Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

NSA Prism: Patriot Act Author Questions Scope

White House says NSA's surveillance programs implement FISA and the Patriot Act -- but Patriot Act author is not so sure. Meanwhile, privacy groups turn up the heat.

Is the NSA's Prism program legal?

To be clear, what's being called Prism really refers to the name of an internal government computer system that's used as part of a program known as the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA), or the Section 702 programs for short, according to a DNI briefing document released Saturday.

Whistleblower Edward Snowden, 29, has claimed credit for releasing classified documents relating to two Section 702 monitoring programs. One is aimed at intercepting foreign online communications, including email, chat and VoIP communications; the other is tasked with gathering metadata relating to millions of phone calls, which could reveal the locations of callers as well as those of the people with whom they'd communicated, although not the content of calls.

[ How do system administrators fit into your company's security chain? Read NSA Prism Relies Heavily On IT Contractors. ]

President Obama Friday defended the programs, as well as the NSA's capture of telephone metadata. He noted that both programs have been "authorized by broad bipartisan majorities repeatedly since 2006."

"We've got congressional oversight and judicial oversight. And if people can't trust not only the executive branch but also don't trust Congress and don't trust federal judges to make sure that we're abiding by the Constitution, due process and rule of law, then we're going to have some problems here," he said.

In a press conference Saturday, White House spokesman Ben Rhodes said the Section 702 program "was reauthorized by Congress in December 2012, and it has a reporting requirement to Congress," meaning that the Director of National Intelligence and Attorney General must provide semiannual reports to legislators to review "the targeting procedures as well as the minimization procedures associated with targeting."

The phone metadata capture appears to be authorized by Section 215 of the Patriot Act.

Rhodes said briefings about the programs had been regularly delivered to the intelligence and judiciary committees in both the House and Senate. He also said that additional FISA briefings had been provided for about 13 legislators who requested information about how the program captures telephone metadata.

Sen. Dianne Feinstein (D-Calif.), who chairs the Intelligence Committee and has backed the programs, said the committee will hold a closed briefing Thursday for all senators, in which officials from the NSA, FBI and Justice Department will detail the surveillance programs in greater detail. The House Intelligence Committee plans to hold a similar hearing next Tuesday.

House speaker John A. Boehner (R-Ohio) told ABC News Tuesday that he's been fully briefed on the two programs that Snowden publicly revealed, and dismissed any threat to civil liberties. "When you look at these programs, there are clear safeguards," he said. "There's no American who's gonna be snooped on in any way-- unless they're in contact with some terrorists somewhere around the world."

But in a letter sent last week to Attorney General Eric Holder, the author of the Patriot Act, Rep. James Sensenbrenner (R-Wis.), said, "I am extremely disturbed by what appears to be an overbroad interpretation of the Act."

Similarly, Rep. Hank Johnson (D-NC) issued a statement calling for "a thorough and public debate on how our government can balance the need for national security while protecting the basic liberties of its citizens," saying that "Americans have a right to know the power that they are granting their government."

Privacy rights group EPIC filed a freedom of information request with the Department of Justice Friday, seeking the release of its legal justification for the Prism program. But the White House has been resisting such measures.

Friday the White House filed a motion opposing public release of a 2011 Foreign Intelligence Surveillance Court decision declaring some aspect of National Security Agency surveillance under the FISA Amendments Act to be unconstitutional or otherwise illegal, in response to a similar request from EPIC pertaining to the capture of telephone metadata, law professor Jonathan Adler at Case Western Reserve University in a said in a blog post.

President Obama, defending the NSA's monitoring programs, said access to captured data was only authorized using warrants under FISA, which in 1979 created the Foreign Intelligence Surveillance Court (FISC) to field requests from the Department of Justice for surveillance warrants against suspected foreign agents engaged in espionage or terrorism.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
6/13/2013 | 11:36:51 AM
re: NSA Prism: Patriot Act Author Questions Scope
Now Sensenbrenner is disturbed? Programs like Prism are EXACTLY what the Patriot Acts were intended for. So Sensenbrenner is one of the authors (or more correctly, someone who let someone else write everything and he slapped his name on it) and he has no clue which broad antidemocratic, unconstitutional powers the Patriot Acts include? Maybe before anything else is done we need to make sure that naive and delusional politicians are removed from Congress.
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20469
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
CVE-2020-20470
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
CVE-2020-20471
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
CVE-2020-20472
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
CVE-2020-20473
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.