discussed than online surveillance, and the board notes that it had to work with the intelligence community to declassify enough documents for the review. The only way to judge whether the program is indeed being carried out responsibly, or whether it's getting results, is by sorting through leaked and declassified documents. And while those have so far backed up the claim that the NSA rarely intentionally abuses the tool, they've also made it clear that it's sometimes been compromised by technical and organizational problems.
Meanwhile, the debate over how much American citizens are affected by the program doesn't address one of the increasingly common criticisms of the NSA: that if you're not one of the four places the USA has agreed not to spy on, there's little to stop the agency from surveilling your country.
Correction July 2nd, 2pm: Senators Franken and Heller's remarks referred to a previous report, not the PCLOB release as originally stated.