Big Brother has always been watching, but how much can he see?

NSA building

It turns out Big Brother is watching — and has been for years. Revelations from the UK’s The Guardian and The Washington Post have revealed long-standing intelligence programs that may have cataloged every phone call made by untold millions of Americans for years. More-recent intelligence-gathering operations apparently even enabled the government to monitor email, chats, documents, and other communications sent through major online services provided by Google, Facebook, Microsoft, and Apple and others.

Congress, the intelligence community, and even the President of the United States aren’t denying that the programs exist, or even their scope: Instead, they’re describing the programs as vital tools for U.S. national security — and insist everything’s being done by the book.

Is the government really tracking everything we do on our phones and online? Is that even legal? What’s being done with all that information — should we be worried?

What’s been revealed?

Recent reports about the government’s data-gathering activities came in two waves. First, The Guardian published a secret order requiring Verizon turn over “telephony metadata” for all telephone calls on a daily basis. Second, The Washington Post went public with details of PRISM, an extensive NSA program capable of collecting data “directly from the servers” of some of the Internet’s largest service providers.

PRISM

Verizon does not provide Uncle Sam with the actual content of telephone conversations or billing information for the callers. It does, however, include almost everything else about calls, including the originating number, receiving number, time and length of call, unique identifiers associated with devices (like mobile phones) and sessions, as well as location data for each endpoint of a call.

Details of PRISM are based on a 41 internal NSA briefing slides dated April 2013. Data collected under PRISM reportedly includes email, images, chats, social-networking details, documents, and connection logs. Companies and services specifically named as cooperating with PRISM are Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. (The presentation describes Dropbox as “coming soon.”) The Guardian reports British intelligence also gathers data through PRISM.

What’s the scope?

In the wake of The Guardian’s Verizon expos, government representatives and members of Congress have confirmed the existence of the call-monitoring program, and asserted it has been conducted lawfully under the continual oversight of both Congress and the Foreign Intelligence Surveillance Court (FICA), a secret body whose proceedings are classified.

Director of National Intelligence James Clapper

At an impromptu press event June 6, Senator Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee, described the published Verizon order as “the exact three-month renewal of what has been the case for the past seven years,” meaning the collection of telephone call metadata has been in place since at least 2006.

“Our courts have consistently recognized that there is no reasonable expectation of privacy in this type of metadata information and thus no search warrant is required to obtain it,” Feinstein and Senator Saxby Chambliss (R-GA) wrote in a joint statement.

Many Americans have been expressing outrage that the numbers the call, when they call them, where they are at the time, and what phone they’re using are all considered public information.

Feinstein and other members of Congress have asserted that the NSA’s collection of phone call metadata has helped foil multiple terror acts in the United States. However, the details remain classified.

“Even terror suspects order pizza and dial wrong numbers.”

Government and Congressional officials have not confirmed whether call metadata is also collected from operators other than Verizon, but three sources with first-hand knowledge of NSA and FBI operations have specifically identified Sprint and AT&T as complying with similar metadata collection operations. They each also implied (but did not confirm) other U.S. telecom operators also provide call metadata.

“There is no indication that this order to Verizon was unique or novel,” the EFF’s Cindy Cohn and Mark Rumold wrote in a statement categorizing the program as untargeted, domestic surveillance.

In a very unusual move, the Director of National Intelligence James Clapper issued a statement indicating Congress has been “fully and repeatedly briefed” on the program, and that it had been “has been authorized by all three branches of the Government.” Clapper also asserted disclosure of the telephone data collection program could cause “irreversible harm” to U.S. anti-terror efforts, but at the same time indicated he’s now seeking to declassify some information about the program so the public can be better informed.

So far, PRISM’s scope is much less clear. While the internal NSA slides refer to obtaining data directly from a company’s servers, a second classified document obtained by The Washington Post indicates information is garnered through “equipment installed at company-controlled locations” that can be configured and queried by NSA analysts.

Nearly every company named in the NSA documents have issued specific denials that they participate in PRISM.

“We only ever comply with orders for requests about specific accounts or identifiers,” Microsoft — reportedly PRISM’s earliest collaborator — said in a statement. “If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Facebook, AOL, Apple, Google, and Yahoo have all given similar statements via email or their Web sites denying participation in PRISM or providing any government agency access to its servers. PalTalk has not yet responded to a request for comment.

How is the data used?

According to sources within the NSA and FBI with first-hand knowledge of investigations carried out under FISA warrants, phone call metadata is not immediately screened or monitored when it’s turned over the NSA. Instead, the data is collated in secure facilities and warehoused.

Verizon-NSA-mem-2

“The idea is that the info has already been assembled for when it’s needed,” wrote a recently-retired intelligence officer. “We don’t have to start over from nothing every single time.”

To run queries against that massive (and ever-growing) data set, analysts and investigators need to demonstrate “reasonable suspicion” specific individuals are involved in foreign threats to the United States. According to sources with direct knowledge, those queries cannot be carried out under the same orders that authorized collection of phone metadata from telecom operators like Verizon.

“Analysts cannot just decide on their own that they have ‘reasonable suspicion’ and start firing off queries,” wrote one source within the U.S. intelligence community. “Access must be properly authorized and even then it’s limited and monitored.”

According to these sources, the phone metadata would be used to build out a web of connections from specific individuals or devices, looking for possible connections. Those might include phone calls, or physical proximity to a location, person, or device under scrutiny. A typical analysis would be “two steps deep,” meaning analysts would consider calls to and from a particular number as well as calls to and from connecting numbers. Particular connection might get deeper scrutiny.

When asked if that process of tracing connections was likely to include data from everyday Americans or others completely uninvolved in anything related to foreign agents, terrorism, or other concerns covered by FISA warrants, all sources confirmed the possibility.

“That’s the nature of investigation,” said an active NSA officer. “Put another way: A police helicopter might shine a spotlight in a back yard looking for someone fleeing a robbery or assault. That doesn’t mean the homeowner is a suspect.”

Or phone records can peer deeply into our private lives.

Conceding the possibility everyday citizens come up in queries of phone metadata, the retired intelligence officer noted: “Even terror suspects order pizza and dial wrong numbers.”

The scope of PRISM is far more nebulous. None of my sources would confirm any direct knowledge of PRISM, although they all acknowledged specific FISA warrants have been issued for electronic data and account information from many Internet companies, including those identified in the PRISM presentation. None would confirm or even speculate on the scope of data collected under those warrants or how frequently they have been issued, save to note that any investigation conducted under FISA authorization cannot deliberately target U.S. citizens or people within the United States.

The Wall Street Journal has reported (subscription required) that information collected by the NSA as metadata also includes credit-card transactions, in addition to phone call data and online activity.

Perhaps the best indication on the scope of PRISM comes from another unusual — and very ambiguous — second statement from the Director of National Intelligence, James Clapper. While claiming reports about PRISM contain “numerous inaccuracies” and its unauthorized disclosure is “reprehensible,” Clapper nonetheless maintains “information collected under this program is among the most important and valuable foreign intelligence information we collect.”

The NSA presentation slides characterize PRISM as the tool most commonly used in NSA reporting.

Is all this legal?

In a word, yes.

The U.S. Constitution protects citizens against “unreasonable searches and seizures,” and requires “probable cause” to issue search warrants. Both clauses continue to evolve, but their legal definitions have been well established by more than two centuries of American law.

spying

The legal key to the phone metadata collection program and (apparently) PRISM is that they target foreign citizens who are not subject to Constitutional protections. To monitor communications of suspected foreign agents in the United States, the government must obtain a warrant from the Foreign Intelligence Surveillance Court (FISC), a secret body set up in 1978. The government is the only party who ever appears before the court — it operates more like a grand jury than an adversarial court — and the government’s requests are rarely denied. However, the FISC’s activities are classified: otherwise, the bad guys might get tipped off they were being watched.

Yet a substantial amount of telephone and Internet communication flows through the U.S., even if it doesn’t originate or terminate within the United States. Hence, watching U.S. communications is an effective way to monitor a significant amount of communication to and between foreign nationals — precisely what the FISC can authorize.

The NSA’s phone metadata collection program revealed by The Guardian is not the same as wiretapping. The NSA is not listening to or recording phone calls. To record phone calls of foreign nationals, they would need to appear before the FISC and obtain a separate warrant. If an investigation targeted U.S. citizens, a judge can issue a wiretap warrant only if the government can assert other investigative methods have failed, are too dangerous, or are unlikely to succeed.

Since the FISC’s activities are classified, nobody really knows how the government argues for warrants. To obtain a warrant on individuals who are not U.S. citizens, the government needs to demonstrate “reasonable suspicion” — a legal concept that has a lower standard of proof than probable cause but which must be based on “specific and articulable facts,” not just a hunch.

The slippery slope, in legal terms, comes from the communications data on U.S. citizens the NSA or other intelligence agencies may become privy to under a warrant granted to them under “reasonable suspicion” rather than “probable cause.”

Where do we go from here?

Just as millions of people don’t mind telling the whole world who their friends and family are on Facebook or Twitter, many probably don’t care if federal investigators know they ordered pizza, phoned home, called their grandparents on Sundays, and voted on American Idol.

But there are significant civil liberties and even civil rights concerns if call metadata were to be inappropriately accessed or abused. After all, our phone records can peer deeply into our private lives. Imagine being fired from a job because an employer discovered, via phone records, that you’d been interviewing with another company. Or perhaps a spouse — or employer — finds out that call for a cab you made just after midnight was from a bar, not the office like you’d said. PRISM could amplify these concerns, depending on the scope of the program and the nature of the information it warehouses. What if a school district made a policy never to hire staff or teachers who had visited porn sites, or an insurer decided that your obsession with that extreme sports app was just a little too troubling?

We aren’t there yet. In the meantime, Director of National Intelligence James Clapper notes that “discussing programs like this publicly will have an impact on the behavior of our adversaries and make it more difficult for us to understand their intentions.” In practice, that means bad guys will alter their use of phone and Internet services based in the U.S. to make it more difficult for the NSA and other agencies to sift them out of all the data they collect. That means the intelligence community will have to work harder to find and track them — and who knows where that might lead.

[Keyhole/eye image via Shutterstock / Tischenko Irina]

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Emerging Tech

Desk lamps take on a new task by converting their light to power

What if we could charge devices using light from indoor sources like desk lamps? A group of scientists working on a technology called organic photovoltaics (OPVs) aim to do just that.
Mobile

Here are the best iPad Pro keyboard cases to pick up with your new tablet

The iPad Pro range can double as laptops, but they do need proper keyboards to fill in effectively. Thankfully, there are loads to choose from and we rounded up the best iPad Pro keyboard cases right here.
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Cars

FWD vs. RWD vs. AWD: How the wheels that turn change the way you drive

Let's face it, you've likely heard front-, rear-, and all-wheel drive mentioned before in some context or another. But what do these terms mean, especially in terms of performance? We’ve got the answers.
Computing

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Deals

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…
Computing

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Computing

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code. 
Mobile

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.
Computing

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.
Computing

Nvidia faces attacks from AMD, Intel, and even Google. Should it be worried?

Nvidia announced an expanded array of RTX server solutions designed to leverage the power of ray-tracing at GTC 2019. The effort will help Nvidia take on Google's Stadia in game streaming with GeForce Now, and the company's investments in…
Computing

How 5G networks will make low-latency game streaming a reality

Faster speeds and more bandwidth are some of the many promises that 5G can deliver, but for gamers, the most important thing is low latency. To achieve low latency, carriers like AT&T and Verizon are exploring hybrid models for game…