Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

NSA Prism: Patriot Act Author Questions Scope

White House says NSA's surveillance programs implement FISA and the Patriot Act -- but Patriot Act author is not so sure. Meanwhile, privacy groups turn up the heat.

Is the NSA's Prism program legal?

To be clear, what's being called Prism really refers to the name of an internal government computer system that's used as part of a program known as the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA), or the Section 702 programs for short, according to a DNI briefing document released Saturday.

Whistleblower Edward Snowden, 29, has claimed credit for releasing classified documents relating to two Section 702 monitoring programs. One is aimed at intercepting foreign online communications, including email, chat and VoIP communications; the other is tasked with gathering metadata relating to millions of phone calls, which could reveal the locations of callers as well as those of the people with whom they'd communicated, although not the content of calls.

[ How do system administrators fit into your company's security chain? Read NSA Prism Relies Heavily On IT Contractors. ]

President Obama Friday defended the programs, as well as the NSA's capture of telephone metadata. He noted that both programs have been "authorized by broad bipartisan majorities repeatedly since 2006."

"We've got congressional oversight and judicial oversight. And if people can't trust not only the executive branch but also don't trust Congress and don't trust federal judges to make sure that we're abiding by the Constitution, due process and rule of law, then we're going to have some problems here," he said.

In a press conference Saturday, White House spokesman Ben Rhodes said the Section 702 program "was reauthorized by Congress in December 2012, and it has a reporting requirement to Congress," meaning that the Director of National Intelligence and Attorney General must provide semiannual reports to legislators to review "the targeting procedures as well as the minimization procedures associated with targeting."

The phone metadata capture appears to be authorized by Section 215 of the Patriot Act.

Rhodes said briefings about the programs had been regularly delivered to the intelligence and judiciary committees in both the House and Senate. He also said that additional FISA briefings had been provided for about 13 legislators who requested information about how the program captures telephone metadata.

Sen. Dianne Feinstein (D-Calif.), who chairs the Intelligence Committee and has backed the programs, said the committee will hold a closed briefing Thursday for all senators, in which officials from the NSA, FBI and Justice Department will detail the surveillance programs in greater detail. The House Intelligence Committee plans to hold a similar hearing next Tuesday.

House speaker John A. Boehner (R-Ohio) told ABC News Tuesday that he's been fully briefed on the two programs that Snowden publicly revealed, and dismissed any threat to civil liberties. "When you look at these programs, there are clear safeguards," he said. "There's no American who's gonna be snooped on in any way-- unless they're in contact with some terrorists somewhere around the world."

But in a letter sent last week to Attorney General Eric Holder, the author of the Patriot Act, Rep. James Sensenbrenner (R-Wis.), said, "I am extremely disturbed by what appears to be an overbroad interpretation of the Act."

Similarly, Rep. Hank Johnson (D-NC) issued a statement calling for "a thorough and public debate on how our government can balance the need for national security while protecting the basic liberties of its citizens," saying that "Americans have a right to know the power that they are granting their government."

Privacy rights group EPIC filed a freedom of information request with the Department of Justice Friday, seeking the release of its legal justification for the Prism program. But the White House has been resisting such measures.

Friday the White House filed a motion opposing public release of a 2011 Foreign Intelligence Surveillance Court decision declaring some aspect of National Security Agency surveillance under the FISA Amendments Act to be unconstitutional or otherwise illegal, in response to a similar request from EPIC pertaining to the capture of telephone metadata, law professor Jonathan Adler at Case Western Reserve University in a said in a blog post.

President Obama, defending the NSA's monitoring programs, said access to captured data was only authorized using warrants under FISA, which in 1979 created the Foreign Intelligence Surveillance Court (FISC) to field requests from the Department of Justice for surveillance warrants against suspected foreign agents engaged in espionage or terrorism.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
6/13/2013 | 11:36:51 AM
re: NSA Prism: Patriot Act Author Questions Scope
Now Sensenbrenner is disturbed? Programs like Prism are EXACTLY what the Patriot Acts were intended for. So Sensenbrenner is one of the authors (or more correctly, someone who let someone else write everything and he slapped his name on it) and he has no clue which broad antidemocratic, unconstitutional powers the Patriot Acts include? Maybe before anything else is done we need to make sure that naive and delusional politicians are removed from Congress.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.