Internet giants like Google and Yahoo received millions of dollars from the NSA to cover their surveillance under the PRISM program. These payments occurred after a federal court ruled that surveillance requests the companies handled under the PRISM program were unconstitutional.
The money was meant to cover expenses the companies incurred under court orders mandating the companies assist the NSA in its bulk collection of data, according to a top secret NSA newsletter leaked to the Guardian newspaper by NSA whistleblower Edward Snowden.
The document also shows the NSA was anxious to get certifications from the FISA Court to authorize surveillance beyond the possible expiration of the law that authorized that surveillance. The law was set to expire on December 31, 2012, but the NSA received authorizations under that law to continue its surveillance until September 23, 2013. As long as the certificate from the court was still valid, it would allow ongoing surveillance, the document explains, even if Congress failed to pass or delayed passage of an extension of the law.
From the document:
Foreign Intelligence Surveillance Act (FISA) Amendments Act (FAA702) operations (PRISM and Upstream) require the yearly renewal of three Certifications by the FISA Court. These were signed on 21 Sept 2012, and effective on 24 Sept 2012. Upstream providers completed their transitions to the new Certifications on 24 September 2012, and PRISM providers completed their transitions by 2 October 2012. These documents authorize FAA702 tasking and collection, with directions on targeting and minimization procedures. It is important that these Certifications were renewed, because they authorized FAA702 operations until 23 September 2013, even if Congress fails to pass, or delays passage of, a replacement bill for the 2008 FAA legislation which enables all FAA collection. The FAA law expires on 31 Dec 2012. However, the law permits operations to continue as long as the Certifications are in effect. This year’s Certification renewal occurred on time, compared to 2011 when he FISA Court determined that some procedure with Upstream operations were problematic and required NSA to propose acceptable processes. Last year’s problems resulted in multiple extensions to the Certifications’ expiration dates which cost millions of dollars for PRISM providers to implement each successive extension — costs covered by Special Source Operations.
The PRISM program involves the bulk collection of data from companies under the FISA Amendments Acts, passed in 2008. Section 702 of the law allows the government to target the communications of foreign nationals believed to not be on U.S. soil, but also allows for the collection of data of U.S. citizens if that person is communicating with a foreign national who is targeted. It does not allow for the collection of wholly domestic communications, which the government is supposed to filter out.
The NSA, however, failed to filter out these domestic communications until the court intervened.
The payments to the companies were made after the Foreign Intelligence Surveillance Court ruled in October 2011 that bulk collections of data, in which the NSA was unable to separate wholly domestic traffic from international traffic, was illegal. The court found that the NSA was collecting up to 56,000 wholly U.S. internet communications each year between 2008 when the FISA Amendments Act was passed and 2011 when the court discovered what the NSA was doing. The court ordered the NSA to revise its methods to comply with the Fourth Amendment. The court order discussing the ruling was declassified this week after the Electronic Frontier Foundation fought to have it released.
It’s not unusual for companies to charge the government for the cost of complying with surveillance requests. In 2009, Chris Soghoian, currently senior policy analyst with the ACLU’s Speech, Privacy and Technology Project, obtained price lists showing how much telecommunications companies charge the government for surveillance requests. For example, Cox Communications charges $2,500 for a pen register/trap-and-trace order for 60 days.
But in this case, the costs were also incurred because the government’s surveillance procedures were initially ruled unconstitutional by the judge and had to be revised to filter out wholly domestic content. This required the companies to work with the NSA to devise methods for doing so in a way that satisfied the court.
The Guardian cited four companies as receiving money from the government — Yahoo, Google, Facebook and Microsoft.
Yahoo provided the paper with a statement saying, “Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law.”
Facebook insisted it had received no money, saying it had “never received any compensation in connection with responding to a government data request.”
Google declined to answer the question and Microsoft refused to answer on the record.