Revamping PRISM

ARGUMENT (Declared Bias: Liberal Democrat)

In June 2013, Edward Snowden leaked a cache of National Security Agency (NSA) intelligence files to the general public in a controversial move. While some have praised Snowden, deeming him a hero for his courage and moxie, others have denounced Snowden, claiming that his whistleblowing irrevocably damaged national security. Although it is impossible for the general citizenry to agree on whether or not his actions were justified, one thing is clear: the NSA, and by extension, the United States government has several operations running without the public’s knowledge. While it could easily be argued that this lack of transparency is for the common good, the Snowden leaks also illustrate the fragility of the relationship between the U.S. government and its people. As the Snowden leaks revealed, surveillance has become inordinately expansive. The principles of individual property rights and institutional checks and balances have been bypassed in the name of national security.

The primary revelation of the Snowden leaks was the existence of the Planning Tool for Resource Integration, Synchronization, and Management (PRISM) Act, an NSA program that allows the agency to surveil domestically-routed internet traffic and communications; this act permits governmental monitoring of public and, more controversially, private data [1]. The program, authorized by the Foreign Intelligence Surveillance Act (FISA), has the declared purpose of protecting the United States from acts of terrorism [2]. To this end, PRISM attempts to track terrorist activity by filtering out potentially problematic information via digital communications — and then extinguishing risks before they have the opportunity to ignite. Further, although PRISM can only be executed in American domain, it “cannot be used to intentionally target any U.S. citizen” or any domestic resident [3].

Considering that our lives are increasingly digitized, why shouldn’t surveillance migrate to the internet as well? In a post-9/11 era, such anti-terrorist measures are anything but extreme. However, it is important to note that PRISM’s current approach is certainly not without its flaws. Conceding that PRISM is imperfect doesn’t undercut the necessity of surveillance. For this reason, PRISM should be significantly revised in execution and scope.

As it presently exists, PRISM suffers from two primary faults: a) its questionable constitutionality, and b) its lack of oversight.

The Fourth Amendment of the Bill of Rights gives Americans the right to “be secure in their persons, houses, papers, and effects,” which are protected from “unreasonable searches and seizures”. Searches can only be carried out with “probable cause, supported by oath or affirmation” — i.e. a search warrant [4]. Although not necessarily locally hosted or owned, a person’s data still qualifies as digital property, which — when assembled — constitutes one’s digital estate, which has the same legal bearing as heirlooms and wills [5]. In other words, a person’s digitally-created material is their property; in some cases, this even encompasses data hosted by external servers like Facebook [6]. Such property requires a search warrant in order for the state to constitutionally sift through it for any reason, according to the Fourth Amendment. However, in the case of PRISM, this necessity is ignored. The Foreign Intelligence Surveillance Court (FISC) is responsible for choosing PRISM targets, but the FISA Amendments Act does not require the FISC to supply “probable cause” that a target may be involved in illicit activity [7]. Because of this, FISC orders are not search warrants. Due to this disconnect, PRISM defies the Fourth Amendment in its warrantless property searches.

Further, PRISM is riddled with issues due to its marked lack of oversight and transparency. Most relevantly, PRISM’s ruling body — the FISC — neither publishes its opinions nor does it hold any public meetings. As such, it is difficult to fully ascertain the full extent of PRISM’s function. In an attempt to mitigate this, PRISM has listed overseers, including the executive branch. However, the complete secrecy surrounding PRISM and the FISA Court severely handicaps effective supervision. When asked how many Americans are being surveilled by the operation, James Clapper — the Director of National Intelligence, an executive agency — responded that it was “impossible” to calculate and provide an exact number. If even surveillance directors don’t have an adequate grasp of PRISM information, who does? Additionally, a letter from Kathleen Turner (Director of Legislative Affairs) mentions that any operation requiring “significant legal interpretation” is handed off to the congressional intelligence community — which is also overseen by the Director of National Intelligence. Though a certain level of opacity may be needed to maintain national security, it does not bode well that PRISM’s operations are so shrouded in obscurity that even its chief overseers cannot answer basic inquiries about its function [8].

Briefly discounting lack of oversight, PRISM’s core method of execution disagrees with both the Bill of Rights and its own declared mission. Although it was mentioned in the landmark Supreme Court case Clapper v. Amnesty International that FISA provisions allow only the surveillance of non-Americans living outside of U.S. borders, this appears not to be the case [9]. Aside from the NSA collecting data from named service providers (Facebook, Yahoo!, Microsoft, and others), PRISM also provides the government with communicative information obtained through cable and infrastructure interception, such as tapping undersea cables owned by telecommunications providers [10] [11]. This upstream surveillance means that PRISM operates on a “dragnet” principle — in simplified terms, PRISM takes in a very large influx of data and filters for any information of interest. This style of info-gathering is prohibited by the Fourth Amendment; as previously mentioned, any investigation must be targeted, have substantial reason, and be comprehensively supervised. When data inspection is done passively rather than actively — i.e. without explicit, targeted permission to investigate a target — this falls far outside of constitutional provisions. Alongside strengthening intelligence oversight programs, PRISM’s basic algorithm must be restructured in order to comply with the Constitution.

"Alongside strengthening intelligence oversight programs, PRISM’s basic algorithm must be restructured in order to comply with the Constitution."

Due to such shoddy oversight, the PRISM system has lent itself to governmental abuse. For example, in 2008, Yahoo! refused to provide the government with user data; in response, it was threatened with a $250,000 daily fine [12]. As mentioned by Kathleen Turner, all legal proceedings and lawyerly tasks are taken care of by groups overseen by the Director of National Intelligence. As such, Yahoo!’s legal battle was handled by governmental in-house legal committees and was not publicized until five years after it had fought — and lost — its lawsuit against the NSA; although Yahoo! instigated the lawsuit in the wake of the government fines, it was legally unable to reveal its involvement until earlier that year [13]. Five years later (a month after the 2013 Snowden leaks) Yahoo! requested that the government declassify court files from their legal battle. Alex Abdo, a national security attorney working for the American Civil Liberties Union, states that Yahoo!’s request is the “first time we’ve seen one of these companies making this broad an argument in favor of [FISC] transparency” [14]. Unfortunately, this never came to pass; though it has been five years since Yahoo!’s disclosure request, full case details have never been released. Yahoo! is likely just one example of many companies being effectively blackmailed into silence. Aside from being used to silence Yahoo! itself, the U.S. government has, in turn, reportedly used the legal battle to threaten other tech companies into PRISM/FISC compliance. As Yahoo! is now a named PRISM participant, it is disturbingly likely that the other PRISM-involved service providers were similarly coerced [15].

In summary, PRISM suffers from deep, structural flaws. At its idealized best, PRISM occasionally crosses constitutional lines for the sake of American safety. At its realistic worst, it flagrantly disregards all formalized sanctions of personal privacy and allows the government to clandestinely threaten and control companies and people. Keeping the U.S. secure is one thing; violating corporate and individual rights is another. At this current juncture, barely enough PRISM information is available to hold a substantial conversation on whether or not it is functioning appropriately. This alone shows that changes must be made. In order to salvage national sentiment while effectively protecting the U.S., PRISM must be amended and doctored so that it is regulated by suitable oversight and transparency about its basic structure is provided to at least relevant governmental agencies — all without sacrificing our security.

Hava ParkerStaff Writer

Edited by Junior Editor Andrew Kim

 

Sources and Notes

Featured Image: “7 takeaways from Mark Zuckerberg’s appearance before the House” by Steven Stern — Own work. Licensed under Cc BY 2.0 via Flickr Creative Commons — https://flic.kr/p/23jjeHs

[1] https://www.cnet.com/news/what-is-the-nsas-prism-program-faq/
[2] https://www.theatlantic.com/national/archive/2013/06/prisms-legal-basis-how-we-got-here-and-what-we-can-do-to-get-back/276667/
[3] https://www.cnet.com/news/what-is-the-nsas-prism-program-faq/
[4] https://www.law.cornell.edu/constitution/fourth_amendment
[5] http://www.financialconsulate.com/whats-a-digital-estate/
[6] https://www.facebook.com/terms.php/
[7] https://www.washingtonpost.com/news/wonk/wp/2013/06/12/heres-everything-we-know-about-prism-to-date/
[8] https://www.wyden.senate.gov/imo/media/doc/2011-07-28%20DNI%20Letter.pdf
[9] https://supreme.justia.com/cases/federal/us/568/11-1025/
[10] https://www.theguardian.com/world/2013/jun/08/nsa-prism-server-collection-facebook-google/
[11] https://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/
[12] https://www.theguardian.com/world/2014/sep/11/yahoo-nsa-lawsuit-documents-fine-user-data-refusal/
[13] https://www.mercurynews.com/2013/07/10/exclusive-yahoo-seeks-to-reveal-its-fight-against-nsa-prism-requests-2/
[14] https://www.denverpost.com/2013/07/11/exclusive-yahoo-seeks-to-reveal-its-fight-against-nsa-prism-requests/ https://www.zdnet.com/article/u-s-government-to-yahoo-comply-with-prism-or-well-make-sure-you-go-bankrupt/

Send a Comment

Your email address will not be published.