PRISM Targets Foreigners, Not Americans. But Can It Tell the Difference?

Innovation, the Internet, gadgets, and more.
June 7 2013 2:49 PM

PRISM Planet

The government’s cybersurveillance program targets foreigners, not Americans. But can it tell the difference?

A woman using an iPhone visits the 27th Janadriya festival on the outskirts of Riyadh February 13, 2012. The two-week-long festival showcases Saudi Arabian culture and traditions.
A woman using an iPhone in Riyadh, Saudi Arabia, Feb. 13, 2012

Photo by Fahad Shadeed/Reuters

Under U.S. law, our government can spy on foreigners using methods it can’t apply to Americans. This is tricky, because espionage has changed. Surveillance now focuses less on monitoring locations—stakeouts, cameras, listening devices—and more on monitoring global information networks. In cyberspace, it’s hard to tell who’s an American and who’s a foreigner.

William Saletan William Saletan

Will Saletan writes about politics, science, technology, and other stuff for Slate. He’s the author of Bearing Right.

This is the problem at the core of PRISM, a U.S. surveillance program disclosed yesterday by the Washington Post and the Guardian. The government has decided that the difficulty of distinguishing foreigners from Americans won’t be its problem anymore. It will be your problem. Counterterrorism officers will scan everything that goes through the Internet, collect the stuff that sounds like it might belong to foreigners, and figure out later whether what they’re reading actually belongs to a U.S. citizen.

Unlike the NSA’s phone surveillance program (code-named BLARNEY), which I defended yesterday, PRISM captures the content of electronic communications, not just “metadata” such as the time and length of phone calls. A PRISM briefing slide lists the kinds of materials intelligence analysts can get through the system, including email, videos, VoIP, and online chats. The Post, paraphrasing a “User’s Guide for PRISM Skype Collection,” says Skype “can be monitored for audio when one end of the call is a conventional telephone and for any combination of ‘audio, video, chat, and file transfers’ when Skype users connect by computer alone.” The official who leaked this document told the Post that through PRISM, surveillance officers “literally can watch your ideas form as you type.”

Advertisement

James Clapper, the Director of National Intelligence, all but conceded this crucial difference between the two programs when he issued two statements yesterday: one about BLARNEY, in which he emphasized that only metadata was collected, and one about PRISM, in which he omitted that defense.

Clapper’s defense of PRISM is that it targets foreigners, not Americans. He explains:
“Section 702 is a provision of FISA [the Foreign Intelligence Surveillance Act] that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States. Activities authorized by Section 702 … involve extensive procedures … to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

But that argument collides with a central theme of the PRISM briefing slides. One slide, published by the Post, diagrams the global network of Internet bandwidth among various regions of the world, with “U.S. & Canada” as the principal hub. “Much of the world’s communications flow through the U.S.,” the slide points out. “Your target’s communications could easily be flowing into and through the U.S.” According to the Guardian, the slide presentation claims that the U.S. has a "home-field advantage" against terrorists by virtue of hosting much of the world’s Internet infrastructure. The slides list several U.S. Internet behemoths—Microsoft, Google, Yahoo!, Facebook, Apple, and others—that have been roped into the program.

This is the paradox of PRISM: It targets foreigners by targeting U.S. communications channels. It creates a constant tension between the law, which forbids blanket surveillance of Americans, and the program’s strategy, which is to exploit the domestic location of the surveilled information.

If you’re spying on domestically hosted data, how do you distinguish foreigners from U.S. citizens? Originally, the Guardian reports, the government had to produce “individual warrants and confirmations that both the sender and receiver of a communication were outside the US.” The Guardian quotes the PRISM slide presentation: "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all." According to the presentation, this ruined “our home-field advantage.” Our spy agencies were being hindered, not helped, by the fact that the world’s leading Internet companies operate in our country.

So the rules were changed. According to the Guardian, the FISA Amendments Act redefined key legal terms to permit surveillance of anyone "reasonably believed" to be outside U.S. borders at the time. Case-by-case court orders were no longer required.

Instead, the new policy emphasizes a general procedure, which in turn has to meet an aggregate statistical standard. According to the Post, “Analysts who use the [PRISM] system from a Web portal at Fort Meade, Md., key in ‘selectors,’ or search terms, that are designed to produce at least 51 percent confidence in a target’s ‘foreignness.’ ”

The Post points out that 51 percent is a low bar. But the problem goes deeper. We’re now talking about categorizing and treating people as foreigners, subject to extensive government surveillance of their communications, based on statistical correlations of various search terms. It’s verbal profiling.

Clapper contends that when Americans are inadvertently surveilled, the system catches the errors and halts the intrusions. The government’s “extensive procedures,” he asserts, “minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.” But he offers no explanation of what these procedures are. Once you’re flagged as a likely foreigner based on the search terms, how does the government decide to unflag you? Are your communications purged from the system? It’s hard to believe that an agency too swamped to file case-by-case FISA surveillance requests takes the trouble to delete every “incidentally acquired” email belonging to an American.
The legal conundrum also extends to PRISM’s definition of “facilities.” The Post reports that in the old days, if counterterrorism agents wanted to spy on you, they had to show probable cause that both the “target” and “facility” in question were linked to terrorism. Bush administration lawyers changed that rule, persuading the FISA court to define huge data sets as “facilities.” This makes it easy to associate them with terrorism so they can be monitored. But you’re part of that association. Your email can be found at, and obtained from, a terrorism-related facility. Thanks to the Internet, concepts such as “facility” and “foreign” are no longer strictly geographic. They’re aggregational and statistical.

Today, when President Obama was asked about PRISM, he insisted that the program “doesn’t apply to” Americans and that it has plenty of “safeguards.” But he said nothing about what those safeguards are. That won’t cut it. PRISM changed the rules so that the government’s accidental surveillance of its own citizens became our problem. If we don’t like that—or his answers to our questions—we’ll make it his problem, too.

Read more on Slate about the NSA’s secret snooping programs.

William Saletan's latest short takes on the news, via Twitter:

 

TODAY IN SLATE

Politics

The Irritating Confidante

John Dickerson on Ben Bradlee’s fascinating relationship with John F. Kennedy.

My Father Invented Social Networking at a Girls’ Reform School in the 1930s

Renée Zellweger’s New Face Is Too Real

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

The All The President’s Men Scene That Captured Ben Bradlee

Medical Examiner

Is It Better to Be a Hero Like Batman?

Or an altruist like Bruce Wayne?

Technology

Driving in Circles

The autonomous Google car may never actually happen.

The World’s Human Rights Violators Are Signatories on the World’s Human Rights Treaties

How Punctual Are Germans?

  News & Politics
The World
Oct. 21 2014 11:40 AM The U.S. Has Spent $7 Billion Fighting the War on Drugs in Afghanistan. It Hasn’t Worked. 
  Business
Moneybox
Oct. 21 2014 5:57 PM Soda and Fries Have Lost Their Charm for Both Consumers and Investors
  Life
The Vault
Oct. 21 2014 2:23 PM A Data-Packed Map of American Immigration in 1903
  Double X
The XX Factor
Oct. 21 2014 1:12 PM George Tiller’s Murderer Threatens Another Abortion Provider, Claims Right of Free Speech
  Slate Plus
Behind the Scenes
Oct. 21 2014 1:02 PM Where Are Slate Plus Members From? This Weird Cartogram Explains. A weird-looking cartogram of Slate Plus memberships by state.
  Arts
Behold
Oct. 21 2014 12:05 PM Same-Sex Couples at Home With Themselves in 1980s America
  Technology
Future Tense
Oct. 21 2014 4:14 PM Planet Money Uncovers One Surprising Reason the Internet Is Sexist
  Health & Science
Climate Desk
Oct. 21 2014 11:53 AM Taking Research for Granted Texas Republican Lamar Smith continues his crusade against independence in science.
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.