The show is over. The fat lady has finally sung. The fat lady, in this case, is a former White House lawyer, Rajesh De, now the senior legal counsel for the US National Security Agency (NSA).
Last week, De told a statutory body of the US government, the Privacy and Civil Liberties Oversight Board (PCLOB), that the so-called Foreign Intelligence Surveillance Act (Fisa) corporations – a collection of US companies that were made subject to secret court orders to spy on their customers outside the US – had indeed done just that.
He specified a particular NSA programme called Prism, which required the companies to obtain and pass on to the NSA all the data they had on their customers to the American spooks. This is something the companies have strenuously denied, with some, such as Apple, claiming that they had never heard of Prism.
De said differently. He said they had acted on the orders of the Fisa courts, which are secret, and had done so knowingly.
US companies ordered to spy on customers
This is how De put it to James X Dempsey, a PCLOB board member: “Prism is just an internal government term that, as a result of the leaks, became a public term. But collection under this programme is done pursuant to compulsory legal process that any recipient company would have received.”
James Dempsey: “So they know that their data is being obtained because…”
Read more about Prism
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues
De: “They would have received legal process to assist the government, yes.”
The Prism programme, first revealed by Edward Snowden – the NSA fugitive living in Russia – and the Guardian, orders specific US high-tech corporations to provide email data, chat, videos, photos, stored data, VoIP, file transfers, video-conferencing, notification of target activity, and online social networking details of their customers to the National Security Agency.
What De is saying is that the companies were ordered to do this by the US government, using a secret court created under the governing legislation, the Foreign Intelligence Surveillance Act 1978. He is also saying that the named corporations knew what they were doing because they were acting under written court orders.
What De is not saying, and which no one on the board picked up, is that these orders might be lawful in the US, but they are certainly illegal and possibly criminal everywhere else in the world, particularly the UK.
Spying a crime
The chairman of the PCLOB, David Modine, a lawyer, put it like this: “This law (Fisa) permits the government to target non-US persons – someone who is not a citizen or a permanent resident alien – located outside the US for foreign intelligence purposes without obtaining a specific warrant for such targets.”
But he did not address the issue of forcing US corporations and their staff to do that targeting in other countries, such as the UK.
US law does not run outside US territory. A law made in the US that says “thou shalt thieve and steal abroad” has no validity in the UK, or anywhere else. The thefts ordered by the Fisa Courts are, for the most part, illegal in the UK, under the Data Protection Act, the Human Rights Act section 8 and the Official Secrets Act. Pleading Fisa is no defence in a UK court.
The PCLOB session minutes amount to the public record of a criminal conspiracy to spy on other nations by forcing commercial companies to do the dirty work.
There was no input from the nine corporations listed as being part of the Prism programme, although each was approached for comment by email for Computer Weekly.
And it is quite possible that the entire Foreign Intelligence Surveillance Act is unconstitutional in the US. While all the discussion in America has been about Fisa spying on Americans in the US, none of the discussion has addressed the issue of how the orders given to the companies could be legally executed in countries outside the US. Or how US corporations and citizens could be legally ordered to commit crimes in other countries, for which they would be liable if caught.
So why have the affected American corporations not gone to the US Supreme Court to challenge this law that makes them criminals abroad?
We are waiting for the answer.
A recent report on US high-tech business in China over the past 12 months shows a fall of 23% in sales over Fisa concerns. IBM, not a Fisa-listed company, was one of the worst affected.
What the minutes of PCLOB show are a group of people living entirely in a world of their own. The US government has, for the past three or four years, run an aggressive campaign against China, accusing China of being the world’s worst hacker. What the minutes of the PCLOB meeting show is that the worst hacker in the world was the US government itself, acting through a law that seeks to legitimise criminality around the world, and may even be unconstitutional in the US.
The companies listed in the Fisa memos, published on 6 and 7 June 2013 by the Guardian, are Microsoft, Google, Yahoo, Facebook, Paltalk, YouTube, Skype, AOL and Apple.
Kevin Cahill is a journalist and former systems analyst with a special interest in supercomputers.
This was first published in March 2014