The recent media frenzy over the National Security Agency’s surveillance activities reveals the bias and naiveté of the U.S. press, at least when it comes to national security. After reports surfaced last week that the NSA was analyzing data gleaned from various U.S. electronic communications providers, the press leapt to the conclusion that the program — called PRISM — is an enormous worldwide surveillance system that indiscriminately sweeps up massive amounts of data on innocent Americans with the complicity of the providers. The media has stubbornly kept to this narrative even as it’s become clear that it’s false. The actual story is far more nuanced and interesting than the conspiracy-driven speculation that has been repeated and amplified.
Shortly after the reports about PRISM first surfaced, Director of National Intelligence James Clapper released a fact sheet on the program confirming that it’s authorized by Section 702 of the FISA Amendments Act (FAA). Congress passed the FAA in 2008 after news broke that major telecommunications companies had performed warrantless wiretaps on non-U.S. citizens outside the United States on behalf of American intelligence agencies.
The FAA was carefully crafted to prevent abuses. It requires the director of the FBI and the director of national intelligence to jointly certify that the targets of electronic surveillance are non-U.S. persons residing outside the United States, and that a significant purpose of the surveillance is to obtain foreign intelligence. In addition, the FAA imposes what are called “minimization obligations” on the government — strict ongoing procedures, subject to review by the judicial branch, that are designed to ensure that the government is in fact only monitoring non-citizens outside of the United States, and only in pursuit of intelligence. The process is also subject to congressional oversight. The safeguards against inappropriate surveillance of American citizens and non-citizens residing in the United States are even stronger.
Once the certifications and procedures are in place, the government can obtain surveillance orders from a special court to require U.S. Internet providers to set up electronic surveillance on a list of identified targets. These court orders apply to U.S. companies because virtually all of the world’s largest electronic communication service providers, such as Google and Microsoft, are located in the United States, even though they primarily serve foreigners. Because they’re located in the U.S., these companies have no choice but to comply with surveillance orders from American courts. The notion that they’re in some way complicit in these programs is absurd. In fact, Google, Twitter and a number of other Internet companies have challenged various FISA orders in the past.
The FAA is a unique piece of legislation. It establishes strict limits on U.S. intelligence agencies’ access to foreign intelligence (limits that protect innocent foreigners from intelligence interception); it dictates how the intelligence community is to obtain and handle data; and it allows the judicial and legislative branches to oversee everything. There’s nothing like the FAA in privacy-obsessed liberal European democracies, such as France or Germany, let alone in Russia or China. That’s because no other country would impose such limitations on its intelligence-gathering capabilities.
Instead of attacking Congress and our intelligence agencies for crafting and carrying out programs like PRISM, we should be thanking them.
Christopher Bubb is an independent consultant on compliance, security and child safety issues. He is a former vice president and associate general counsel for Yahoo, where he was responsible for the company’s compliance with government demands for data. He is also a former vice president and chief counsel of AOL.