OK, now that some of the dust has settled: What exactly is this PRISM program? Apparently, the idea is to collect information on patterns of communication (who talked to whom), and then look at potentially interesting contents (who said what). For metadata you only need a subpoena, for the contents you need a court order. The features look very impressive / scary:
With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. (Washington Post)
What I don’t fully understand is the targeting: In theory, this is aimed at non-U.S. citizens suspected of terrorism, nuclear proliferation and the like. But “incidental” collection of information about Americans is tolerated. And what about data protection treaties with other nations? The EU and Germany are not amused – but might have been informed and compliant to some degree.
Has the NSA been collecting all Americans’ phone records, and for how long? It’s not entirely clear. (…)
What surveillance powers does the government believe it has under the Patriot Act? That’s classified. (…)
Has the NSA’s massive collection of metadata thwarted any terrorist attacks? It depends which senator you ask. And evidence that would help settle the matter is, yes, classified. (…)
How much information, and from whom, is the government sweeping up through Prism? It’s not clear. (…)
So, how does Prism work? (…) The Post quotes a classified NSA report saying that Prism allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” not the company servers themselves. So what does any of that mean? We don’t know.
Please do read the whole article. Dan Drezner’s initial response from last week puts the leaks in perspective: What the NSA does is probably legal and backed by both Republicans and Democrats. So what we should really worry about is the U.S. Congress, not the NSA: More and more secret laws have been created and cannot be publicly debated.
So much for legal details and party politics. But there are even broader things to consider: For one, (perceptions of a) surveillance state undermines trust in the government as a whole, which is an issue for leaders of any political affiliation. Second, secret organizations per definition work very differently from those that rely on accountability, transparency and oversight. Putting ever more competencies in the hands of, well, spies is problematic because these mechanisms don’t work for them. A functional equivalent might be “a strong organizational culture and powerful professional norms”, but in his latest post on the issue Dan Drezner suggests that we should not rely on these in the case of the NSA.
OK, enough of this complicated stuff – what about Edward Snowden, the PRISM whistle-blower? Continue reading FAQ: The PRISM leak & Edward Snowden