Risk
6/11/2013
01:21 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

NSA Prism: Patriot Act Author Questions Scope

White House says NSA's surveillance programs implement FISA and the Patriot Act -- but Patriot Act author is not so sure. Meanwhile, privacy groups turn up the heat.

Is the NSA's Prism program legal?

To be clear, what's being called Prism really refers to the name of an internal government computer system that's used as part of a program known as the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA), or the Section 702 programs for short, according to a DNI briefing document released Saturday.

Whistleblower Edward Snowden, 29, has claimed credit for releasing classified documents relating to two Section 702 monitoring programs. One is aimed at intercepting foreign online communications, including email, chat and VoIP communications; the other is tasked with gathering metadata relating to millions of phone calls, which could reveal the locations of callers as well as those of the people with whom they'd communicated, although not the content of calls.

[ How do system administrators fit into your company's security chain? Read NSA Prism Relies Heavily On IT Contractors. ]

President Obama Friday defended the programs, as well as the NSA's capture of telephone metadata. He noted that both programs have been "authorized by broad bipartisan majorities repeatedly since 2006."

"We've got congressional oversight and judicial oversight. And if people can't trust not only the executive branch but also don't trust Congress and don't trust federal judges to make sure that we're abiding by the Constitution, due process and rule of law, then we're going to have some problems here," he said.

In a press conference Saturday, White House spokesman Ben Rhodes said the Section 702 program "was reauthorized by Congress in December 2012, and it has a reporting requirement to Congress," meaning that the Director of National Intelligence and Attorney General must provide semiannual reports to legislators to review "the targeting procedures as well as the minimization procedures associated with targeting."

The phone metadata capture appears to be authorized by Section 215 of the Patriot Act.

Rhodes said briefings about the programs had been regularly delivered to the intelligence and judiciary committees in both the House and Senate. He also said that additional FISA briefings had been provided for about 13 legislators who requested information about how the program captures telephone metadata.

Sen. Dianne Feinstein (D-Calif.), who chairs the Intelligence Committee and has backed the programs, said the committee will hold a closed briefing Thursday for all senators, in which officials from the NSA, FBI and Justice Department will detail the surveillance programs in greater detail. The House Intelligence Committee plans to hold a similar hearing next Tuesday.

House speaker John A. Boehner (R-Ohio) told ABC News Tuesday that he's been fully briefed on the two programs that Snowden publicly revealed, and dismissed any threat to civil liberties. "When you look at these programs, there are clear safeguards," he said. "There's no American who's gonna be snooped on in any way-- unless they're in contact with some terrorists somewhere around the world."

But in a letter sent last week to Attorney General Eric Holder, the author of the Patriot Act, Rep. James Sensenbrenner (R-Wis.), said, "I am extremely disturbed by what appears to be an overbroad interpretation of the Act."

Similarly, Rep. Hank Johnson (D-NC) issued a statement calling for "a thorough and public debate on how our government can balance the need for national security while protecting the basic liberties of its citizens," saying that "Americans have a right to know the power that they are granting their government."

Privacy rights group EPIC filed a freedom of information request with the Department of Justice Friday, seeking the release of its legal justification for the Prism program. But the White House has been resisting such measures.

Friday the White House filed a motion opposing public release of a 2011 Foreign Intelligence Surveillance Court decision declaring some aspect of National Security Agency surveillance under the FISA Amendments Act to be unconstitutional or otherwise illegal, in response to a similar request from EPIC pertaining to the capture of telephone metadata, law professor Jonathan Adler at Case Western Reserve University in a said in a blog post.

President Obama, defending the NSA's monitoring programs, said access to captured data was only authorized using warrants under FISA, which in 1979 created the Foreign Intelligence Surveillance Court (FISC) to field requests from the Department of Justice for surveillance warrants against suspected foreign agents engaged in espionage or terrorism.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
6/13/2013 | 11:36:51 AM
re: NSA Prism: Patriot Act Author Questions Scope
Now Sensenbrenner is disturbed? Programs like Prism are EXACTLY what the Patriot Acts were intended for. So Sensenbrenner is one of the authors (or more correctly, someone who let someone else write everything and he slapped his name on it) and he has no clue which broad antidemocratic, unconstitutional powers the Patriot Acts include? Maybe before anything else is done we need to make sure that naive and delusional politicians are removed from Congress.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web