For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. But in the past few weeks, its controversial spying efforts have been thrust into the international spotlight following an unprecedented leak of top-secret documents.
Many important details have been disclosed—so many, in fact, that you might have lost track. We have learned that the NSA is collecting millions of Americans’ phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, and that in some cases the agency can “incidentally” sweep up Americans’ emails and phone calls without a specific warrant and store them for up to five years.
But parts of the initial reports have changed, some details are disputed, and a number of follow-up stories have included crucial facts that have not received as much attention as the big scoops by the Guardian and the Washington Post.
Below, you can find a list of some of the key revelations along with an analysis of the current status of each—including claims, counterclaims, and everything in between. We will update this page with the latest in order to keep as comprehensive a record as possible. If there are any particular details we’ve missed that you think are worth inclusion, please add suggestions in the comments.
Status: There have been several clarifications to this key claim since the initial reports. It was derived from leaked secret NSA PowerPoint slides that said a program named PRISM had enabled emails, chats, and other private user data to be collected for surveillance “directly from the servers” of companies including Google, Microsoft, Apple, and Facebook. This seemed to imply that the NSA had unfettered covert access to sift through these companies’ servers whenever it felt like it.
But following a string of “direct access” denials from the named companies, it now appears that PRISM instead functions as a portal used by the NSA to request that companies turn over specific data about particular overseas groups or individuals under the Foreign Intelligence Surveillance Act. Google, for instance, says it transfers the data to the NSA using a fairly conventional file transfer system or by hand. It is still not clear exactly how much data is turned over, but Microsoft, Apple, and Facebook have published vague details suggesting several thousand user accounts could be implicated in FISA-PRISM surveillance during any given six-month period.
Update, July 3: The Washington Post has published new secret slides that it says show that, as of April 5, there were 117,675 active surveillance targets in PRISM's counterterrorism database.
Edward Snowden heads (out of five): Two and a half. The initial reporting over-egged the scale of the NSA’s PRISM program, but the story has had a powerful and valuable impact by boosting surveillance transparency and exposing the companies helping the agency tap into foreigners’ data.
The claim: The NSA is collecting the phone records of millions of Verizon customers daily, including location data, call duration, unique identifiers, and the time and duration of all calls (the Guardian, June 5).
Status: Many more key details have since emerged since the publication of this report, the first story in the Guardian’s explosive “NSA Files” series. The British newspaper revealed the existence of a secret court demanding a business subsidiary of Verizon to turn over the daily phone records of all of its customers over a three-month period from April 25 through July 19. But follow-up reporting by the Washington Post and the Wall Street Journal has revealed that the Verizon court order was not a one-off. It was in fact issued as part of a broader program that has been ongoing for seven years, reportedly since May 24, 2006, and that also involved Sprint Nextel, AT&T, and Bell South. The NSA stores the billions of phone records on a database called MAINWAY, the Washington Post reported, though intelligence officials say the agency chooses not to collect location data. The agency also does not gather records directly from Verizon Wireless or T-Mobile because of their foreign ties, but believes it is able to capture and store “99 percent of U.S. phone traffic because nearly all calls eventually travel over networks owned by U.S. companies that work with the NSA,” according to the Wall Street Journal. This means that the NSA collects Verizon business customers’ records directly, but collects Verizon Wireless customers’ data by proxy by getting the information as it passes over other networks.