WaPo Wrong on Prism

This is, hands down, the scariest part of the NSA revelations

Forget PRISM, the National Security Agency’s system to help extract data from Google, Facebook, and the like. The more frightening secret program unearthed by the NSA leaks is the gathering and storing of millions of phone records and phone-location information of U.S. citizens.

According to current and former intelligence agency employees who have used the huge collection of metadata obtained from the country’s largest telecom carriers, the information is widely available across the intelligence community from analysts’ desktop computers.

The data is used to connect known or suspected terrorists to people in the United States, and to help locate them. It has also been used in foreign criminal investigations and to assist military forces overseas. But the laws that govern the collection of this information and its use are not as clear. Nor are they as strong as those associated with PRISM, the system the NSA is using to collate information from the servers of America’s tech giants.

Metadata is not protected by the Fourth Amendment. Content of emails and instant messages — what PRISM helps gather — is. An order issued to Verizon by the Foreign Intelligence Surveillance Court instructs the company to supply records of all its telephony metadata “on an ongoing, daily basis.” Although legal experts say this kind of broad collection of metadata may be legal, it’s also “remarkably overbroad and quite likely unwise,” according to Paul Rosenzweig, a Bush administration policy official in the Homeland Security Department. “It is difficult to imagine a set of facts that would justify collecting all telephony meta-data in America. While we do live in a changed world after 9/11, one would hope it has not that much changed.”

By comparison, PRISM appears more tightly constrained and operates on a more solid legal foundation. Current and former officials who have experience using huge sets of data available to intelligence analysts said that PRISM is used for precisely the kinds of intelligence gathering that Congress and the administration intended when the Foreign Intelligence Surveillance Act was amended in 2008. Officials wanted to allow intelligence agencies to target and intercept foreigners’ communications when they travel across networks inside the United States.

The surveillance law prohibits targeting a U.S. citizen or legal resident without a warrant, which must establish a reasonable basis to suspect the individual of ties to terrorism or being an agent of a foreign power. In defending PRISM, administration officials have said repeatedly in recent days that the FISA Court oversees the collection program to ensure that it’s reasonably designed to target foreign entities, and that any incidental collection of Americans’ data is expunged. They’ve also said that press reports describing the system as allowing “direct access” to corporate servers is wrong. Separately, a U.S. intelligence official also said that the system cannot directly query an Internet company’s data.

But the administration has not explained why broadly and indiscriminately collecting the metadata records of millions of U.S. citizens and legal residents comports with a law designed to protect innocent people from having their personal information revealed to intelligence analysts. Nor have officials explained why the NSA needs ongoing, daily access to all this information and for so many years, particularly since specific information can be obtained on an as-needed basis from the companies with a subpoena.

Here’s why the metadata of phone records could be more invasive and a bigger threat to privacy and civil liberties than the PRISM system:

Rest