Tom Pullar-Strecker at Stuff writes:
On closer inspection, the “big scoop” about US spies snooping on our emails and internet use turns out to have been teaspoon-sized.
Reports over the weekend suggested that the United States’ National Security Agency, a spy agency, had been able to tap into the servers of nine internet giants at will for the past several years using a system codenamed Prism. But they have unravelled.
The National Security Agency and the internet companies themselves have all denied the claims. The newspapers that got the supposed scoop – a PowerPoint presentation leaked by on-the-run defence contractor Edward Snowden – have significantly modified their reports.
Most New Zealanders use either Google’s Gmail service or Telecom’s email service, which is outsourced to Yahoo. Google and Yahoo were both implicated in the scare.
If the NSA really had open slather to their servers, either through the acquiescence of the companies or by hacking their servers, as implied by the initial reports on Prism, then its agents would have been free since 2009 to read most New Zealanders’ emails.
Also an open book to the spy agency would be most people’s internet search histories, social networking activities and instant messages over the past several years.
However, the companies concerned have denied giving the NSA such a “back door”, and United States National Intelligence Director James Clapper has denied having one.
So what do they have?
Since 2008, the US government has been able to use Section 702 of the US Foreign Intelligence Surveillance Act (Fisa) to demand the co-operation of “electronic communications companies” with a presence on US soil when snooping on named foreign nationals.
US government agencies are required to have reason to believe each individual poses a security threat and their demands are subject to approval by a special court, though since that court meets in secret there is inevitably a suspicion such requests are always “rubber-stamped”.
Those snooping powers themselves, while controversial, have never been secret however. There is a gulf between them and the implications of the original reports concerning Prism, which strongly suggested the NSA could simply help itself to whatever it wanted, whenever it liked.
Prism is simply a boring internal tool used to analyse the results of such legal searches, according to Clapper’s explanation. That ties in with the fact that Snowden, clearly a relatively junior defence contractor (and there’s some clue there surely), had access to information about the program.
Could US spooks use Fisa to spy on your emails and internet searches if they wanted to? Very likely, if they could be bothered, but they would need to first have a specific interest in you. Nothing has changed in that respect.
Have they been harvesting our emails and internet records en masse, sticking them in an NSA datacentre and then scanning them to fish for evidence of any illegal activity?
There is no evidence to suggest that. If they have, Prism doesn’t appear to be the tool they are using.
A useful differentiation.