It's been two weeks since the Washington Post and Guardian newspapers began to publish their stories based on leaks and interviews with former NSA contractor, Edward Snowden. The leaks have continued, counterleaks have bubbled up, tech companies have responded, and debate about the man at the center of it all continues to rage.
Three big stories -- one from the AP, one from NPR, and another from the Post -- came out this weekend that mined the details of Snowden's disclosures, refining them with more extensive reporting. The New York Times contributed a deep profile of Snowden himself, who continues to provoke strong reactions, especially after he revealed some details about U.S. spying on China and Russia.
Following, we attempt to bring you up to speed with the most recent disclosures and best reporting on the hurlyburly.
One note before we get to the stories: Snowden's two big disclosures have tended to get conflated. First, Snowden leaked a secret order from the Foreign Intelligence Service Court giving the government broad powers to collect phone call metadata from Verizon Business Services. Senator Dianne Feinstein acknowledged the program and said it had been going on for years. The legal basis for the data collection comes from an interpretation of Section 215 of the Patriot Act, which allows the government to take any "business records" it might want, and because phone calls are considered business transactions between a phone user and a phone network, such information falls under its purview. Civil liberties groups like the ACLU have decried this version of the rules.
Snowden's other big disclosure, published nearly simultaneously in the Guardian and Washington Post, was that the NSA had what was called "direct access" to servers at the big tech companies like Google, Microsoft, Facebook, Apple, and Yahoo through a program called Prism. The tech companies vociferously denied involvement in broad government surveillance of their users. A central problem is that "direct access" could mean a lot of things. Which brings us to our first story.
Putting Snowden's Disclosures in Context
The AP found sources willing to talk about the conception of the Prism program. Tech company sources said that what started as an unstructured mess of information flowing from tech companies to the government after 9/11 turned into a "streamlined, electronic process." That's Prism.
This frenetic, manual process was the forerunner to Prism, the recently revealed highly classified National Security Agency program that seizes records from Internet companies. As laws changed and technology improved, the government and industry moved toward a streamlined, electronic process, which required less time from the companies and provided the government data in a more standard format.
But the report also sought to put Prism's importance in the context of the type of spying that we've known the NSA has done for years: tapping into telecommunications servers that handle a very large percentage of the world's Internet traffic.
In that way, Prism helps justify specific, potentially personal searches. But it's the broader operation on the Internet fiber optics cables that actually captures the data, experts agree.
In other words, the structured data that the NSA gets from searching small numbers of users aids its targeting within the massive amounts of Internet traffic it's hoovering up. And "direct access," in context, was probably intended to mean data from companies themselves as opposed to siphoned from telecom Internet traffic.
The Washington Post had another big story by Barton Gellman documenting how four different NSA programs sprang from the Bush administration's STELLARWIND program. They are called MAINWAY, MARINA, NUCLEON, and PRISM. Gellman spoke with an anonymous "senior intelligence official," who provided some information on what the programs do and what policies regulate their use.
Two of the four collection programs, one each for telephony and the Internet, process trillions of "metadata" records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.
The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called NUCLEON.
For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
So how does PRISM work, technically?
The New York Time's Claire Cain Miller reported that "in some cases, the data is transmitted to the government electronically, using a company's servers." Which makes sense, obviously, but left in question the actual method of transfer. Wired's Kim Zetter reports that, at least at Google, the company transfers files to the government using secure FTP. It's possible that other companies have different ways of getting information to the NSA.
The Tech Companies Respond
The string of events set off by former NSA contractor Edward Snowden has led us to this: Facebook, Microsoft, and Apple have released numbers on how often government officials request their users' data. The companies have released aggregate numbers for how many requests they've received from all levels of government, and the total number of user accounts that has affected.