By Brendan Sasso - 07/07/13 07:35 PM EDT
Leaks by former National Security Agency contractor Edward Snowden have provided new insight into how the government monitors domestic and foreign communications for threats to national security.
Without that additional information, it is impossible to know the extent to which the government is peering into the lives of Americans in the name of national security, according to privacy advocates.
1. What other data is being collected under the Patriot Act?
The first leak from Snowden was a secret court order demanding that Verizon turn over vast batches of “metadata” on its U.S. customers. The data included the time and duration of calls, as well as the phone numbers involved, but not the contents of the conversations. The NSA says the data collection was authorized under Section 215 of the Patriot Act.
The Director of National Intelligence (DNI) clarified that while the government does obtain data on millions of U.S. phone calls (and from more companies than just Verizon), it only “queries” the database a limited number of times for specific national security reasons.
Michelle Richardson, a legislative counsel for the American Civil Liberties Union (ACLU), questioned whether the NSA is using Section 215 to collect more than just phone records.
“Is it also financial data or Internet records or other things?” she asked. “Knowing now that the court has been so broad in its interpretation, it’s even more important to figure out what else they’re getting.”
Greg Nojeim, a senior counsel for the Center for Democracy and Technology, said the NSA is likely using the Patriot Act to collect the credit card records and IP addresses of millions of people within and outside of the United States.
2. How broad are the programs?
How many people have been spied on through the NSA programs remains unclear. According to the NSA, it queried its massive database of phone records fewer than 300 times in 2012. But the agency did not disclose figures on other years or how many phone numbers were accessed in those queries.
Richardson explained that a single query could be an algorithm that scans the database and returns information on many people.
The other major program revealed by Snowden is the NSA’s Internet surveillance program, called PRISM. Unlike the phone record collection program under the Patriot Act, the NSA uses PRISM to access the contents of communications, such as emails, video chats, photographs and other information.
According to the DNI, the NSA only accesses those online records if there is a “foreign intelligence purpose” and the target is “reasonably believed” to be outside of the U.S. The program is authorized by Section 702 of the Foreign Intelligence Surveillance Act, and the searches require approval by a secret FISA court.
The NSA has not disclosed how many people it has targeted under Section 702 or how many people were spied on incidentally as part of the program.
“We have no idea how many U.S. persons have had their communications swept up,” said Sharon Bradford Franklin, senior counsel for the Constitution Project.
3. What’s the legal rationale?
The NSA has insisted the surveillance programs comply with the law and are overseen by independent FISA courts. But the opinions of those courts are secret, so little is known about how the courts are enforcing privacy protections or why they signed off on certain surveillance methods.
Section 215 of the Patriot Act allows the government to collect business records if they are “relevant” to a terrorism investigation. The FISA courts have determined that that provision allows the NSA to collect records on virtually all phone calls within and outside of the U.S. Why the court determined that so much data is “relevant” to a terrorism investigation remains unclear.
“Generally we don’t know the legal rationale being offered by the administration and being accepted by the FISA court to justify these particular types of surveillance programs,” Bradford Franklin said. “We should not have secret law in a democracy.”
4. Is the NSA still collecting email records?
One of the latest leaks revealed that beginning in 2001, the NSA collected vast amounts of email records. The NSA was able to identify the email accounts that sent and received messages, as well as IP addresses. The data collection did not include the contents of the emails.
The Obama administration confirmed the existence of the program, but said it ended in 2011 for “operational and resource reasons.”
One major question, according to privacy advocates, is whether the government is still able to obtain similar email records through a separate program.
5. Are there other programs that we don’t know about?
Although the NSA has provided some details about the programs leaked by Snowden, it is unclear what other programs exist and how they work together as part of a broad surveillance strategy.
“There’s this giant surveillance superstructure out there that we’re finally getting glimpses of, but there’s still a lot of questions of how does the whole thing work,” Richardson said.