Fact and Fiction in the NSA Surveillance Scandal

The whistle-blower’s claims, revisited.

Protesters supporting Edward Snowden, a contractor at the National Security Agency (NSA), hold a photo of Snowden during a demonstration outside the U.S. Consulate in Hong Kong June 13, 2013.
Protesters supporting Edward Snowden, a former contractor at the National Security Agency, hold a photo of himduring a demonstration in Hong Kong on June 13, 2013. Snowden’s made a splash in the media, but has he told the truth?

Photo by Bobby Yip/Reuters

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. But in the past few weeks, its controversial spying efforts have been thrust into the international spotlight following an unprecedented leak of top-secret documents.

Many important details have been disclosed—so many, in fact, that you might have lost track. We have learned that the NSA is collecting millions of Americans’ phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, and that in some cases the agency can “incidentally” sweep up Americans’ emails and phone calls without a specific warrant and store them for up to five years.

But parts of the initial reports have changed, some details are disputed, and a number of follow-up stories have included crucial facts that have not received as much attention as the big scoops by the Guardian and the Washington Post.

Below, you can find a list of some of the key revelations along with an analysis of the current status of each—including claims, counterclaims, and everything in between. We will update this page with the latest in order to keep as comprehensive a record as possible. If there are any particular details we’ve missed that you think are worth inclusion, please add suggestions in the comments.

Claim: The NSA has “direct access” to tech companies’ servers (the Washington Post and the Guardian, June 6).

Status: There have been several clarifications to this key claim since the initial reports. It was derived from leaked secret NSA PowerPoint slides that said a program named PRISM had enabled emails, chats, and other private user data to be collected for surveillance “directly from the servers” of companies including Google, Microsoft, Apple, and Facebook. This seemed to imply that the NSA had unfettered covert access to sift through these companies’ servers whenever it felt like it.

But following a string of “direct access” denials from the named companies, it now appears that PRISM instead functions as a portal used by the NSA to request that companies turn over specific data about particular overseas groups or individuals under the Foreign Intelligence Surveillance Act. Google, for instance, says it transfers the data to the NSA using a fairly conventional file transfer system or by hand. It is still not clear exactly how much data is turned over, but Microsoft, Apple, and Facebook have published vague details suggesting several thousand user accounts could be implicated in FISA-PRISM surveillance during any given six-month period.

Update, July 3: The Washington Post has published new secret slides that it says show that, as of April 5, there were 117,675 active surveillance targets in PRISM’s counterterrorism database.

Edward Snowden heads (out of five): Two and a half. The initial reporting over-egged the scale of the NSA’s PRISM program, but the story has had a powerful and valuable impact by boosting surveillance transparency and exposing the companies helping the agency tap into foreigners’ data.

The claim: The NSA is collecting the phone records of millions of Verizon customers daily, including location data, call duration, unique identifiers, and the time and duration of all calls (the Guardian, June 5).

Status: Many more key details have since emerged since the publication of this report, the first story in the Guardian’s explosive “NSA Files” series. The British newspaper revealed the existence of a secret court demanding a business subsidiary of Verizon to turn over the daily phone records of all of its customers over a three-month period from April 25 through July 19. But follow-up reporting by the Washington Post and the Wall Street Journal has revealed that the Verizon court order was not a one-off. It was in fact issued as part of a broader program that has been ongoing for seven years, reportedly since May 24, 2006, and that also involved Sprint Nextel, AT&T, and Bell South. The NSA stores the billions of phone records on a database called MAINWAY, the Washington Post reported, though intelligence officials say the agency chooses not to collect location data. The agency also does not gather records directly from Verizon Wireless or T-Mobile because of their foreign ties, but believes it is able to capture and store “99 percent of U.S. phone traffic because nearly all calls eventually travel over networks owned by U.S. companies that work with the NSA,” according to the Wall Street Journal. This means that the NSA collects Verizon business customers’ records directly, but collects Verizon Wireless customers’ data by proxy by getting the information as it passes over other networks.

Edward Snowden heads: Five. This program, conducted in secret for years, affects hundreds of millions of Americans, and the public interest in its disclosure was huge. It could eventually be ruled unconstitutional, and the revelations about its existence have exposed Director of National Intelligence James Clapper to the accusation that he lied to Congress when he publicly claimed the NSA was not collecting any data on millions of Americans.

Update, July 3: Clapper has admitted to, and apologized for, giving what he described as a “clearly erroneous” statement to Congress about the phone records surveillance program.

Claim: “Americans’ communications are collected and viewed [by the NSA] on a daily basis” (Edward Snowden, the NSA contractor who leaked the documents to the Guardian and the Washington Post, June 17).

Status: President Obama and the Director of National Intelligence’s Office have both attempted to dismiss this claim by stating that the NSA cannot “target” Americans for surveillance without an individualised warrant. However, leaked secret procedural documents have confirmed beyond all doubt that the NSA can and does sweep up and retain Americans’ communications collected without a specific warrant. Under a controversial 2008 amendment to the Foreign Intelligence Surveillance Act, the NSA can “incidentally” gather Americans’ communications while monitoring international channels and it likely does so on a daily basis. The agency, the leaked documents have confirmed, has the authority to store these inadvertently collected communications for up to five years if the content meets certain broadly defined criteria, such as that it is deemed relevant to “foreign intelligence” or is believed to contain “secret meaning.” Sensitive emails or phone calls, such as those between an attorney and a client, are not off limits. The NSA has authority to snoop on and retain incidentally gathered attorney-client communications if they are judged to contain information relevant to foreign intelligence.

Update, July 3: The Guardian revealed in a new report published June 27 that the Obama administration collected “vast amounts of records detailing the email and internet usage of Americans” until 2011 under a program originally authorized by the George W. Bush administration.

Edward Snowden heads: Five. There can be no doubt that, among the more than 1 billion messages the NSA intercepts every day, it sweeps up Americans’ private communications and views them—often without any specific search warrant.

Claim: “The NSA … targets the communications of everyone. It ingests them by default” (Edward Snowden, June 9).

Status: Details are still sketchy about the accuracy of this explosive claim. Documents revealed by the Guardian shed some light on the extent of the agency’s surveillance and suggest it is capable of gobbling up huge volumes of communications. But there is little evidence so far that supports any allegation that it can and does sweep up all global communications. An NSA tool named Boundless Informant, for instance, is used to record and analyze a significant portion of where the agency’s intelligence is coming from. The tool showed that in March alone, the agency gathered, from across the world, 97 billion metadata records from computer networks and 125 billion telephone metadata records. Metadata is information about communications—who you are communicating with, where, and when—but not the content of the communications.

It is unclear exactly how many emails, phone calls, text messages, and other communications the NSA presently intercepts the content of. However, a Washington Post investigation in 2010 reported that the agency was collecting 1.7 billion emails, phone calls, and other types of communications daily and sorting them into 70 different databases. To put this in perspective, it is estimated that some 145 billion emails are sent daily worldwide, along with at least 13 billion phone calls and 23 billion text messages. Going by these estimates, it seems likely that the NSA is intercepting less than 5 percent of all global communications each day—though this still amounts to more than 600 billion intercepted communications in a single year.

It is also worth noting that the NSA is able to gain access to intelligence gleaned from troves of emails and phone calls collected by foreign allies—such as from British eavesdropping agency GCHQ. And it is always working to gather more communications and increase capacity, which was starkly illustrated in one document published by the Guardian that quoted NSA chief Gen. Keith Alexander during a visit to Menwith Hill, a joint NSA-GCHQ spy base in England. “Why can’t we collect all the signals, all the time?” Alexander reportedly said, in reference to communications signals. “Sounds like a good summer project for Menwith.”

Edward Snowden heads: Two. It is clear that the NSA, with its phone records program, is gathering data on the communications of all Americans. But there is no evidence so far to suggest that it has the technical capability required to gather the content and/or metadata of all international and domestic communications—though it would surely like to do so if it could.

Claim: The revealed NSA surveillance programs have helped prevent potential terrorist events more than 50 times since 9/11 (NSA chief Gen. Keith Alexander, June 18).

Status: This remains unclear and in dispute, in part because the NSA says it cannot release all of the evidence to back up the claim publicly because doing so would reveal “sources and methods.” However, during a congressional hearing last week, Sean Joyce, deputy director of the FBI, did describe two cases in which he claimed the surveillance had proved valuable. The first involved the mass phone records database being used to flag up as suspicious men who were later convicted of sending about $8,500 to Somali extremist group Al Shabab. The second example, apparently authorized as part of the PRISM Internet surveillance program, helped discover and disrupt a plot to bomb the New York Stock Exchange, according to Joyce. But Sens. Ron Wyden, D-Ore., and Mark Udall, D-Colo., members of the Senate Intelligence Committee, have said that they have not seen any evidence that the NSA’s sweeping surveillance of Americans phone records produced any “uniquely valuable intelligence” that helped stop terror attacks. Separately, CNN’s Peter Bergen analyzed foiled terror plots and concluded that “traditional law enforcement methods have overwhelmingly played the most significant role” and that “the NSA surveillance programs are wide-ranging fishing expeditions with little to show for them.” (Bergen is the director of the National Security Studies Program at the New America Foundation; New America is a partner with Slate and Arizona State University in Future Tense.)

Edward Snowden heads: One and a half. It is possible that the surveillance programs in place have proved useful in some terrorism investigations. But the question is whether the plots could still have been foiled using more restricted, targeted surveillance as opposed to a vast dragnet. So far, the government has failed to make a successful case for the dragnet option—and it will have a hard time doing so if it continues to refuse to provide clear and detailed evidence to back up its claims.

Claim: Surveillance programs disclosed by the Guardian and the Washington Post are the “tip of the iceberg” (Rep. Loretta Sanchez, D-Calif., following a classified briefing on June 12).

Status: This appears to be almost certainly the case. While the phone records program and the PRISM program have shed an unprecedented level of light on the NSA’s activities, a great deal is still unknown about other surveillance programs it operates. On June 15 the Associated Press reported that the PRISM program “is a relatively small part of a much more expansive and intrusive eavesdropping effort” and that the agency is operating a different and larger program that “snatches data as it passes through the fiber optic cables that make up the Internet’s backbone.” The same day, the Washington Post described how under President George W. Bush, the NSA began “siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.” This appears in line with what an AT&T whistle-blower alleged in 2006 when he said in a sworn declaration that the NSA was routing AT&T communications through a secret “secure room” where they could be intercepted.

However, the scope of these data mining efforts is not limited to just a handful of companies. Earlier this year, a book called Deep State: Inside the Government Secrecy Industry revealed the existence of an NSA surveillance program, named Ragtime, which collects data from as many as 50 companies. Much about the true scale of these controversial programs has remained undisclosed. But that may change in the coming days and weeks, as new details from documents leaked by Edward Snowden continue to be published.

Edward Snowden heads: Five. In recent weeks, the Guardian and the Washington Post have sledgehammered the excessive secrecy shrouding the NSA, exposing its spying activities to unprecedented scrutiny. But the agency was nicknamed the Shadow Factory for a reason—and we are still in the dark about the full scope of its controversial clandestine surveillance programs.

This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.