Secret to Prism program: It's just one part of an even bigger data seizure

By Stephen Braun

Associated Press

Published: Saturday, June 15 2013 12:00 a.m. MDT

One expert in national security law, who is directly familiar with how Internet companies dealt with the government during that period, recalls conversations in which technology officials worried aloud that the government would trample on Americans' constitutional right against unlawful searches, and that the companies would be called on to help.

The logistics were about to get daunting, too.

For years, the companies had been handling requests from the FBI. Now Congress had given the NSA the authority to take information without warrants. Though the companies didn't know it, the passage of the Protect America Act gave birth to a top-secret NSA program, officially called US-98XN.

It was known as Prism. Though many details are still unknown, it worked like this:

Every year, the attorney general and the director of national intelligence spell out in a classified document how the government plans to gather intelligence on foreigners overseas.

By law, the certification can be broad. The government isn't required to identify specific targets or places.

A federal judge, in a secret order, approves the plan.

With that, the government can issue "directives" to Internet companies to turn over information.

While the court provides the government with broad authority to seize records, the directives themselves typically are specific, said one former associate general counsel at a major Internet company. They identify a specific target or groups of targets. Other company officials recall similar experiences.

All adamantly denied turning over the kind of broad swaths of data that many people believed when the Prism documents were first released.

"We only ever comply with orders for requests about specific accounts or identifiers," Microsoft said in a statement.

Facebook said it received between 9,000 and 10,000 requests for data from all government agencies in the second half of last year. The social media company said fewer than 19,000 users were targeted.

How many of those were related to national security is unclear, and likely classified. The numbers suggest each request typically related to one or two people, not a vast range of users.

Tech company officials were unaware there was a program named Prism. Even former law enforcement and counterterrorism officials who were on the job when the program went live and were aware of its capabilities said this past week that they didn't know what it was called.

What the NSA called Prism, the companies knew as a streamlined system that automated and simplified the "Hoovering" from years earlier, the former assistant general counsel said. The companies, he said, wanted to reduce their workload. The government wanted the data in a structured, consistent format that was easy to search.

Any company in the communications business can expect a visit, said Mike Janke, CEO of Silent Circle, a company that advertises software for secure, encrypted conversations. The government is eager to find easy ways around security.

"They do this every two to three years," said Janke, who said government agents have approached his company but left empty-handed because his computer servers store little information. "They ask for the moon."

That often creates tension between the government and a technology industry with a reputation for having a civil libertarian bent. Companies occasionally argue to limit what the government takes. Yahoo even went to court and lost in a classified ruling in 2008, The New York Times reported Friday.

"The notion that Yahoo gives any federal agency vast or unfettered access to our users' records is categorically false," Ron Bell, the company's general counsel, said recently.

Under Prism, the delivery process varied by company.

Google, for instance, says it makes secure file transfers. Others use contractors or have set up stand-alone systems. Some have set up user interfaces making it easier for the government, according to a security expert familiar with the process.

Get The Deseret News Everywhere

Subscribe

Mobile

RSS