The National Security Agency's massive data gathering from the world's largest Internet companies could bolster arguments that the United States should have less control over the Internet, an expert says.
The NSA has obtained direct access to the systems of Google, Facebook, Apple and at least six other U.S. Internet companies, collecting search history, the content of emails, file transfers, live chats and more, The Guardian and Washington Post reported Thursday, based on a top secret document. The data gathered is to try to spot terrorist activity in communications between people in and outside the U.S.
The NSA data-collecting program, called PRISM, started in 2007 and was enabled by changes in U.S. surveillance law that were introduced by President Bush and renewed under President Obama late last year. While acknowledging they abide by legal requests for information from the government, many of the Internet companies denied giving the NSA direct access to their computer systems.
Privacy groups have ripped into the program as a huge privacy threat to U.S. citizens, and have called for changes in the law to provide better protection of personal information from snooping. However, with court approval and congressional oversight, the PRISM program appears to be legal.
"The way I understand PRISM, it is designed to collect only against foreigners. Collateral American collections are suppose to be eliminated and minimized," Paul Rosenzweig, founder of Red Branch Law & Consulting and a former deputy assistant secretary for policy in the Department of Homeland Security (DHS), told CSO on Friday. "That sounds right to me."
However, being legal does not necessarily mean it is good public policy. If the government is gathering huge amounts of information from Internet companies then it could play into the arguments of China, Russia and Saudi Arabia that U.S. control over the Internet should go to the United Nations.
U.S. influence over the Web is the result of its control over the system for numbering and naming sites through the Internet Corporation for Assigned Names and Numbers (ICANN).
"[PRISM] might not be advisable because it will play into the international perception that the U.S. uses the Internet as its own little toy," Rosenzweig said.
Reports on the program surfaced one day after The Guardian reported that the NSA was gathering from Verizon millions of phone records that included the numbers of both parties on a call, location data and the time and duration of all calls. Experts believe similar data has likely been collected from other telephone companies.
The intelligence community's need to gather large amounts of data were outlined in March by Ira "Gus" Hunt, chief technology officer for the Central Intelligence Agency. "It really helps us understand what's going on in the world to know what we know, so we know where the gaps are, so we can do our job much more effectively," Hunt said, during a talk at the GigaOM's Structure:Data 2013 conference.
The CIA uses "massive computational engines" that enable the agency "to acquire, federate and position and securely exploit huge volumes of data," Hunt said.
"We fundamentally try to collect everything and hang onto it forever. Forever being in quotes, or course," he said.
In March, Wired magazine reported that the NSA is building a $2 billion data center in Utah. Its purpose is to intercept, decipher, analyze and store the world's communications from satellites and underground and undersea cables of international, foreign and domestic networks.
Read more about data privacy in CSOonline's Data Privacy section.