National Journal Presentation Credits

Policy and the Private Sector: Addressing the NSA Leaks

Published: November 15, 2013Updated: December 19, 2013

Contributor: Dustin Volz, National Journal Staff CorrespondentProducer: Catherine Treyz

Director: Jessica Guzik

Before NSA Leaks, Tech Companies Acceded to Data Requests

2Source: “Factbox: History of mass surveillance in the United States,” Reuters, June 7, 2013.

TakeawayThe National Security Agency can access volumes of data from tech and telecommunications companies by

obtaining a surveillance warrant from the FISA Court, which reviews the NSA’s data requests to ensure they are justified in the interests of national security

National Security Agency (NSA) Data Request Process

NSA identifies data necessary to collect for

national security purposes

Foreign Intelligence Surveillance Act (FISA) Court reviews NSA data

request and, if approved, grants

surveillance warrant

Tech or telecomm company accedes to surveillance warrant, shares data with NSA

Companies’ Main Concern: Transparency with Consumers

Analysis by Dustin VolzCompanies often comply with NSA surveillance warrants, but they seek to be transparent about

those data requests with their customers in order to protect brand reputation

3Source: “A Barrage of Data Requests,” The Washington Post, November 5, 2013.

Estimated NSA Data Requests and Accounts Affected Among Key Companies

January to July 2013

Leaks Reveal NSA Not Transparent With Companies

Analysis by Dustin Volz• Stream of NSA leaks that began in June 2013 revealed many classified surveillance programs, including

programs that bypassed the FISA Court’s review and collected information from companies without their knowledge

• Companies could not be transparent with customers about surveillance that they did not know about• Companies shifted positioning on data collection from increasing transparency to pushing for policy reform• In Dec. 2013, a federal judge ruled the NSA’s bulk phone record collection program as unconstitutional

pending appeal, the first major legal decision regarding the NSA’s surveillance

4Source: Glenn Greenwald, “XKeyscore: NSA tool collects ‘nearly everything a user does on the Internet,’” The Guardian, July 31, 2013; TIME Staff, “A Glossary of Government Surveillance,” TIME, August 1, 2013; Barton Gellman and Ashkan Soltani, “NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say,” The Washington Post, October 30, 2013; “NSA slides explain the PRISM data-collection program,” The Washington Post, June 6, 2013; Josh Gerstein, “Judge: NSA phone program likely unconstitutional,” POLITICO, December 16, 2013; National Journal Research, 2013.

NSA Data Collection via Classified Programs

PRISMCollects data and

metadata from nine servers; Apple, AOL, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo, and

YouTube

MUSCULARCollects user data and data

links that connect Yahoo

and Google data centers worldwide

XKEYSCORECollects real-time

Internet activity, e-mail content, browsing

history, and metadata into a comprehensive

database

Under Pressure from Tech Companies and Constituents, Congress Proposes Changes

5

Source: Govtrack.us; Ellen Nakashima, “Senate bill would approve NSA program but try to curb it,” The Washington Post, October 31, 2013; Brendan Sasso, “Lawmakers propose USA Freedom Act to curb NSA”s powers,” The Hill, October 29, 2013; Stacy Kaper, “Can the Senate Crack Down on NSA Spying,” National Journal, November 7, 2013; David E. Sanger and Charlie Savage, “Obama is Urged to Sharply Curb NSA Data Mining,” December 18, 2013; National Journal Research, 2013.

USA Freedom Act vs. FISA Improvement Act

Header USA FREEDOM Act FISA Improvement Act

Introduced

October 29, 2013 October 31, 2013

Authors Sen. Patrick Leahy (D- Vt.)Rep. James Sensenbrenner (R-Wis.)

Sen. Dianne Feinstein (D-Calif.)

GoalsTo strengthen prohibitions regarding access to Americans’ personal information and interactions

To strengthen national security by sustaining NSA’s metadata collection programs and to protect Americans’ privacy

Key Provisions

• End the NSA’s bulk data collection authorized under Section 215 of the Patriot Act

• Require the government to delete all information about American citizens that was accidently collected

• Create a special advocate office to argue for stronger privacy protections before the FISA Court

• Require the Attorney General to disclose all relevant court decisions related to the interpretation of this law

• Enhance oversight of overseas intelligence collection• Allow the government to keep phone records for up to

five years• Require FISA Court to review data collection to ensure

“reasonable articulable suspicion” of terrorism• Require Senate to approve NSA director and inspector

general appointments (a provision the White House opposes)

• Revise intelligence gathering procedures every five years

Prospects of Passing

• Positive: Most tech companies, civil liberties groups, and many lawmakers back the bill

• Positive: Bill has bicameral and bipartisan support• Negative: Bill may be seen as encroaching on

executive power• Negative: Lacks House leadership backing

• Positive: Moderate approach to reform; more appetizing for conservatives

• Negative: Many see bill as codifying NSA surveillance powers

• Negative: House Intelligence Cmte. Chairman Mike Rogers (R-Mich.) may introduce a similar bill through the intelligence authorization bill with Speaker John Boehner’s (R-Ohio) support

TakeawayCongressional leadership has not indicated that it is a top short-term priority; however, in Dec. 2013, a surveillance

review board recommended 46 changes to the NSA’s counterterrorism and collection programs that restrict the NSA’s unilateral powers, increase the specificity of court approvals, and require more Congressional and presidential oversight