Internet Spy Program Needs Privacy Revisions, Panel Says

The spy program that compels Internet companies to turn over users’ e-mail and Web activity should be revised to more narrowly target foreign terrorists and avoid violating the privacy of U.S. citizens, an oversight board said.

While the program known as Prism is legal and effective, more detailed explanations should be provided to justify that information sought relates to a foreign intelligence purpose, the Privacy and Civil Liberties Oversight Board said today. It made 10 recommendations to refine surveillance activities.

The first independent review of Prism largely supports the once-secret National Security Agency program, which was exposed in documents made public last year by Edward Snowden. The report may provide cover for Google Inc. (GOOG), Yahoo Inc. and Facebook Inc. (FB), which are waging a public relations battle to persuade customers they aren’t willing partners in the government’s surveillance.

More on Cybersecurity:

“The board unanimously said this is a program that goes right up to the line of constitutionality,” David Medine, chairman of the panel, told reporters today in Washington.

The board said it found “no trace” of illegal activity “or any attempt to intentionally circumvent legal limits.” Its recommendations are intended to ensure an appropriate balance between national security and civil liberties.

Warrant Needs

Under Prism, the NSA can use warrants from a secret court that oversees spying as part of the Foreign Intelligence Surveillance Act to force Internet companies to turn over bulk user data on foreign citizens believed to be outside the U.S. and involved with terrorist organizations. In that process, the NSA can collect data that includes the content of communications of U.S. citizens without a warrant as long as those people aren’t the target of an investigation.

A warrant would be required to search communications of Americans who are the focus of an investigation.

The NSA was acquiring more than 250 million Internet communications and telephone conversations annually by 2011 under Prism and other data-collection efforts, according to the report.

“The current number is significantly higher,” the board said without providing an estimate.

The board recommended that the NSA’s targeting decisions specify the criteria that would be sufficient to demonstrate that the standard had been met. It isn’t seeking any legislative changes.

Phone Records

The panel five months ago took a harsher stance on the NSA’s collection of phone records, calling those practices illegal.

The five-member privacy panel, appointed by President Barack Obama and confirmed by the U.S. Senate, has no authority to change the programs and can only make recommendations.

The report may actually complicate efforts by groups that have sued to challenge the 2008 law that led to Prism.

“Overall the board has found that the information the program has collected has been valuable and effective to national security” and helping to stop terrorist plots, Medine said.

The board recommended that the Federal Bureau of Investigation update its policies to reflect how it searches the database of communications for data about U.S. citizens. Panel members were divided on whether to place new limits on the agency’s use of that data.

Section 702

Medine and another board member said the FBI should be required to get court approval to query the database for data on Americans.

The NSA and Central Intelligence Agency should only be permitted to search the database for the communications of Americans “if the query is based upon a statement of facts showing that the query is reasonably likely to return foreign intelligence information as defined in FISA,” according to the report.

The Obama administration has defended the section of the law under which Prism operates, calling it critical to anti-terrorism efforts. The program is carried out under Section 702 of FISA, which Congress amended in 2008.

James Clapper, the U.S. director of national intelligence, said the report shows the value of Section 702 in preventing terrorism. His office will review the board’s recommendations on ensuring privacy, according to a statement released today.

Backdoor Searches

Senator Ron Wyden, an Oregon Democrat, and other lawmakers have expressed concern that the government is doing what amounts to secret backdoor searches of the communications of U.S. citizens.

The NSA, FBI and CIA have queried the database for e-mails and other Web activity of U.S. citizens to locate information related to potential terrorist plots, Deirdre Walsh, director of legislative affairs for the Office of Director of National Intelligence, wrote in a June 27 letter to Wyden.

“The queries in question are lawful, limited in scope and subject to oversight” and “there is no loophole in the law,” Walsh wrote in the letter, which was released by Wyden’s office on June 30.

The NSA used 198 e-mail addresses or phone numbers of Americans to search the database in 2013 and also conducted about 9,500 queries for metadata, which refers to date and time stamps, Walsh wrote. The CIA conducted less than 1,900 queries of the data last year using data about U.S. citizens, Walsh said.

The FBI says the number of queries it makes of the data using e-mails or phone numbers of Americans is “substantial,” and wasn’t able to provide an estimate, Walsh said.

The letter confirms that “intelligence agencies are searching through communications collected under Section 702” and “are deliberately conducting warrantless searches for the communications of individual Americans,” Wyden said in a statement. The House voted 293-123 last month to require a warrant for these searches, though no final action in Congress has been taken.

To contact the reporter on this story: Chris Strohm in Washington at cstrohm1@bloomberg.net

To contact the editors responsible for this story: Romaine Bostick at rbostick@bloomberg.net Steve Geimann

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.