Yesterday we discovered (or rediscovered) that Big Brother is watching who we call. Now we've discovered he's also jotting down our emails, recording our status updates, ogling our photos, capturing our IM chats, and probably riffling our underwear drawers.
Less than 24 hours after we learned that the NSA has demanded that Verizon hand over daily call records for all of its subscribers, a far bigger bombshell exploded.
[ For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
As the UK's Guardian and the Washington Post simultaneously reported, since 2007 the NSA has been running a surveillance program known as PRISM with the participation of AOL, Apple, Microsoft, Facebook, Google, Skype, Yahoo, and YouTube. (Dropbox is apparently "coming soon.") Only Twitter is conspicuous by its absence.
I didn't believe this one at first. It sounded too much like a paranoid's fever dream, a cross between "Enemy of the State" and "Austin Powers." The slide deck published by the news sources looked amateurish. Every one of the Internet companies flatly denied opening a backdoor to the spooks. I wondered whether the NSA had planted the bogus story as a way to discredit the Guardian and the Post.
The spooks speak
Then, late last night, NSA chief James Clapper confirmed the program's existence, defended it as a legal operation under Section 702 of FISA, and attacked the leakers for undermining our nation's security. He wrote:
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
So there's no need to worry. If the NSA happens to collect yottabytes of information about U.S. citizens who live in America and aren't terrorists -- because there's no way it can avoid collecting this information, given all of the above -- it promises not to do anything bad with it. And those nice people with the big rubber stamps will make sure of that. Feel better now?
But here's where "Enemy of the State" turns into "Alice Through the Looking Glass." When Oregon Senator Ron Wyden tried to get the NSA to release the number of American citizens whose information was "incidentally acquired" by PRISM, the agency refused, saying that giving out that number would "violate the privacy of U.S. persons."
Suck on that for a moment and tell me what it tastes like.
Wait, it gets better. Per the Post:
PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric.
The Silicon Valley operation works alongside a parallel program, code-named BLARNEY, that gathers up "metadata" -- technical information about communications traffic and network devices -- as it streams past choke points along the backbone of the Internet. BLARNEY's top-secret program summary, set down in the slides alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as "an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks."
Now we're back to Austin Powers.