The Guardian US, by The Guardian US
Lee C. Bollinger, President of Columbia University (left), presents a 2014 Public Service Prize to Janine Gibson and Alan Rusbridger of The Guardian US.
Winning Work
Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama
By Glenn Greenwald
Under the terms of the order, the numbers of both parties on a call are handed over, as is location data and the time and duration of all calls. Photograph: Matt Rourke/AP
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.
The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified threemonth period ending on July 19.The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.
Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.
The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.
The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers.
Under the Bush administration, officials in security agencies had disclosed to reporters the largescale collection of call records data by the NSA, but this is the first time significant and topsecret documents have revealed the continuation of the practice on a massive scale under President Obama.
The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.
The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.
The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself.
"We decline comment," said Ed McFadden, a Washingtonbased Verizon spokesman.
The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls".
The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information".
The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.
While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.
It is not known whether Verizon is the only cellphone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the threemonth order was a oneoff, or the latest in a series of similar orders.
The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities.
For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted.
Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of recordgathering it authorized.
Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that.
The law on which the order explicitly relies is the socalled "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance.
In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows."
"We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act.
Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.
Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the datamining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.
The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program.
These recent events reflect how profoundly the NSA's mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency's focus on domestic activities.
In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.
At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter."
Additional reporting by Ewen MacAskill and Spencer Ackerman.
Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook
Companies deny any knowledge of program in operation since 2007
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."
Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. "If they are doing this, they are doing it without our knowledge," one said.
An Apple spokesman said it had "never heard" of Prism.
The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.
The program facilitates extensive, indepth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
It also opens the possibility of communications made entirely within the US being collected without warrants.
Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.
The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.
The extent and nature of the data collected from each company varies.
Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".
The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.
When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
A chart prepared by the NSA, contained within the topsecret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.
The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy. The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform realtime collection on targeted users.
The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "homefield advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our homefield advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.
"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."
The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.
The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of cooperating with authorities' requests.
In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.
The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".
In the document, the NSA hails the Prism program as "one of the most valuable, unique and productive accesses for NSA".
It boasts of what it calls "strong growth" in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".
The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.
Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.
"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.
"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."
Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.
When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 Prismbased reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.
In total, more than 77,000 intelligence reports have cited the PRISM program.
Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.
"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.
"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."
A senior administration official said in a statement: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.
"The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.
"This program was recently reauthorized by Congress after extensive hearings and debate.
"Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.
"The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target."
The 29-year-old source behind the biggest intelligence leak in the NSA's history explains his motives, his uncertain future and why he never intended on hiding in the shadows
By Glenn Greenwald, Ewen MacAskill and Laura Poitras in Hong Kong
"I'm willing to sacrifice all of that because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."
'I am not afraid, because this is the choice I've made'
"Yes, I could be rendered by the CIA. I could have people come after me. Or any of the third-party partners. They work closely with a number of other nations. Or they could pay off the Triads. Any of their agents or assets."
'You can't wait around for someone else to act'
A matter of principle
Revealed: The NSA's powerful tool for cataloguing global surveillance data – including figures on US collection
By Glenn Greenwald and Ewen MacAskill
The National Security Agency has developed a powerful tool for recording and analysing where its intelligence comes from, raising questions about its repeated assurances to Congress that it cannot keep track of all the surveillance it performs on American communications.
The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance). Note the '2007' date in the image relates to the document from which the interactive map derives its top secret classification, not to the map itself.
A snapshot of the Boundless Informant data, contained in a top secret NSA "global heat map" seen by the Guardian, shows that in March 2013 the agency collected 97bn pieces of intelligence from computer networks worldwide.
• Secret program launched by Bush continued 'until 2011' • Fisa court renewed collection order every 90 days • Current NSA programs still mine US internet metadata
The internet metadata collection program was halted in 2011 for 'operational and resource reasons.'
What your email metadata reveals
How the US government came to collect Americans' email records
How NSA gained more power to study Americans' online habits
First major challenge to NSA's bulk collection of phone records defeated by only 217 votes to 205 in House of Representatives
Justin Amash said he introduced the amendment to 'defend the Fourth Amendment... to defend the privacy of each and every American.'
"Today's vote shows that the tide is turning, that the American people, when they are aware of these programs, overwhelmingly reject them, and the expiration date on these programs is coming due."
Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications
By James Ball and Spencer Ackerman
Detail of Section 702 of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets.
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records • $250m-a-year US program works covertly with tech companies to insert weaknesses into products • Security experts say programs 'undermine the fabric of the internet'
By James Ball, Julian Borger and Glenn Greenwald
Through covert partnerships with tech companies, the spy agencies have inserted secret vulnerabilities into encryption software. Photograph: Kacper Pempel/Reuters
This network diagram, from a GCHQ pilot program, shows how the agency proposed a system to identify encrypted traffic from its internet cable-tapping programs and decrypt what it could in near-real time. Photograph: Guardian
Classified briefings between the NSA and GCHQ celebrate their success at 'defeating network security and privacy'. Photograph: Guardian
A slide showing that the secrecy of the agencies' capabilities against encryption is closely guarded. Photograph: Guardian
Exclusive: Bipartisan bill pulls together existing efforts to dramatically reform the NSA in the wake of Snowden disclosures
By Dan Roberts
Jim Sensenbrenner told the Guardian: 'The disclosure that NSA employees were spying on their spouses … was very chilling.' Photo: Chip Somodevilla/Getty Images
The conservative Republican who coauthored America's Patriot Act is preparing to unveil bipartisan legislation that would dramatically curtail the domestic surveillance powers it gives to intelligence agencies.
Congressman Jim Sensenbrenner, who worked with president George W. Bush to give more power to US intelligence agencies after the September 11 terrorist attacks, said the intelligence community had misused those powers by collecting telephone records on all Americans, and claimed it was time "to put their metadata program out of business".
"The haystack approach missed the Boston marathon bombing, and that was after the Russians told us the Tsarnaev brothers were bad guys."
• Executives say programs have undermined user trust • White House had tried to gear meeting towards healthcare site • Pressure mounts on day after judge's ruling against NSA
By Dominic Rushe in New York and Paul Lewis & Spencer Ackerman in Washington
President Obama and Vice President Biden meet with executives from leading tech companies at the White House. Photograph: Michael Reynolds/EPA
The top leaders from world’s biggest technology companies called on the US to "move aggressively" to reform the National Security Agency’s controversial surveillance operations after discussions with President Obama on Tuesday, resisting attempts by the White House to portray the encounter as covering a range of broader priorities.
Executives from 15 companies, including Google, Apple, Yahoo and Twitter, used a facetoface meeting with Obama and vicepresident Joe Biden to express their concern that the NSA’s wideranging surveillance activities had undermined the trust of their users.
• Review proposes greater authority for spying on foreign leaders • Government 'should be banned from undermining encryption' • Forty-six recommendations in 300-page report released early
By Dan Roberts in Washington and Spencer Ackerman in New York
Barack Obama will read the report over the holidays before deciding which recommendations he will choose to accept. Photograph: Zhang Jun/Xinhua/Corbis
The National Security Agency should be banned from attempting to undermine the security of the internet and stripped of its power to collect telephone records in bulk, a White House review panel recommended on Wednesday.
In a 300-page report prepared for President Obama, the panel made 46 recommendations, including that the authority for spying on foreign leaders should be granted at a higher level than at present.
Though far less sweeping than campaigners have urged, and yet to be ratified by Obama, the report by his Review Group on Intelligence and Communications Technology comes as the White House faces growing pressure over its socalled “bulk collection” programs from US courts and business interests.
Earlier this week, a federal judge ruled that the bulk collection program, first revealed by the Guardian in June through a court order against Verizon, was likely to be in violation of the US constitution, describing it as “almost Orwellian” in scope.
The White House was stung into releasing the report weeks earlier than expected after meeting America’s largest internet companies on Tuesday. The firms warned that failure to rebuild public trust in communications privacy could damage the US economy.
In its report, the review panel, led by former security officials and academics including the husband of one of Obama's top advisers, said the NSA should be removed of its power to collect the metadata of Americans' phone calls. Instead, it suggested that private companies such as phone carriers retain their customer records in a format that the NSA can access on demand.
This is likely to anger the intelligence community, which argues for direct access, but also fall foul of telephone companies, who have privately warned those drafting more ambitious reforms in Congress that such a scheme would be impractical and dangerous.
“In our view, the current storage by the government of bulk metadata creates potential risks to public trust, personal privacy, and civil liberty,” says the report. “The government should not be permitted to collect and store mass, undigested, nonpublic personal information about US persons for the purpose of enabling future queries and datamining for foreign intelligence purposes.”
Despite revelations that the NSA tapped the phones of world leaders such as Germany’s Angela Merkel, the report proposes only minimal overseas reforms, merely requiring higher clearance to “identify both the uses and the limits of surveillance on foreign leaders and in foreign nations.”
On the security of the internet, the report says the US government should not "undermine efforts to create encryption standards" and not "subvert, undermine, weaken or make vulnerable" commercial security software.
NSA documents published by the Guardian in September revealed how the agency had used its central role in setting encryption standards to install backdoor flaws to intercept private traffic, causing a storm of protest among internet companies.
But the report does little to address a string other privacy breaches revealed by NSA whistleblower Edward Snowden, and several of its recommendations deal with tighter vetting requirements for staff and contractors with access to sensitive information, designed to prevent future leaks.
The Electronic Frontier Foundation, one of the privacy advocates suing the Obama administration over the bulk surveillance, expressed disappointment with the review group report. “The review board floats a number of interesting reform proposals, and we're especially happy to see them condemn the NSA's attacks on encryption and other security systems people rely upon,” attorney Kurt Opsahl said.
“But we’re disappointed that the recommendations suggest a path to continue untargeted spying. Mass surveillance is still heinous, even if private company servers are holding the data instead of government data centers.”
After meeting the report’s authors on Wednesday, the White House said Obama would be taking a copy with him to read over Christmas and would decide which recommendations to accept before delivering his state of the union address on January 28.
“It's an extremely dense and substantive exercise, which is why, in response to a 300-plus page report with 46 recommendations, we are not going to come out with an assessment five minutes later,” said spokesman Jay Carney.
Carney acknowledged there was “no question” that the Snowden disclosures had helped lead to the review process and “heightened focus here at the White House and more broadly in the administration, around the United States and the globe.”
For months, the NSA, the phone companies and reformminded legislators have doubted the viability of having the phone companies store call data on the NSA's behalf.
The NSA has pointed to cumbersome and varied file formats that prevent analysts from quickly searching through the companies' data troves, particularly those proprietary to the telecos. They have also fretted that the companies only keep customer data for 18 months, while they argue they need a historical database of every domestic call going back as few as three years and as many as five.
The companies themselves fear expensive legal and technical morasses that mass data storage on behalf of the NSA may portend.
Meanwhile, civil libertarians and reformminded legislators believe the databases themselves are problematic. Having the phone companies store them, to provide access to the NSA, is insufficient, they believe.
“Bulk collection of personal data should simply end,” said Alan Butler, an attorney for the Electronic Privacy Information Center.
It remains to be seen whether the legislators behind the USA Freedom Act, the major legislative vehicle before the House and Senate to end NSA domestic bulk call data collection, will be satisfied with the proposal. But at least one member of the House intelligence committee who has sided with the reformers, California Democrat Adam Schiff, called it a “very positive step” and urged Obama to get out in front of the coming swell of legislation.
“With the strong likelihood of congressional action, as well as a recent adverse decision by a federal district court judge, I believe the president would be well served to take the advice of the board and restructure the program as soon as possible. It would be better to have this undertaken in an orderly and expeditious fashion, than to wait for it to be compelled by the Congress or the courts,” Schiff said on Wednesday.
The White House has said Obama will not decide on which of the panel’s reforms to implement until the new year. But last week, the administration decided against one of its recommendations, that would split the NSA from the US military’s Cyber Command.
The decision was reached, White House officials said, because Cyber Command’s task of protecting US military networks from hostile attack and launching wartime online counterattacks is too ambitious for Cyber Command, which only became operational in 2010.
Accordingly, the NSA director will remain a military general or admiral, contradicting the review group’s recommendation that a civilian should take the helm of the world’s largest spy agency.
Civil libertarian groups have been skeptical of the report for months, fearing that the White House established the insider panel to give Obama and the NSA cover to implement merely cosmetic changes. Advisers to the panel have told the Guardian since September that the panel was stopping well short of meaningful privacy reforms.
As late as Sunday, White House officials told reporters that the report would not be released until January. But in the days since, the NSA and the Obama administration have been buffeted by criticism, from a widely ridiculed 60 Minutes documentary on the NSA, to Judge Richard Leon’s scathing ruling, to the tech giants’ impatience with the surveillance agency.
The report’s authors were Richard Clarke, a former US cybersecurity adviser; Michael Morell, a former deputy CIA director; Geoffrey Stone, a University of Chicago law professor; Peter Swire, who served earlier on Obama's national economic council; and Cass Sunstein, a Harvard law school professor who is married to UN ambassador Samantha Power.
Just before the White House released the review's report, a different group advising Obama, the Privacy and Civil Liberties Oversight Board, which has held public hearings into the NSA for months, announced it will release two studies of its own, one into bulk collection of domestic phone data and the other into bulk foreign communications collection.
The reviews, due around late January and early February 2014, will also assess the operations of the secret Fisa court overseeing surveillance and provide "recommendations for legislative and program changes," the board announced on Wednesday afternoon.
January 25, 2014
To the Judges:
The Guardian US was established in 2011 to cover US and international news for an American audience. As a New York-based company - incorporated in the US as Guardian News and Media LLC - we maintain a growing and largely autonomous editorial presence with a US staff of 60, a bureau in DC and reporters across the nation. The newsroom produces news articles, opinion, live-biogs and interactive and multimedia content that reaches over 20 million online US readers each month. The series of NSA stories - enclosed for consideration - were reported, edited and published by Guardian US staff.
In early 2013, Edward Snowden was working as an intelligence analyst for a US government contractor at an NSA facility in Hawaii. Snowden was one of a huge number of intelligence contractors with clearance to access large quantities of data about surveillance activities. In May, Snowden began anonymously providing samples of top-secret NSA documents to Guardian US journalist Glenn Greenwald and independent filmmaker Laura Poitras. In June, Greenwald, Poitras and veteran Guardian US Washington bureau chief Ewen MacAskill were dispatched by Guardian US editors to Hong Kong to verify and interview the anonymous source. They would be the first reporters to interview Edward Snowden, who, days later, would reveal himself as the source of the largest US intelligence leak in history.
On June 5, 2013, Guardian US exclusively revealed that the NSA was collecting the phone records of millions of US citizens, shown in a top-secret Foreign Intelligence Surveillance Act court order. On June 6, Guardian US and the Washington Post revealed the PRISM program, which enables the NSA to collect vast amounts of Internet communications "directly from the servers" of leading technology companies, including Google, Facebook, Apple and Microsoft. With its PRISM story, Guardian US was the first to accurately report responses from technology companies, reflecting their confusion over NSA's claims of "direct access".
On June 9, Guardian US published the first, exclusive, video interview with Snowden, which subsequently aired on broadcast networks worldwide. His identity was revealed at his request. A week later, on June 17, Snowden held a live Q&A with readers at theguardian.corn, which shed further light on the substance of his revelations. It was an interview that all the world's major media organizations were chasing, but instead Guardian US suggested that he answer questions directly from the people he was trying to inform. Two subsequent reports, published on June 27 and August 9, including a top-secret draft report by the NSA's inspector general, gave Americans the first look at the political and legal underpinning for much of the NSA's surveillance.
Over the next seven months, the Guardian US team led by Greenwald, MacAskill, Poitras, James Ball and Spencer Ackerman reported a series of exclusive stories, based on thousands of documents, which exposed the vast scale and scope of domestic and international surveillance programs. The reporting revealed the close relationship between technology companies and intelligence agencies, and showed how technology has led to the widespread, indiscriminate and routine mass collection of telephone and Internet data of millions of Americans. And it shed unprecedented light on the scale and sophistication of domestic and global surveillance, and showed how both political oversight and law have failed to keep up with changing technology.
The first step was to establish and master a range of encryption and security procedures to ensure the safety of the documents and the integrity of the reporting process. The team made use of sophisticated search tools essential for finding and reporting the more complex stories - many of which pieced together dozens of disparate documents to tum fragments of information into a coherent whole. These documents range from court orders and internal PowerPoint presentations to agency newsletters, briefing memos and schematic diagrams, and require a great deal of contextualising and analysis.
The Guardian US team of reporters and editors pored over each new potential story. Many of the documents - among the most classified material in existence - are dense primary source material with little or no historical
precedent. Corroborating them proved difficult, with very tittle in the public domain to provide background or context. As a result, the team consulted senior administration officials, current and former intelligence officials, lawyers, IT and encryption specialists, constitutional rights activists and academics to verify and contextualize the revelations and perform due diligence. Editors also worked with administration and intelligence officials on each story to ensure a high public interest bar was met and appropriate redactions were made.
In a climate of intense political and legal pressure from the UK government, the Guardian brought in the New York Times and ProPublica to ensure that globally important stories about the structure and future of the Internet could continue to be told. The files revealed in the September 5 report, "How US and UK Spy Agencies Defeat Internet Privacy and Security," were obtained by Ewen MacAskill for Guardian US and shared with the Times and ProPublica. The stories were co-reported and published by all three outlets in an unprecedented collaborative partnership.
The impact of the NSA Fifes has been resounding. Guardian US reporting elicited responses from the highest levels of government, including the White House, Congress and courts, and led to numerous congressional hearings, as well as major legislative and legal challenges to the NSA's activities. A district court judge in Washington, DC for the first time ruled that mass collection of phone metadata is likely unconstitutional. An independent civil liberties review board - prominently citing our reporting - concluded that the NSA's bulk phone data collection program is illegal and should be shut down. On January 17, President Obama announced proposals for significant reforms, increased oversight and transparency for NSA programs based on the recommendations of a presidentially appointed panel tasked with the first review of US surveillance activities since 9/11. On the heels of President Obama's speech, a USA Today/Pew poll showed that, for the first time, a majority of Americans oppose the NSA's bulk phone records collection program.
The stories have prompted a global debate and ignited a national conversation about the need to balance security and privacy in the digital age. They have exposed misleading statements by senior US administration officials - including Director of National Intelligence James Clapper. They have led to calls from leading technology companies for "aggressive reform" of surveillance practices that undermine the trust of their users. They have also led to the declassification of thousands of documents by the Office of the Director of National Intelligence, including documents showing that the NSA's searches of a database containing the phone records of nearly all Americans violated privacy protections for three years. The supplemental material submitted for consideration provides a look at the some of the impact, as well as the ways in which other news organizations have devoted substantial coverage to the issues raised by Guardian US reporting.
"NSA Files: Decoded," an explanatory multimedia package featuring a series of 30-60 second video interviews and interactive graphics, captures and distills a complicated series of stories into an accessible, relatable visual narrative. This approach allowed us to explain how the individual revelations fit together and convey the significance of them to readers in an intimately personal way. (The introductory video includes a preview of interviews, along with the "metadata" of each interview; name, title, location, and a timestamp reflecting the total amount of footage filmed, not the actual viewing time of each video.)
We also brought the public much closer to the journalism, through regular conversations - hosted at theguardian.corn and elsewhere - with reporters, editors, and even Edward Snowden himself. We believe the process of reporting material of such sensitivity is something we should be accountable for, to our readers as well as to government.
We thank you for considering "The NSA Files" for the Pulitzer Prize for Public Service.
Sincerely,
Janine Gibson
Editor in Chief, Guardian US