The top lawyer for the National Security Agency told a civil liberties oversight board on Wednesday that US technology companies were fully aware of the surveillance agency’s data collection – knowledge which the firms have vigorously denied having.
NSA general counsel Rajesh De said companies like Facebook and Google had complete knowledge of all communications information and metadata collected by the agency pursuant to the 2008 FISA Amendments Act, whether the material was gathered by the internet data-mining program PRISM or by the “so-called ‘upstream’ collection of communications moving across the internet,” the Guardian reported.
When asked during a hearing with the Privacy and Civil Liberties Oversight Board whether data collection under Section 702 of the FISA Amendments Act was done with the “full knowledge and assistance of any company from which information is obtained,” De said, “Yes.”
PRISM was exposed to the public in June, when news outlets first published classified documents leaked by former NSA contractor Edward Snowden. The companies implicated in the program – including AOL, Apple, Google, Facebook, Microsoft, and Yahoo – immediately denied knowing that the NSA had such access to customer data.
The companies are still in the midst of an at times coordinated PR assault to counter any claims that they are complicit in NSA spying. For instance, last week, Facebook chief Mark Zuckerberg claimed he had called President Barack Obama to voice displeasure about “the damage the government is creating for all our future.”
De explained that the nature of data collection was communicated to the companies.
“PRISM was an internal government term that as the result of leaks became the public term,” De said. “Collection under this program was a compulsory legal process that any recipient company would receive.”
De told the Guardian after the hearing that such notification and legal framework apply to not only PRISM-like back-door access to companies’ systems, but also when the NSA collects data traveling across the internet, pursuant to Section 702.
It is not clear what, exactly, the legal process is that De referred to when the government demands a company offer communications data under PRISM and the like. Snowden documents suggest the NSA has unfettered access to tech firm data.
The secretive FISA (Foreign Intelligence Surveillance Act) court oversees US surveillance requests under Section 702, which permits NSA collection of phone, email, internet, and other communication content when one party is believed to be a non-American outside of the US. However, a substantial amount of American data is also collected in this process.
PRISM data is stored for five years, while “upstream” data taken straight from the internet is kept for two years.
De and other administration figures testifying before the civil liberties board bristled at suggestions that the FISA court authorizes searches for American data that is already gathered inside the databases sanctioned by Section 702.
“If you have to go back to court every time you look at the information in your custody, you can imagine that would be quite burdensome,” deputy assistant attorney general Brad Wiegmann said.
De said that once information is collected under FISA court permission, surveillance analysts should be able to search it, adding that there are privacy considerations in place that respect Americans’ data.
“That information is at the government’s disposal to review in the first instance,” De said.
De and his colleagues did not discuss legal authority for other forms of government data collection outside of Section 702. For instance, Snowden documents published in October showed how the NSA can infiltrate the likes of Yahoo and Google data centers worldwide under executive order 12333.