The National Security Agency paid millions of dollars to
cover the costs of major internet companies involved in the Prism surveillance
program after a court ruled that some of the agency's activities were
unconstitutional, according to top-secret material passed to the Guardian.
The technology companies, which the NSA says includes
Google, Yahoo, Microsoft and Facebook, incurred the costs to meet new
certification demands in the wake of the ruling from the Foreign Intelligence
Surveillance (Fisa) court.
The October 2011 judgment, which was declassified on
Wednesday by the Obama administration, found that the NSA's inability to
separate purely domestic communications from foreign traffic violated the
fourth amendment.
While the ruling did not concern the Prism program directly,
documents passed to the Guardian by whistleblower Edward Snowden describe the
problems the decision created for the agency and the efforts required to bring
operations into compliance. The material provides the first evidence of a
financial relationship between the tech companies and the NSA.
The intelligence agency requires the Fisa court to sign
annual "certifications" that provide the legal framework for
surveillance operations. But in the wake of the court judgment these were only
being renewed on a temporary basis while the agency worked on a solution to the
processes that had been ruled illegal.
An NSA newsletter entry, marked top secret and dated
December 2012, discloses the huge costs this entailed. "Last year's
problems resulted in multiple extensions to the certifications' expiration
dates which cost millions of dollars for Prism providers to implement each
successive extension – costs covered by Special Source Operations," it
says.
The disclosure that taxpayers' money was used to cover the
companies' compliance costs raises new questions over the relationship between
Silicon Valley and the NSA. Since the existence of the program was first
revealed by the Guardian and the Washington Post on June 6, the companies have
repeatedly denied all knowledge of it and insisted they only hand over user
data in response to specific legal requests from the authorities.
An earlier newsletter, which is undated, states that the
Prism providers were all given new certifications within days of the Fisa court
ruling. "All Prism providers, except Yahoo and Google, were successfully
transitioned to the new certifications. We expect Yahoo and Google to complete
transitioning by Friday 6 October."
The Guardian invited the companies to respond to the new
material and asked each one specific questions about the scale of the costs
they incurred, the form of the reimbursement and whether they had received any
other payments from the NSA in relation to the Prism program.
A Yahoo spokesperson said: "Federal law requires the US
government to reimburse providers for costs incurred to respond to compulsory
legal process imposed by the government. We have requested reimbursement
consistent with this law."
Asked about the reimbursement of costs relating to
compliance with Fisa court certifications, Facebook responded by saying it had
"never received any compensation in connection with responding to a
government data request".
Google did not answer any of the specific questions put to
it, and provided only a general statement denying it had joined Prism or any
other surveillance program. It added: "We await the US government's
response to our petition to publish more national security request data, which
will show that our compliance with American national security laws falls far
short of the wild claims still being made in the press today."
Microsoft declined to give a response on the record.
The responses further expose the gap between how the NSA
describes the operation of its Prism collection program and what the companies
themselves say.
Prism operates under section 702 of the Fisa Amendments Act,
which authorises the NSA to target without a warrant the communications of
foreign nationals believed to be not on US soil.
But Snowden's revelations have shown that US emails and
calls are collected in large quantities in the course of these 702 operations,
either deliberately because the individual has been in contact with a foreign
intelligence target or inadvertently because the NSA is unable to separate out
purely domestic communications.
Last week, the Washington Post revealed documents from
Snowden that showed the NSA breached privacy rules thousands of times a year,
in the face of repeated assurances from Barack Obama and other senior
intelligence figures that there was no evidence of unauthorised surveillance of
Americans.
The newly declassified court ruling, by then chief Fisa
judge John Bates, also revealed serious issues with how the NSA handled the US
communications it was sweeping up under its foreign intelligence
authorisations.
The judgment revealed that the NSA was collecting up to
56,000 wholly US internet communications per year in the three years until the
court intervened. Bates also rebuked the agency for misrepresenting the true
scope of a major collection program for the third time in three years.
The NSA newsletters say the agency's response to the ruling
was to work on a "conservative solution in which higher-risk collection
would be sequestered". At the same time, one entry states, the NSA's
general counsel was considering filing an appeal.
The Guardian informed the White House, the NSA and the
office of the director of national intelligence that it planned to publish the
documents and asked whether the spy agency routinely covered all the costs of
the Prism providers and what the annual cost was to the US.
The NSA declined to comment beyond requesting the redaction
of the name of an individual staffer in one of the documents.
No comments:
Post a Comment