01:21 PM

NSA Prism: Patriot Act Author Questions Scope

White House says NSA's surveillance programs implement FISA and the Patriot Act -- but Patriot Act author is not so sure. Meanwhile, privacy groups turn up the heat.

Is the NSA's Prism program legal?

To be clear, what's being called Prism really refers to the name of an internal government computer system that's used as part of a program known as the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA), or the Section 702 programs for short, according to a DNI briefing document released Saturday.

Whistleblower Edward Snowden, 29, has claimed credit for releasing classified documents relating to two Section 702 monitoring programs. One is aimed at intercepting foreign online communications, including email, chat and VoIP communications; the other is tasked with gathering metadata relating to millions of phone calls, which could reveal the locations of callers as well as those of the people with whom they'd communicated, although not the content of calls.

[ How do system administrators fit into your company's security chain? Read NSA Prism Relies Heavily On IT Contractors. ]

President Obama Friday defended the programs, as well as the NSA's capture of telephone metadata. He noted that both programs have been "authorized by broad bipartisan majorities repeatedly since 2006."

"We've got congressional oversight and judicial oversight. And if people can't trust not only the executive branch but also don't trust Congress and don't trust federal judges to make sure that we're abiding by the Constitution, due process and rule of law, then we're going to have some problems here," he said.

In a press conference Saturday, White House spokesman Ben Rhodes said the Section 702 program "was reauthorized by Congress in December 2012, and it has a reporting requirement to Congress," meaning that the Director of National Intelligence and Attorney General must provide semiannual reports to legislators to review "the targeting procedures as well as the minimization procedures associated with targeting."

The phone metadata capture appears to be authorized by Section 215 of the Patriot Act.

Rhodes said briefings about the programs had been regularly delivered to the intelligence and judiciary committees in both the House and Senate. He also said that additional FISA briefings had been provided for about 13 legislators who requested information about how the program captures telephone metadata.

Sen. Dianne Feinstein (D-Calif.), who chairs the Intelligence Committee and has backed the programs, said the committee will hold a closed briefing Thursday for all senators, in which officials from the NSA, FBI and Justice Department will detail the surveillance programs in greater detail. The House Intelligence Committee plans to hold a similar hearing next Tuesday.

House speaker John A. Boehner (R-Ohio) told ABC News Tuesday that he's been fully briefed on the two programs that Snowden publicly revealed, and dismissed any threat to civil liberties. "When you look at these programs, there are clear safeguards," he said. "There's no American who's gonna be snooped on in any way-- unless they're in contact with some terrorists somewhere around the world."

But in a letter sent last week to Attorney General Eric Holder, the author of the Patriot Act, Rep. James Sensenbrenner (R-Wis.), said, "I am extremely disturbed by what appears to be an overbroad interpretation of the Act."

Similarly, Rep. Hank Johnson (D-NC) issued a statement calling for "a thorough and public debate on how our government can balance the need for national security while protecting the basic liberties of its citizens," saying that "Americans have a right to know the power that they are granting their government."

Privacy rights group EPIC filed a freedom of information request with the Department of Justice Friday, seeking the release of its legal justification for the Prism program. But the White House has been resisting such measures.

Friday the White House filed a motion opposing public release of a 2011 Foreign Intelligence Surveillance Court decision declaring some aspect of National Security Agency surveillance under the FISA Amendments Act to be unconstitutional or otherwise illegal, in response to a similar request from EPIC pertaining to the capture of telephone metadata, law professor Jonathan Adler at Case Western Reserve University in a said in a blog post.

President Obama, defending the NSA's monitoring programs, said access to captured data was only authorized using warrants under FISA, which in 1979 created the Foreign Intelligence Surveillance Court (FISC) to field requests from the Department of Justice for surveillance warrants against suspected foreign agents engaged in espionage or terrorism.

1 of 2
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
6/13/2013 | 11:36:51 AM
re: NSA Prism: Patriot Act Author Questions Scope
Now Sensenbrenner is disturbed? Programs like Prism are EXACTLY what the Patriot Acts were intended for. So Sensenbrenner is one of the authors (or more correctly, someone who let someone else write everything and he slapped his name on it) and he has no clue which broad antidemocratic, unconstitutional powers the Patriot Acts include? Maybe before anything else is done we need to make sure that naive and delusional politicians are removed from Congress.
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-02
Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet.

Published: 2015-10-02
Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

Published: 2015-10-02
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

Published: 2015-10-01
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Published: 2015-10-01
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.