Snowden, PRISM, and Surveillance: an Aftermath
In the wake of Edward Snowden’s leaked information about government surveillance activities, Congress passed a law restricting some of the actions of US intelligence agencies. This law, known as the USA Freedom Act, was a valiant attempt to rein in excesses of the National Security Agency (NSA).
As part of Internet Privacy week, Namecheap is exploring different topics relating to online privacy. Below we’ll examine the USA Freedom Act and what it accomplished, as well as what still needs to be done to protect American privacy rights.
What is the USA Freedom Act?
The USA Freedom Act was signed into law by President Barack Obama on June 2, 2015.
It is a modified reauthorization of the USA Patriot Act and was passed in response to the leak of classified documents by Edward Snowden exposing details of various government surveillance programs.
Domestic Surveillance and PRISM
As we explored in the article Why Edward Snowden Matters, we now know a great deal more about US surveillance efforts thanks to the actions of a young NSA contractor.
In 2013, Edward Snowden’s concerns over US surveillance activities led him to release thousands of documents exposing the United States’ and several of its allies’ efforts to spy on their own citizens. In particular, Snowden’s leaks revealed that the National Security Agency and other intelligence agencies were monitoring domestic communications using a program known as PRISM.
PRISM enables the NSA to obtain data from multiple private Internet companies, including the content of emails and instant messages, photographs, and videos. Furthermore, the NSA created a system for cataloguing the surveillance data it has collected, ominously known as Boundless Informant, and used data mining procedures to analyze all of the records.
PRISM and Boundless Informant are able to track and record nearly every aspect of people’s online activity without obtaining a warrant. The NSA has reportedly been able to collect contact lists from private email accounts all over the world, search the content of email messages sent into and out of the U.S., and track the location of cell phones anywhere in the world.
The NSA Bulk Collection Program
These surveillance programs were created to collect information on people outside the United States, but the Snowden leaks also revealed that many of the NSA’s activities are directed at U.S citizens. For example, a “bulk collection program” by the NSA involved the collection of massive amounts of telecommunication metadata for telephone calls within the U.S.
This metadata does not include the actual content of a call, like a wiretap might provide. Instead, it includes information like phone numbers and the time and duration of calls.
Even without the substance of the call, the sheer volume of information collected by the NSA through this program gives it an unprecedented ability to track people’s interactions and movements.
Is Domestic Surveillance Legal?
Yes and no.
The NSA claimed the authority to collect telecommunication metadata in bulk through Section 215 of the Patriot Act, the sweeping national security law passed by Congress shortly after the September 11, 2001 terrorist attacks. This clause gave the federal government broad authority to obtain a wide range of information, including “books, records, papers, documents, and other items,” with very little oversight.
However, the law states that the law may not be used against U.S. citizens who are exercising their First Amendment rights. This led to numerous critics arguing that the NSA routinely exceeded its authority, such as by:
- Collecting records of nearly every telephone call made within the United States during periods lasting weeks or longer; and
- Using the PRISM program to obtain massive amounts of information about email, text, and other communications from internet and telecommunications companies, all without search warrants
What Does the USA Freedom Act Do?
The success of the USA Freedom Act gave privacy advocates reason to cheer, but they remain wary.
While the law effectively eliminated the statutory provision used by the NSA to justify its bulk metadata collection program, ending one type of domestic surveillance, there are other laws that still allow for domestic surveillance.
For example, the Reagan-era Executive Order 12333 authorizes the collection of telephone and electronic communications in other countries by U.S. intelligence agencies. Domestic surveillance was never the intent of this order. Still, it reportedly allows the NSA to capture information about communications that take place within the U.S., once again without a warrant, if the communication is stored on servers in other countries.
In a recent positive development, a federal court sided with Microsoft in its refusal to comply with an FBI subpoena for communications records stored on servers in Ireland.
Several other federal laws could still allow the NSA to resume surveillance on American citizens. For example, Section 702 of the Foreign Intelligence Surveillance Act (FISA) potentially allows mass surveillance of domestic communications. FISA is up for reauthorization in 2017.
Protect Your Privacy
Despite efforts across the globe, Internet privacy remains elusive. Because so much of the NSA’s activities happen outside of public (or even Congressional) scrutiny, Americans and people all around the world must continue to push for transparency and fairness, and to demand a balance between privacy and security.
It requires, in the words of Thomas Jefferson, “eternal vigilance.”
Join Namecheap in the call to strengthen laws and policy dealing with Internet privacy.
With Internet Privacy Week (Oct. 18-24), we will offer more information about government surveillance as well as how private companies track your data.
By signing our Internet Privacy Bill of Rights we encourage you to take a stand for Internet privacy for all.
Follow Namecheap on Twitter and Facebook and sign up for our newsletter (in the sidebar) to learn more about Internet Privacy Week and how you help hold companies accountable for privacy.
David C. Wells is an Austin, Texas-based writer and blogger. He was a lawyer for nine years, and while he no longer practices law, the experience helped make him a better writer. Also, he still sometimes gets to play a lawyer on the Internet. David is also a dog caretaker, an improviser and actor, an avid comic book reader, and a proud husband.