Big scoop smaller than it first appeared
Opinion & Analysis
OPINION: On closer inspection, the "big scoop" about US spies snooping on our emails and internet use turns out to have been teaspoon-sized.
Reports over the weekend suggested that the United States' National Security Agency, a spy agency, had been able to tap into the servers of nine internet giants at will for the past several years using a system codenamed Prism. But they have unravelled.
The National Security Agency and the internet companies themselves have all denied the claims. The newspapers that got the supposed scoop - a PowerPoint presentation leaked by on-the-run defence contractor Edward Snowden - have significantly modified their reports.
Sure, the US is spying on some people's communications. But that is no surprise and was no secret; the US has a law specifically designed to enable that, for anyone to see. And the NSA has a system called Prism. But it seems that was not as described.
Most New Zealanders use either Google's Gmail service or Telecom's email service, which is outsourced to Yahoo. Google and Yahoo were both implicated in the scare.
If the NSA really had open slather to their servers, either through the acquiescence of the companies or by hacking their servers, as implied by the initial reports on Prism, then its agents would have been free since 2009 to read most New Zealanders' emails.
Also an open book to the spy agency would be most people's internet search histories, social networking activities and instant messages over the past several years.
However, the companies concerned have denied giving the NSA such a "back door", and United States National Intelligence Director James Clapper has denied having one.
"The United States government does not unilaterally obtain information from the servers of US electronic communication service providers," he said. Neither The Wall Street Journal not the Guardian are now contesting that.
Does that mean the NSA can't legally tap into New Zealanders' emails and watch our internet activities?
No, but the details are important.
Since 2008, the US government has been able to use Section 702 of the US Foreign Intelligence Surveillance Act (Fisa) to demand the co-operation of "electronic communications companies" with a presence on US soil when snooping on named foreign nationals.
US government agencies are required to have reason to believe each individual poses a security threat and their demands are subject to approval by a special court, though since that court meets in secret there is inevitably a suspicion such requests are always "rubber-stamped".
Those snooping powers themselves, while controversial, have never been secret however. There is a gulf between them and the implications of the original reports concerning Prism, which strongly suggested the NSA could simply help itself to whatever it wanted, whenever it liked.
Prism is simply a boring internal tool used to analyse the results of such legal searches, according to Clapper's explanation. That ties in with the fact that Snowden, clearly a relatively junior defence contractor (and there's some clue there surely), had access to information about the program.
Could US spooks use Fisa to spy on your emails and internet searches if they wanted to? Very likely, if they could be bothered, but they would need to first have a specific interest in you. Nothing has changed in that respect.
Have they been harvesting our emails and internet records en masse, sticking them in an NSA datacentre and then scanning them to fish for evidence of any illegal activity?
There is no evidence to suggest that. If they have, Prism doesn't appear to be the tool they are using.
A set of what might be called "counter-conspiracy theories" is emerging about the timing of the Prism leak, which came on the eve of a visit to the US by China president Xi Jinping for an informal summit meeting with President Barack Obama when cyber-espionage was high on Obama's agenda.
The key sections of the US Foreign Intelligence Surveillance Act:
* The Attorney General and the Director of National Intelligence may direct an electronic communication service provider to immediately provide the Government with all information, facilities, or assistance necessary to accomplish the acquisition [of information they hold about a foreign national] in a manner that will protect the secrecy of the acquisition.
* An electronic communication service provider receiving a directive ... may file a petition to modify or set aside such directive with the Foreign Intelligence Surveillance Court, which shall have jurisdiction to review such petition.
- © Fairfax NZ News