Policy and the Private Sector: Addressing the NSA Leaks
Published: November 15, 2013
Updated: December 19, 2013
National Journal Presentation Credits
Contributor: Dustin Volz, National Journal Staff Correspondent
Producer: Catherine Treyz
Director: Jessica Guzik
Before NSA Leaks, Tech Companies Acceded to
Data Requests
National Security Agency (NSA) Data Request Process
NSA identifies data necessary
to collect for national security
purposes
Foreign Intelligence
Surveillance Act (FISA) Court
reviews NSA data request and,
if approved, grants surveillance
warrant
Tech or telecomm company
accedes to surveillance
warrant, shares data with NSA
Takeaway
The National Security Agency can access volumes of data from tech and telecommunications companies by obtaining a surveillance warrant
from the FISA Court, which reviews the NSA’s data requests to ensure they are justified in the interests of national security
Source: “Factbox: History of mass surveillance in the United States,” Reuters, June 7, 2013.
2
Companies’ Main Concern:Transparency with Consumers
Estimated NSA Data Requests and Accounts Affected
Among Key Companies
January to July 2013
Analysis by Dustin Volz
Companies often comply with NSA surveillance warrants, but they seek to be transparent about those data requests
with their customers in order to protect brand reputation
Source: “A Barrage of Data Requests,” The Washington Post, November 5, 2013.
3
Leaks Reveal NSA Not Transparent With Companies
NSA Data Collection via Classified Programs
PRISM
Collects data and metadata
from nine servers; Apple,
AOL, Facebook, Google,
Microsoft, PalTalk, Skype,
Yahoo, and YouTube
•
•
•
•
MUSCULAR
Collects user data
and data links that
connect Yahoo
and Google data
centers worldwide
XKEYSCORE
Collects real-time Internet
activity, e-mail content,
browsing history, and
metadata into a
comprehensive database
Analysis by Dustin Volz
Stream of NSA leaks that began in June 2013 revealed many classified surveillance programs, including programs that
bypassed the FISA Court’s review and collected information from companies without their knowledge
Companies could not be transparent with customers about surveillance that they did not know about
Companies shifted positioning on data collection from increasing transparency to pushing for policy reform
In Dec. 2013, a federal judge ruled the NSA’s bulk phone record collection program as unconstitutional pending appeal,
the first major legal decision regarding the NSA’s surveillance
Source: Glenn Greenwald, “XKeyscore: NSA tool collects ‘nearly everything a user does on the Internet,’” The Guardian, July 31, 2013; TIME Staff, “A Glossary of Government Surveillance,” TIME, August 1, 2013; Barton
Gellman and Ashkan Soltani, “NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say,” The Washington Post, October 30, 2013; “NSA slides explain the PRISM data-collection program,” The
Washington Post, June 6, 2013; Josh Gerstein, “Judge: NSA phone program likely unconstitutional,” POLITICO, December 16, 2013; National Journal Research, 2013.
4
Under Pressure from Tech Companies and Constituents,
Congress Proposes Changes
USA Freedom Act vs. FISA Improvement Act
Header
USA FREEDOM Act
FISA Improvement Act
Introduced
October 29, 2013
October 31, 2013
Authors
Sen. Patrick Leahy (D- Vt.)
Rep. James Sensenbrenner (R-Wis.)
Sen. Dianne Feinstein (D-Calif.)
To strengthen prohibitions regarding access to Americans’ personal
information and interactions
To strengthen national security by sustaining NSA’s metadata
collection programs and to protect Americans’ privacy
Goals
•
Key
Provisions
•
•
•
Prospects
of Passing
•
•
•
•
End the NSA’s bulk data collection authorized under Section 215
of the Patriot Act
Require the government to delete all information about American
citizens that was accidently collected
Create a special advocate office to argue for stronger privacy
protections before the FISA Court
Require the Attorney General to disclose all relevant court
decisions related to the interpretation of this law
•
•
•
Positive: Most tech companies, civil liberties groups, and many
lawmakers back the bill
Positive: Bill has bicameral and bipartisan support
Negative: Bill may be seen as encroaching on executive power
Negative: Lacks House leadership backing
•
•
•
•
•
Enhance oversight of overseas intelligence collection
Allow the government to keep phone records for up to five years
Require FISA Court to review data collection to ensure “reasonable
articulable suspicion” of terrorism
Require Senate to approve NSA director and inspector general
appointments (a provision the White House opposes)
Revise intelligence gathering procedures every five years
Positive: Moderate approach to reform; more appetizing for
conservatives
Negative: Many see bill as codifying NSA surveillance powers
Negative: House Intelligence Cmte. Chairman Mike Rogers (RMich.) may introduce a similar bill through the intelligence
authorization bill with Speaker John Boehner’s (R-Ohio) support
Takeaway
Congressional leadership has not indicated that it is a top short-term priority; however, in Dec. 2013, a surveillance review board recommended 46
changes to the NSA’s counterterrorism and collection programs that restrict the NSA’s unilateral powers, increase the specificity of court approvals,
and require more Congressional and presidential oversight
Source: Govtrack.us; Ellen Nakashima, “Senate bill would approve NSA program but try to curb it,” The Washington Post, October 31, 2013; Brendan Sasso, “Lawmakers propose USA Freedom Act to
curb NSA”s powers,” The Hill, October 29, 2013; Stacy Kaper, “Can the Senate Crack Down on NSA Spying,” National Journal, November 7, 2013; David E. Sanger and Charlie Savage, “Obama is
5