News of the National Security Agency’s surveillance of phone records and internet server data is breaking fast. Yesterday The Washington Post and The Guardian released records that show the U.S. Government has been collecting a vast cache of data spanning audio and video chats, emails, and stored files under a surveillance program known as PRISM. The news comes just days after The Guardian released a copy it obtained of a secret court order for telecommunication company Verizon to provide the NSA with telephone records of millions of U.S. customers.
The revelations have dominated the news cycle. Dozens of different angles are already developing in those reports as facts swirl among speculation.
At IRE 2013
Learn about secrecy, surveillance and the government's war on leak's at IRE's annual conference:
During a time of great tension between journalists and the government over protecting sources and access to information, IRE's showcase panel tackles the issues head on. Join moderator Len Downie Jr., the Associated Press, author James Bamford -- a veteran of these battles from his work investigating the National Security Administration -- and more.
Surveillance, privacy and hackers: How to cover it
Practicing safer Internet: Learning to think about digital security
So to take the story forward, what do the public and journalists need to know? Here’s one guide to what’s happening, what's been reported and what angles journalists are pursuing.
When it started
The court order for Verizon phone records is dated April 25 and good till July 19, 2013, but U.S. Senators claim the order was a renewal of an ongoing program spanning the past seven years. The newly disclosed PRISM program reportedly began on Sept. 11, 2007 under the Bush Administration and was expanded under the Obama Administration. Both appear to stem from laws following the Sept. 11, 2001 attacks. Here are some angles being explored about when the surveillance began:
The NSA began data mining in late 2001 after the enactment of the Patriot Act. The New York Times produced a timeline of government surveillance efforts since then. Mother Jones also has a timeline of such events.
The Washington Post Wonkblog reports that Congress “unknowingly” authorized the program in 2007 by passing the Protect America Act. The PAA was billed as a technical fix for surveillance capabilities but in fact authorized sweeping changes to surveillance law and allowed the executive branch greater reach with lesser judicial oversight.
The Foreign Intelligence Surveillance Court was created in 1978 to address abuses uncovered by congressional investigations, NPR reports. By nature, under the Foreign Intelligence Surveillance Act (FISA), it operated in complete secrecy.
The FISA Amendments Act was reauthorized for five years in 2012. It will come up for a vote again in 2017.
If you need to find out what laws govern surveillance and what tools the government has for obtaining data, check out this ProPublica guide to how the government can get your digital data.
The scope of surveillance
Determining the scope of surveillance is among top priorities for journalists, made all the more difficult by the fact that the NSA, the surveiller in question, is nicknamed “No Such Agency” for its ultra-secrecy.
President Obama acknowledged and defended the program on Friday. He stated that “Nobody is listening to your telephone calls,” and that the collection of data from internet companies -- such as from Google or Apple’s servers -- does not apply to American citizens or people living in the United States.
Several outlets have reported that Director of National Intelligence James Clapper confirmed the existence of the program but also claimed the reports contained numerous inaccuracies.
The court order released Wednesday by The Guardian details surveillance of the Verizon Business Network Services, which includes millions of customers. In addition to Verizon, The Wall Street Journal reports “people familiar with the NSA's operations said the initiative also encompasses phone-call data from AT&T Inc.and Sprint Nextel Corp.” Various reports indicate the phone records turned over to the NSA do not include the content of conversations but rather metadata such as call time, duration, dialing number and receiving number.
The Wall Street Journal also reports that the NSA has formed similar relationships with credit card companies: “It couldn't be determined if any of the Internet or credit-card arrangements are ongoing, as are the phone company efforts, or one-shot collection efforts.”
Regarding server data surveillance, Time has a by-the-numbers breakdown that’s quick to digest. In 2007, Microsoft became the first company involved in Prism. Yahoo! followed in 2008, then came Google, Facebook and PalTalk in 2009, YouTube in 2010, Skype and AOL in 2011 and most recently Apple in 2012.
Several news outlets are going after the story of what the companies mentioned in the PRISM slides knew and what they allowed. The companies involved have denied allowing direct access to their servers. Microsoft told Forbes that it only allowed specific accounts to be accessed. Facebook denied allowing any government agency direct access its servers, as did Yahoo!. Apple and PalTalk each stated the companies had not heard of PRISM. Google told the Guardian it does not have a “back door” for the government to access private user data.
The Corporate Intelligence blog explored why a small company like PalTalk is on a list with giant companies in the PRISM program.
Who knew what and when
The news of massive-scale surveillance by the NSA was old news to some, including U.S. Senators who warned of the issue. In the investigation into the NSA surveillance, of critical importance is understanding who knew about the surveillance, when they knew and what they did about it.
We'll be updating this as news develops. Check back later for updated information.