The US government has been secretly collecting information on foreigners overseas for nearly six years from the nation’s largest internet companies like Google, Facebook and, most recently, Apple, in search of national security threats, the director of national intelligence confirmed.
The confirmation of the classified program came just hours after government officials acknowledged a separate seven-year effort to sweep up records of telephone calls inside the United States. Together, the unfolding revelations opened a window into the growth of government surveillance that began under the Bush administration after the terrorist attacks of Sept. 11, 2001, and has clearly been embraced and even expanded under the Obama administration.
Government officials defended the two surveillance initiatives as authorized under law, known to Congress and necessary to guard the country against terrorist threats. But an array of civil liberties advocates and libertarian conservatives said the disclosures provided the most detailed confirmation yet of what has been long suspected about what the critics call an alarming and ever-widening surveillance state.
The Internet surveillance program collects data from online providers including email, chat services, videos, photos, stored data, file transfers, video conferencing and logins, according to classified documents obtained and posted by The Washington Post and then The Guardian on Thursday afternoon.
In confirming its existence, officials said that the program, called Prism, is authorized under a foreign intelligence law that was recently renewed by Congress, and maintained that it minimizes the collection and retention of information “incidentally acquired” about Americans and permanent residents. Several of the Internet companies said they did not allow the government open-ended access to their servers but complied with specific lawful requests for information.
“It cannot be used to intentionally target any US citizen, any other US person or anyone located within the United States,” James Clapper, the director of national intelligence, said in a statement, describing the law underlying the program. “Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”
The Prism program grew out of the National Security Agency’s desire several years ago to begin addressing the agency’s need to keep up with the explosive growth of social media, according to people familiar with the matter.
The dual revelations, in rapid succession, suggested that someone with access to high-level intelligence secrets had decided to unveil them in the midst of furor over leak investigations. Both were reported by The Guardian, while The Post, relying upon the same presentation, almost simultaneously reported the Internet company tapping. The Post said a disenchanted intelligence official had provided it with the documents to expose government overreach.
Before the disclosure of the Internet company surveillance program on Thursday, the White House and congressional leaders defended the phone program, saying it was legal and necessary to protect national security.
Josh Earnest, a White House spokesman, told reporters aboard Air Force One that the kind of surveillance at issue “has been a critical tool in protecting the nation from terror threats as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.”
He added: “The president welcomes a discussion of the trade-offs between security and civil liberties.”
The Guardian and The Post posted several slides from the 41-page presentation about the Internet program, listing the companies involved – which included Yahoo, Microsoft, Paltalk, AOL, Skype and YouTube – and the dates they joined the program, as well as listing the types of information collected under the program.
The reports came as President Barack Obama was traveling to meet President Xi Jinping of China at an estate in Southern California, a meeting intended to address among other things complaints about Chinese cyberattacks and spying. Now that conversation will take place amid discussion of America’s own vast surveillance operations.
But while the administration and lawmakers who supported the telephone records program emphasized that all three branches of government had signed off on it, Anthony Romero of the American Civil Liberties Union denounced the surveillance as an infringement of fundamental individual liberties, no matter how many parts of the government approved of it.
“A pox on all the three houses of government,” Romero said. “On Congress, for legislating such powers, on the FISA court for being such a paper tiger and rubber stamp, and on the Obama administration for not being true to its values.”
Others raised concerns about whether the telephone program was effective.
Word of the program emerged when The Guardian posted an April order from the secret foreign intelligence court directing a subsidiary of Verizon Communications to give the NSA “on an ongoing daily basis” until July logs
of communications “between the United States and abroad” or “wholly within the United States, including local telephone calls.”
On Thursday, Sens. Dianne Feinstein of California and Saxby Chambliss of Georgia, the top Democrat and top Republican on the Intelligence Committee, said the court order appeared to be a routine reauthorization as part of a broader program that lawmakers had long known about and supported.
“As far as I know, this is an exact three-month renewal of what has been the case for the past seven years,” Feinstein said, adding that it was carried out by the Foreign Intelligence Surveillance Court “under the business records section of the Patriot Act.”
“Therefore, it is lawful,” she said. “It has been briefed to Congress.”
While refusing to confirm or to directly comment on the reported court order, Verizon, in an internal email to employees, defended its release of calling information to the NSA.
Randy Milch, an executive vice president and general counsel, wrote that “the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply.”
Sprint and AT&T have also received demands for data from national security officials, according to people familiar with the requests. Those companies as well as T-Mobile and CenturyLink declined to say Thursday whether they were or had been under a similar court order.
Lawmakers and administration officials who support the phone program defended it in part by noting that it was only for “metadata” – like logs of calls sent and received – and did not involve listening in on people’s conversations.
The Internet company program appeared to involve eavesdropping on the contents of communications of foreigners. The senior administration official said its legal basis was the so-called FISA Amendments Act, a 2008 law that allows the government to obtain an order from a national security court to conduct blanket surveillance of foreigners abroad without individualized warrants even if the interception takes place on US soil.
The law, which Congress reauthorized in late 2012, is controversial in part because Americans’ emails and phone calls can be swept into the database without an individualized court order when they communicate with people overseas. While the newspapers portrayed the classified documents as indicating that the NSA obtained direct access to the companies’ servers, several of the companies – including Google, Facebook, Microsoft and Apple – denied that the government could do so. Instead, the companies have negotiated with the government technical means to provide specific data in response to court orders, according to people briefed on the arrangements.
“Google cares deeply about the security of our users’ data,” the company said in a statement. “We disclose user data to government in accordance with the law and we review all such requests carefully. From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘backdoor’ for the government to access private user data.”
While murky questions remained about the Internet company program, the confirmation of the calling log program solved a mystery that has puzzled national security legal policy observers in Washington for years: why a handful of Democrats on the Senate Intelligence Committee were raising cryptic alarms about Section 215 of the Patriot Act, the law Congress enacted after the 9/11 attacks.
Section 215 made it easier for the government to obtain a secret order for business records, so long as they were deemed relevant to a national security investigation.
Section 215 is among the sections of the Patriot Act that have periodically come up for renewal. Since around 2009, a handful of Democratic senators briefed on the program – including Ron Wyden of Oregon – have sought to tighten that standard to require a specific nexus to terrorism before someone’s records could be obtained, while warning that the statute was being interpreted in an alarming way that they could not detail because it was classified.
On Thursday, Wyden confirmed that the program was what he and others have been expressing concern about. He said he hoped the disclosure would “force a real debate” about whether such “sweeping, dragnet surveillance” should be permitted – or is even effective.
But just as efforts by Wyden and fellow skeptics, including Sens. Richard J. Durbin of Illinois and Mark Udall of Colorado, to tighten standards on whose communications logs could be obtained under the Patriot Act have repeatedly failed, their criticism was engulfed in a clamor of broad, bipartisan support for the program.
“If we don’t do it,” said Sen. Lindsey Graham, R-S.C., “we’re crazy.”
And Rep. Mike Rogers, R-Mich., the chairman of the House Intelligence Committee, claimed in a news conference that the program helped stop a significant domestic terrorist attack in the United States in the last few years. He gave no details.
It has long been known that one aspect of the Bush administration’s program of surveillance without court oversight involved vacuuming up communications metadata and mining the database to identify associates – called a “community of interest” – of a suspected terrorist.
In December 2005, The New York Times revealed the existence of elements of that program, setting off a debate about civil liberties and the rule of law. But in early 2007, Alberto R. Gonzales, then the attorney general, announced that after months of extensive negotiation, the Foreign Intelligence Surveillance Court had approved “innovative” and “complex” orders bringing the surveillance programs under its authority.