How Web Surveillance Programs Work in America


By Paul RosenzweigThe George Washington University Law School

Web surveillance programs go by many names. One code name that’s often used is PRISM. Another name for it is the Section 702 program, after Section 702 of the Foreign Intelligence Surveillance Act, which authorizes the collection of some private Web communications. So, why would the US government—or any other governmentwant to scan Web searches and email contents?

3D rendition of the American flag with locks, showing the concept of cybersecurity and Web surveillance.
The government can compel assistance from Internet service providers to gather intelligence. (Image: Pixels Hunter/Shutterstock)

Surveillance Activities over the Years

Michael Hayden, the former director of the National Security Agency (NSA), tells an anecdote that serves to explain a bit about why technological change has driven changing surveillance activities and capabilities. Here’s how he explains it. Back in the Cold War, the Soviet Union controlled its nuclear missiles through the country’s Strategic Rocket Force. 

The rocket force’s communications were transmitted on a dedicated, secure microwave system. Orders were given in Moscow and transmitted over the Ural Mountains to the missile silos that were on the plains of Russia, east of the mountains. The NSA devoted immense efforts to penetrate the security of those communications. 

And to the extent that they succeeded, the NSA also devoted great effort to listening for important words within those communications—words like launch or fire, for example. By the end of the Cold War, according to General Hayden, the NSA had seriously compromised the Soviet Union’s communication networks. And though it’s speculative to ask the question, it’s unlikely that many, if any, American civil libertarians were concerned with that penetration.

This is a transcript from the video series The Surveillance State: Big Data, Freedom, and YouWatch it now, on Wondrium.

When Malicious Activities Commingle with Innocent Ones

Today, however, no longer would Russian launch commands necessarily be transmitted on an exclusive, dedicated communication system. Instead, those who intend malicious activity—terrorists, drug cartel groups, or other nation-states—might communicate their intentions and plan in a data system that is commingled with legitimate, innocent communications of non-malevolent actors. 

And so, as General Hayden explains it, the NSA is faced with a difficult challenge born of technological change. To achieve the same degree of insight into the motives and operations of the nation’s opponents that it had achieved in the Cold War, the United States has to completely change the way it conducts surveillance.

Instead of seeking to penetrate isolated communications networks that our opponents thought were secure, the NSA must now instead penetrate insecure networks where the communications of our enemies are commingled with the innocent communications of millions of Americans and non-Americans alike. And that, of course, is why civil liberties and privacy concerns have increased quickly to a very high level.

Learn more about Internet surveillance.

Different Names for Web Surveillance Programs

Now, people have to figure out what to call this thing, government surveillance of the web, that is being talked about. The Section 702 name is a bit more precise because it relies on a clear definition in the law, and the PRISM program is really just a subset of it, but both names somewhat will be used interchangeably.

Section 702 has its origins in the president’s Terrorist Surveillance Program. That program was initiated in the immediate aftermath of the 9/11 terror attacks, on the president’s own authority. Although undertaken on the president’s order, one of the oddities of this program is that Congress fully discussed and authorized it. 

But that authorization did not happen in 2001 when, in the wake of the attacks, Congress might have been overwrought and emotional; rather, the law was adopted and amended twice later in the decade after the program had been initiated on the president’s own authority.

Seal of the U.S. National Security Agency
According to the law, the targets of Section 702 surveillance should not be US persons. (Image: U.S. government/Public domain)

Section 702 and the Law

Under Section 702, the US attorney general and the director of national intelligence may jointly authorize surveillance that targets people who are not US persons. US persons is a term of art in the intelligence community that means people who are American citizens or permanent resident aliens. 

So the targets of Section 702 surveillance should not be US persons. Section 702 only allows the government to acquire foreign intelligence by targeting non-US persons reasonably believed to be outside the US borders—in other words, foreigners on foreign soil. It is expressly against the law to try to collect information from targets who are inside the United States, whether Americans or foreigners, or to deliberately target the collection of American Web communications, even if they’re overseas. 

The 702 law also requires the government to develop targeting procedures. These are the steps the government needs to take to make sure that there is a reason to believe that the target is outside the United States. 

Learn more about metadata.

How Government Conducts Web Surveillance Programs

To conduct this type of Web surveillance, the government can compel assistance from Internet service providers and telephone companies in order to acquire foreign intelligence information—that is, information relating to a foreign espionage program or international terrorism. 

And, it’s pretty clear that the government pays a big amount of money to all the communications companies that participate in PRISM and which provide data. The payments range from $250 to nearly $400 million annually, according to The Washington Post. 

Some privacy advocates suspect that, as a result, surveillance turns from a legal obligation into a source of income for the companies. It is good to mention that it’s not just regulated characters, such as traditional cable and telephone companies like AT&T and Verizon, but also newer technology companies like Google, Facebook, and Skype that are at issue.

Common Questions about How Web Surveillance Programs Work in America

Q: How do people who intend to engage in illegal activities communicate with each other? 

Today, groups that intend to engage in illegal activities don’t use special communication systems. Instead, these groups use legitimate systems that all people use to communicate. Hence they can be easily caught by web surveillance programs.

Q: What’s Section 702?

Under Section 702, a web surveillance program, US attorneys are allowed to target non-US individuals. This department must be able to prove that these people are outside the United States. Under no circumstances can non-Americans be targeted on American soil.

Q: How does the government conduct web surveillance programs?

The US government uses Internet service providers to conduct web surveillance programs. This is in the interest of these companies because the government pays them large sums of money for their cooperation.

Keep Reading
Privacy and Transparency: Is There a Middle Path?
Protecting Our Privacy: Ways and Rules
Privacy, Anonymity, and the Rules of Surveillance