US Gov’t: PRISM Isn’t Data Mining System, Doesn’t Pull Data Off Servers

The United States government has declassified details of its “PRISM” program today, saying it is not a wide-spread data mining system and doesn’t “unilaterally” pull information off tech company servers.

“PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision,” the US said about the program, in a fact sheet (PDF) that was released today.

Statement Slams Reporting Of Leaks For Inaccuracies

The fact sheet accompanied a statement from the US Director of National Intelligence James Clapper. His full statement:

Over the last week we have seen reckless disclosures of intelligence community measures used to keep Americans safe. In a rush to publish, media outlets have not given the full context–including the extent to which these programs are overseen by all three branches of government–to these effective tools.

In particular, the surveillance activities published in The Guardian and The Washington Post are lawful and conducted under authorities widely known and discussed, and fully debated and authorized by Congress. Their purpose is to obtain foreign intelligence information, including information necessary to thwart terrorist and cyber attacks against the United States and its allies.

Our ability to discuss these activities is limited by our need to protect intelligence sources and methods. Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a “playbook” of how to avoid detection. Nonetheless, Section 702 has proven vital to keeping the nation and our allies safe. It continues to be one of our most important tools for the protection of the nation’s security.

However, there are significant misimpressions that have resulted from the recent articles. Not all the inaccuracies can be corrected without further revealing classified information. I have, however, declassified for release the attached details about the recent unauthorized disclosures in hope that it will help dispel some of the myths and add necessary context to what has been published.

In summary, Clapper isn’t denying that PRISM exists. But he does say it operates with “significant” differences from how the Washington Post and the Guardian reported about it earlier this week.

Fact Sheet: PRISM Doesn’t Provide A Stream Of Data, On-Demand

Here are highlights from the fact sheet that seemed most relevant to me:

PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision….

Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence….

The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose….

Finally, the notion that Section 702 activities are not subject to internal and external oversight is similarly incorrect. Collection of intelligence information under Section 702 is subject to an extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial branches.

The reports have painted PRISM as tool allowing the US National Security Agency to effectively see whatever it wanted within tech company computers, when it wanted to see that data.

The fact sheet rejects this notion. It outlines a tool that helps the NSA collect information on demand, on a case-by-case basis, after a legal review process has been met. In short, there’s no on-going monitoring, the government says.

Tech companies have denied they are part of any data gathering program. Google issued a third denial earlier today. The government denial matches up with what they’ve been saying, that there’s no government entry into their servers, and that they only provide data on a case-by-case basis, when given a legal summons they feel is valid.

Debate Likely To Continue

Today’s statement comes after the Guardian effectively double-downed on its allegations, releasing a fourth slide from a 41-slide presentation that it says shows that PRISM does draw off the servers of tech companies:

The debate will likely continue. Personally, I’ve been wanting the Guardian or the Washington Post to release more of the slides since the beginning. A dribble of one additional one doesn’t instill a lot of confidence.

Moreover, any slides are notorious for lacking context. Anyone who’s ever seen a live presentation, then compared that to what you only get from reading slides without hearing the actual talk, understands that.

CNET also had a report earlier today with sources suggesting that the government had no direct line into tech company computers. I doubt today’s statement will end the debate. There will also likely be more details to come. To keep up, I’d suggest watching here on Techmeme.