Big Brother has always been watching, but how much can he see?

NSA building

It turns out Big Brother is watching — and has been for years. Revelations from the UK’s The Guardian and The Washington Post have revealed long-standing intelligence programs that may have cataloged every phone call made by untold millions of Americans for years. More-recent intelligence-gathering operations apparently even enabled the government to monitor email, chats, documents, and other communications sent through major online services provided by Google, Facebook, Microsoft, and Apple and others.

Congress, the intelligence community, and even the President of the United States aren’t denying that the programs exist, or even their scope: Instead, they’re describing the programs as vital tools for U.S. national security — and insist everything’s being done by the book.

Is the government really tracking everything we do on our phones and online? Is that even legal? What’s being done with all that information — should we be worried?

What’s been revealed?

Recent reports about the government’s data-gathering activities came in two waves. First, The Guardian published a secret order requiring Verizon turn over “telephony metadata” for all telephone calls on a daily basis. Second, The Washington Post went public with details of PRISM, an extensive NSA program capable of collecting data “directly from the servers” of some of the Internet’s largest service providers.

PRISM

Verizon does not provide Uncle Sam with the actual content of telephone conversations or billing information for the callers. It does, however, include almost everything else about calls, including the originating number, receiving number, time and length of call, unique identifiers associated with devices (like mobile phones) and sessions, as well as location data for each endpoint of a call.

Details of PRISM are based on a 41 internal NSA briefing slides dated April 2013. Data collected under PRISM reportedly includes email, images, chats, social-networking details, documents, and connection logs. Companies and services specifically named as cooperating with PRISM are Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. (The presentation describes Dropbox as “coming soon.”) The Guardian reports British intelligence also gathers data through PRISM.

What’s the scope?

In the wake of The Guardian’s Verizon expos, government representatives and members of Congress have confirmed the existence of the call-monitoring program, and asserted it has been conducted lawfully under the continual oversight of both Congress and the Foreign Intelligence Surveillance Court (FICA), a secret body whose proceedings are classified.

Director of National Intelligence James Clapper

At an impromptu press event June 6, Senator Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee, described the published Verizon order as “the exact three-month renewal of what has been the case for the past seven years,” meaning the collection of telephone call metadata has been in place since at least 2006.

“Our courts have consistently recognized that there is no reasonable expectation of privacy in this type of metadata information and thus no search warrant is required to obtain it,” Feinstein and Senator Saxby Chambliss (R-GA) wrote in a joint statement.

Many Americans have been expressing outrage that the numbers the call, when they call them, where they are at the time, and what phone they’re using are all considered public information.

Feinstein and other members of Congress have asserted that the NSA’s collection of phone call metadata has helped foil multiple terror acts in the United States. However, the details remain classified.

“Even terror suspects order pizza and dial wrong numbers.”

Government and Congressional officials have not confirmed whether call metadata is also collected from operators other than Verizon, but three sources with first-hand knowledge of NSA and FBI operations have specifically identified Sprint and AT&T as complying with similar metadata collection operations. They each also implied (but did not confirm) other U.S. telecom operators also provide call metadata.

“There is no indication that this order to Verizon was unique or novel,” the EFF’s Cindy Cohn and Mark Rumold wrote in a statement categorizing the program as untargeted, domestic surveillance.

In a very unusual move, the Director of National Intelligence James Clapper issued a statement indicating Congress has been “fully and repeatedly briefed” on the program, and that it had been “has been authorized by all three branches of the Government.” Clapper also asserted disclosure of the telephone data collection program could cause “irreversible harm” to U.S. anti-terror efforts, but at the same time indicated he’s now seeking to declassify some information about the program so the public can be better informed.

So far, PRISM’s scope is much less clear. While the internal NSA slides refer to obtaining data directly from a company’s servers, a second classified document obtained by The Washington Post indicates information is garnered through “equipment installed at company-controlled locations” that can be configured and queried by NSA analysts.

Nearly every company named in the NSA documents have issued specific denials that they participate in PRISM.

“We only ever comply with orders for requests about specific accounts or identifiers,” Microsoft — reportedly PRISM’s earliest collaborator — said in a statement. “If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Facebook, AOL, Apple, Google, and Yahoo have all given similar statements via email or their Web sites denying participation in PRISM or providing any government agency access to its servers. PalTalk has not yet responded to a request for comment.

How is the data used?

According to sources within the NSA and FBI with first-hand knowledge of investigations carried out under FISA warrants, phone call metadata is not immediately screened or monitored when it’s turned over the NSA. Instead, the data is collated in secure facilities and warehoused.

Verizon-NSA-mem-2

“The idea is that the info has already been assembled for when it’s needed,” wrote a recently-retired intelligence officer. “We don’t have to start over from nothing every single time.”

To run queries against that massive (and ever-growing) data set, analysts and investigators need to demonstrate “reasonable suspicion” specific individuals are involved in foreign threats to the United States. According to sources with direct knowledge, those queries cannot be carried out under the same orders that authorized collection of phone metadata from telecom operators like Verizon.

“Analysts cannot just decide on their own that they have ‘reasonable suspicion’ and start firing off queries,” wrote one source within the U.S. intelligence community. “Access must be properly authorized and even then it’s limited and monitored.”

According to these sources, the phone metadata would be used to build out a web of connections from specific individuals or devices, looking for possible connections. Those might include phone calls, or physical proximity to a location, person, or device under scrutiny. A typical analysis would be “two steps deep,” meaning analysts would consider calls to and from a particular number as well as calls to and from connecting numbers. Particular connection might get deeper scrutiny.

When asked if that process of tracing connections was likely to include data from everyday Americans or others completely uninvolved in anything related to foreign agents, terrorism, or other concerns covered by FISA warrants, all sources confirmed the possibility.

“That’s the nature of investigation,” said an active NSA officer. “Put another way: A police helicopter might shine a spotlight in a back yard looking for someone fleeing a robbery or assault. That doesn’t mean the homeowner is a suspect.”

Or phone records can peer deeply into our private lives.

Conceding the possibility everyday citizens come up in queries of phone metadata, the retired intelligence officer noted: “Even terror suspects order pizza and dial wrong numbers.”

The scope of PRISM is far more nebulous. None of my sources would confirm any direct knowledge of PRISM, although they all acknowledged specific FISA warrants have been issued for electronic data and account information from many Internet companies, including those identified in the PRISM presentation. None would confirm or even speculate on the scope of data collected under those warrants or how frequently they have been issued, save to note that any investigation conducted under FISA authorization cannot deliberately target U.S. citizens or people within the United States.

The Wall Street Journal has reported (subscription required) that information collected by the NSA as metadata also includes credit-card transactions, in addition to phone call data and online activity.

Perhaps the best indication on the scope of PRISM comes from another unusual — and very ambiguous — second statement from the Director of National Intelligence, James Clapper. While claiming reports about PRISM contain “numerous inaccuracies” and its unauthorized disclosure is “reprehensible,” Clapper nonetheless maintains “information collected under this program is among the most important and valuable foreign intelligence information we collect.”

The NSA presentation slides characterize PRISM as the tool most commonly used in NSA reporting.

Is all this legal?

In a word, yes.

The U.S. Constitution protects citizens against “unreasonable searches and seizures,” and requires “probable cause” to issue search warrants. Both clauses continue to evolve, but their legal definitions have been well established by more than two centuries of American law.

spying

The legal key to the phone metadata collection program and (apparently) PRISM is that they target foreign citizens who are not subject to Constitutional protections. To monitor communications of suspected foreign agents in the United States, the government must obtain a warrant from the Foreign Intelligence Surveillance Court (FISC), a secret body set up in 1978. The government is the only party who ever appears before the court — it operates more like a grand jury than an adversarial court — and the government’s requests are rarely denied. However, the FISC’s activities are classified: otherwise, the bad guys might get tipped off they were being watched.

Yet a substantial amount of telephone and Internet communication flows through the U.S., even if it doesn’t originate or terminate within the United States. Hence, watching U.S. communications is an effective way to monitor a significant amount of communication to and between foreign nationals — precisely what the FISC can authorize.

The NSA’s phone metadata collection program revealed by The Guardian is not the same as wiretapping. The NSA is not listening to or recording phone calls. To record phone calls of foreign nationals, they would need to appear before the FISC and obtain a separate warrant. If an investigation targeted U.S. citizens, a judge can issue a wiretap warrant only if the government can assert other investigative methods have failed, are too dangerous, or are unlikely to succeed.

Since the FISC’s activities are classified, nobody really knows how the government argues for warrants. To obtain a warrant on individuals who are not U.S. citizens, the government needs to demonstrate “reasonable suspicion” — a legal concept that has a lower standard of proof than probable cause but which must be based on “specific and articulable facts,” not just a hunch.

The slippery slope, in legal terms, comes from the communications data on U.S. citizens the NSA or other intelligence agencies may become privy to under a warrant granted to them under “reasonable suspicion” rather than “probable cause.”

Where do we go from here?

Just as millions of people don’t mind telling the whole world who their friends and family are on Facebook or Twitter, many probably don’t care if federal investigators know they ordered pizza, phoned home, called their grandparents on Sundays, and voted on American Idol.

But there are significant civil liberties and even civil rights concerns if call metadata were to be inappropriately accessed or abused. After all, our phone records can peer deeply into our private lives. Imagine being fired from a job because an employer discovered, via phone records, that you’d been interviewing with another company. Or perhaps a spouse — or employer — finds out that call for a cab you made just after midnight was from a bar, not the office like you’d said. PRISM could amplify these concerns, depending on the scope of the program and the nature of the information it warehouses. What if a school district made a policy never to hire staff or teachers who had visited porn sites, or an insurer decided that your obsession with that extreme sports app was just a little too troubling?

We aren’t there yet. In the meantime, Director of National Intelligence James Clapper notes that “discussing programs like this publicly will have an impact on the behavior of our adversaries and make it more difficult for us to understand their intentions.” In practice, that means bad guys will alter their use of phone and Internet services based in the U.S. to make it more difficult for the NSA and other agencies to sift them out of all the data they collect. That means the intelligence community will have to work harder to find and track them — and who knows where that might lead.

[Keyhole/eye image via Shutterstock / Tischenko Irina]

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Home Theater

Spotify adds artist-blocking feature, despite its denials

Though it continues to claim you can't do it, there is plenty of evidence that Spotify added an artist-blocking feature to its platform, making it easy for users to never hear a specific musician or band.
Wearables

10 top features you should be using on your Apple Watch

The Apple Watch can do more than just tell you the time, but you may not be aware of all the different functions it has. Our list of the 10 most often used functions and features will help you understand what it can really do.
Smart Home

Put away that sponge and let us help you pick the best dishwasher for your buck

Tired of doing dishes by hand? Take a look at our picks of the four best dishwashers currently available and let a machine do the dirty work for you. They’ll do a much better job, anyway.
Photography

From DIY to AAA, here's how to take a passport photo in 6 different ways

If you're applying for a passport or renewing one, you need to submit a photo in your official application. There are strict guidelines, but fortunately, it's something you can do at home. Here's how to take a passport photo.
Computing

Zipping files on a Chromebook? Follow these four easy steps

Chromebooks support file compression, though they work a little differently than on Windows or Mac. Here's the step-by-step process to zipping files on a Chromebook, and then unzipping them again for extraction.
Computing

How good are you at spotting phishing scams? Take this quiz to find out

Are you able to discern between a legitimate email and one that's a scam designed to phish for your personal information? Google created an online quiz with tips to help you better understand phishing so you don't become a victim.
Computing

Patent application reveals what’s to come after AMD’s Graphics Core Next

A published patent application from AMD has revealed a new type of graphics processor core which could make a big difference to the capabilities of its GPUs if it finds its way into them in the future.
Computing

Yes, you can use Android apps on your Chromebook. Here's how

You can now get Android apps on your Chromebook! Google has enabled the Google Play Store app support on its Chrome OS and Chromebook hardware, so to get you started, here's our guide on how to get Android apps on a Chromebook.
Computing

Microsoft targets Chrome OS with $189 Windows 10 laptops for education

Microsoft announced seven new low-cost Windows 10 laptops, all priced under $300 to take on Chromebooks and iPads in the education market, along with a new Microsoft Allora stylus for students using the Surface Go tablet.
Computing

Lenovo patent hints at a future tablet with a folding screen

Folding devices are a new trend, and according to a recent patent, Lenovo is considering a foldable 2-in-1 with a hinge mechanism that would allow consumers to bend back the screen on the device. 
Computing

Wifi Porter is a high-tech block of wood that lets you share your broadband

Tired of manually connecting your guests to your home Wi-Fi network? The latest invention from the folks at Ten One Design, the WifiPorter, allow individuals to connect to your Wi-Fi with the tap of their phone, or by scanning an available…
Computing

Midrange Nvidia GTX 1660 Ti graphics card may be 20 percent faster than GTX 1060

In the freshest development in graphics card rumors, alleged benchmarks are showing that the GTX 1660 Ti graphics card could be as much as 20 percent faster when compared to the older GTX 1060. 
Computing

Work and play anywhere with these portable, large-screen monitors

Via a recent and successful Kickstarter campaign by Unick, a new line of portable, large-screen monitors has been announced. The Gemini Taihe line of monitors offers two models: the Gemini FHD and the Gemini UHD.
Product Review

The Digital Storm Aventum X is an unstoppable gaming PC. Trust us, we tried

Packed with dual-Nvidia RTX 2080 Ti graphics card and a 9th-generation Intel Core i9 processor, the Aventum X is an infinitely upgradeable gaming PC that’s capable of far more performance than you’ll ever need.