Internet Spy Program Needs Privacy Revisions, Panel Says

The U.S. spy program that compels Internet companies to hand over some users’ e-mails and Web activity needs to be refined to more narrowly target foreign terrorists without violating Americans' privacy, a government oversight board said.

While the program is legal and effective, more detailed explanations should be provided by the U.S. to justify that information sought relates to a “foreign intelligence purpose,” the Privacy and Civil Liberties Oversight Board said in a preliminary report today.

The findings, which largely support the once-secret National Security Agency program called Prism, mark the first review by an independent federal agency. The report may provide cover for Google Inc., Yahoo Inc. and Facebook Inc., which are waging a public relations battle to persuade customers they aren’t willing partners in the government’s surveillance.

The board found “no trace” of illegal activity in the program “or any attempt to intentionally circumvent legal limits,” the report said. Because the rules “potentially allow a great deal of private information about U.S. persons to be acquired by the government,” the board makes recommendations “to ensure that the program appropriately balances national security with privacy and civil liberties.”

Legal Challenges

The report may complicate efforts by groups that have sued to challenge the 2008 law that led to Prism, which was exposed in documents made public last year by former NSA contractor Edward Snowden.

The privacy board, which plans a formal vote on the recommendations tomorrow, isn’t seeking any legislative changes. The panel five months ago took a harsher stance on the NSA’s collection of phone records, calling those practices illegal.

Under Prism, the NSA can use warrants from a secret court that oversees spying under the Foreign Intelligence Surveillance Act to force Internet companies to turn over bulk user data on foreign citizens believed to be outside the U.S. and involved with terrorist organizations. In that process, the NSA can collect data that includes the content of communications of U.S. citizens without a warrant as long as those people aren’t the target of an investigation.

Criteria Needed

A warrant would be required to search communications of Americans who are the focus of an investigation.

The board recommends that the NSA’s targeting decisions specify the criteria that would be sufficient to demonstrate that the standard had been met.

The five-member privacy panel, appointed by President Barack Obama and confirmed by the U.S. Senate, has no authority to change the programs and can only make recommendations.

The board recommended that the Federal Bureau of Investigation update its policies to reflect how it searches the database of communications for data about U.S. citizens. Panel members were divided on whether to place new limits on the agency’s use of that data.

The chairman of the board and another member said the FBI should be required to get court approval to query the database for data on Americans.

The NSA and Central Intelligence Agency should only be permitted to search the database for the communications of Americans “if the query is based upon a statement of facts showing that the query is reasonably likely to return foreign intelligence information as defined in FISA,” according to the report.

The Obama administration has defended the section of the law under which Prism operates, calling it critical to anti-terrorism efforts. The program is carried out under Section 702 of FISA, which Congress amended in 2008.

Backdoor Searches

The NSA was acquiring more than 250 million Internet communications and telephone conversations annually by 2011 under the program, according to the report.

“The current number is significantly higher,” the report said without providing an estimate.

The report describes how the government has been using Section 702 and assesses how effective it has been at thwarting terrorism.

Senator Ron Wyden, an Oregon Democrat, and other lawmakers have expressed concern that the government is doing what amounts to secret backdoor searches of the communications of U.S. citizens.

The NSA, FBI and CIA have queried the database for e-mails and other Web activity of U.S. citizens to locate information related to potential terrorist plots, Deirdre Walsh, director of legislative affairs for the Office of Director of National Intelligence, wrote in a June 27 letter to Wyden.

“The queries in question are lawful, limited in scope and subject to oversight” and “there is no loophole in the law,” Walsh wrote in the letter, which was released by Wyden’s office on June 30.

Google Lawsuit

The NSA used 198 e-mail addresses or phone numbers of Americans to search the database in 2013 and also conducted about 9,500 queries for metadata, which refers to date and time stamps, Walsh wrote. The CIA conducted less than 1,900 queries of the data last year using data about U.S. citizens, Walsh said.

The FBI says the number of queries it makes of the data using e-mails or phone numbers of Americans is “substantial,” and wasn’t able to provide an estimate, Walsh said.

The letter confirms that “intelligence agencies are searching through communications collected under Section 702” and “are deliberately conducting warrantless searches for the communications of individual Americans,” Wyden said in a statement. The House voted 293-123 last month to require a warrant for these searches, though no final action in Congress has been taken.

Customer Reaction

Google, Facebook, Yahoo and Microsoft Corp. filed lawsuits against the government for permission to disclose the extent of secret government orders under the Prism program. They dropped the lawsuits after reaching a deal in January with the Department of Justice.

U.S. technology companies could lose as much as $35 billion in the next three years in response to foreign customers not buying their products over concern they cooperate with spy programs, said Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation, a Washington-based nonprofit.

The privacy panel is led by David Medine, a former Federal Trade Commission official who served during the administration of President Bill Clinton. Other members include retired appeals court Judge Patricia M. Wald; James X. Dempsey, a civil liberties advocate who specializes in technology issues; and Washington lawyers Rachel Brand and Elisebeth Collins Cook, who served in President George W. Bush’s administration.

Before it's here, it's on the Bloomberg Terminal.