Two government officials have admitted that as many as 50 American companies are now feeding the analysts at the National Security Agency with real-time user data, including credit rating agencies and internet service providers. Some of the companies have been cooperating since 2006. What the NSA calls “domestic collection” is data that originates in the U.S. One of the officials said, “The idea is to create a mosaic. We get a tip. We vet it. Then we mine the data for intelligence.” Director of National Intelligence James Clapper defended the practice, stating that programs collect communications “pursuant to section 702 of the Foreign Intelligence Surveillance Act, ” and “cannot be used to intentionally target any U.S. citizen, any other U.S person, or anyone within the United States.”
Clapper was furious at the leaks surrounding the NSA’s practices, calling them “reprehensible” and arguing that the program “is among the most important” sources of “valuable” intelligence information.
One official explained that the NSA has to use various collection tools. PRISM is valued because it can handle disparate types of data streams using different basic encryption methods. PRISM works with another NSA program to encrypt and remove from the analysts’ screen data from someone not regarded as the target of investigation. Then a FISA order allows the monitoring and analysis of the datasets, although the monitoring can technically begin before an application package is submitted to FISA.
The NSA can use credit card purchases, the area where someone signs onto the internet, or local police arrest logs to track people in near-real time. Most of the collection is focused on subjects outside the U.S, but much of the data is gleaned through American companies with servers in the United States.
Because the NSA cannot use standard law enforcement transmission channels to get the data from companies, either the companies have granted access or the fact that company officials deny doing so is a result of only a select few knowing about it.
The protocol is this: according to law, if the agency believes that the parties involved in the suspicious activity are all in the U.S., the FBI is in charge. If one party is out of the country, then the NSA is in charge. Originally, the government could ask companies for records without telling the court because the PATRIOT Act had a “business records provision.” But now, the FISA gives blanket approval.
Clapper said that the leaks “risk important protections for the security of Americans.”