The disinformation - or if you prefer a more benign term, misunderstanding - has spread right to the heart of this "Restore the Fourth" so-called 'movement.' Here is how they describe the PRISM program, the center of this controversy:
According to the Washington Post, Nine major Internet companies allegedly opened their servers to government surveillance: Google, Microsoft, Yahoo!, Facebook, PalTalk, YouTube, Skype, AOL, and Apple.Except that the Washington Post later modified its report after it was clear that the companies did not "open their servers." But none of the political activists seem to be explaining the precise nature of data gathering programs, and people who do understand the programs technologically have a grave misunderstanding of the law. Let's address them one by one.
The technologcially clueless political hotheads
Way too often, people take any data gathering operation by a government to mean 'spying.' In addition, a lot of the opposition seem to be coming from a sentiment that is entirely anti-surveillance. Surveillance is not, of course, all bad. The cameras in your local mall's parking lot are surveillance equipment, but they are not spying on you. In fact, I remember a few years ago, a ton of liberals (myself included) demanded that Wal-Marts institute better surveillance in their parking lots. We complained not just because some Wal-Mart parking lots lacked adequate surveillance equipment (and as a result, shoppers were falling victims to crimes), but we faulted them for not having anyone monitor the cameras! Liberals did that! And it was the right thing to do.
Of course, Wal-mart parking lots are publicly available spaces, and Wal Mart spying on those (yes, the monitoring would be considered spying, not just surveillance) is not the same standard that apply to the government to collect personal data. But you don't have to be scared every time you hear the word 'surveillance.'
There are two programs we are talking about here: the first is the collection of meta data on calls (the Verizon call collection). Huh? It means the government is collecting information on the numbers being called (to and from), and the length of the calls. They are not collecting any information on who the numbers belong to, nor the content of the calls. In other words, the NSA data dump has the information that 202-555-7777 called the number 415-555-8888 on June 17 for 5 minutes, but the data dump has no idea who either of the two numbers belong to, nor what was said. If they want to know, they have to go to a federal court and get a warrant. The NSA can shift through this meta data, and in case they come across a telephone number being called or answered by a known terrorist (that they know through a different, legitimate, legal means, not by claiming it so) - i.e. a phone number match - they can ask a federal judge for a warrant to wiretap.
The second, and perhaps the more controversy-generating programs is a set of Internet data gathering programs, with something named PRISM getting the most attention. Data is only collected under PRISM against specific foreign targets. This data collection effort and the specific target must be signed off on by the Director of National Intelligence (DNI) and the Attorney General (AG), as well as authorized by an order from the Foreign Intelligence Surveillance Court (FISC). Under these court orders, specific providers turn over communications logs that are asked for. The FISC orders aren't fourth amendment warrants, since the targets, non-US persons living abroad, do not enjoy the broad protections of the 4th Amendment.
An associated program is called BLARNEY, which I suspect many people are confusing with PRISM when they accuse the government of building some sort of a massive Internet surveillance database. According to both Wikipedia and the original Washington Post story on the subject, BLARNEY gathers metadata on Internet communications - meaning IP addresses and end points, but not personal data nor content - as traffic travels through "choke-points" (when data jumps from one server to another). Think of BLARNEY as the phone metadata program described above, except only for Internet traffic. Because no private entity owns these "choke-points", the government does not need to subpoena anyone to obtain this metadata. Because no content or personal information is being collected, it does not require a warrant.
BLARNEY and PRISM are meant to work in concert. It is possible, for example, that the NSA could search the metadata collected through BLARNEY for an IP address commonly used by (or communicated to by) a known foreign target, in which case it would have evidence to ask the FISC for an order under PRISM to get the communications providers to turn over the actual contents of the data. It is also possible that should and investigation through BLARNEY and PRISM determine that someone in the US has enough grounds to warrant targeted surveillance against that person, the government could take that evidence to a federal court, in order to obtain a warrant under the Fourth Amendment.
And this brings us to the politically clueless technologists.
The politically clueless technology nerds
All this collection somehow seems contrary to principles of privacy and specifically, the fourth amendment, right? That's the question the politically clueless technologist asks because he understands how the programs work technically (though he may want to read the above to see what the legal steps are) but is utterly stunned as to how this is possible under the protections of the US Constitution and its fourth amendment. The answer lies, ironically, within the fourth amendment itself.
The text of the fourth amendment to the US Constitution reads as such:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.The focus is, of course, on the 'unreasonable searches and seizures' phrase. Only, none of the programs discussed involve any search at all against any US person (that means any American citizen as well as anyone else present in the United States) without a fourth amendment warrant, as I have described above. All personal communications data (including content) obtained under these programs are obtained against foreign targets, and even those are obtained with a court order (though not a warrant). If the government wants to target an American because of evidence it becomes aware of through those programs, it still has to go back and get a fourth amendment warrant.
But what about the metadata that the government is collecting on nearly all the communications? Isn't that a violation of the fourth amendment? No, it's not. Read the text of the amendment again. Let's go through it quickly. The protection against unreasonable searches and seizures apply to:
- One's person - that is, you cannot be arrested without a warrant.
- One's houses, papers and effects - broadly interpreted to mean property that you own or lease (or house within whatever it is you own or lease) cannot be searched or seized without a warrant. It could only reasonably apply if the collection can identify that you own it, which metadata cannot. Furthermore, you do not own or lease your metadata (i.e. your phone number, IP address etc) the same way that you own or lease your home or tangible property.