National Journal Presentation Credits Policy and the Private Sector: Addressing the NSA Leaks Published: November 15, 2013 Updated: December 19, 2013 Contributor: Dustin Volz, National Journal Staff Correspondent Producer: Catherine Treyz Director: Jessica Guzik

Before NSA Leaks, Tech Companies Acceded to Data Requests 2 Source: “Factbox: History of mass surveillance in the United States,” Reuters, June 7, Takeaway The National Security Agency can access volumes of data from tech and telecommunications companies by obtaining a surveillance warrant from the FISA Court, which reviews the NSA’s data requests to ensure they are justified in the interests of national security National Security Agency (NSA) Data Request Process NSA identifies data necessary to collect for national security purposes Foreign Intelligence Surveillance Act (FISA) Court reviews NSA data request and, if approved, grants surveillance warrant Tech or telecomm company accedes to surveillance warrant, shares data with NSA

Companies’ Main Concern: Transparency with Consumers Analysis by Dustin Volz Companies often comply with NSA surveillance warrants, but they seek to be transparent about those data requests with their customers in order to protect brand reputation 3 Source: “A Barrage of Data Requests,” The Washington Post, November 5, Estimated NSA Data Requests and Accounts Affected Among Key Companies January to July 2013

Leaks Reveal NSA Not Transparent With Companies Analysis by Dustin Volz Stream of NSA leaks that began in June 2013 revealed many classified surveillance programs, including programs that bypassed the FISA Court’s review and collected information from companies without their knowledge Companies could not be transparent with customers about surveillance that they did not know about Companies shifted positioning on data collection from increasing transparency to pushing for policy reform In Dec. 2013, a federal judge ruled the NSA’s bulk phone record collection program as unconstitutional pending appeal, the first major legal decision regarding the NSA’s surveillance 4 Source: Glenn Greenwald, “XKeyscore: NSA tool collects ‘nearly everything a user does on the Internet,’” The Guardian, July 31, 2013; TIME Staff, “A Glossary of Government Surveillance,” TIME, August 1, 2013; Barton Gellman and Ashkan Soltani, “NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say,” The Washington Post, October 30, 2013; “NSA slides explain the PRISM data-collection program,” The Washington Post, June 6, 2013; Josh Gerstein, “Judge: NSA phone program likely unconstitutional,” POLITICO, December 16, 2013; National Journal Research, NSA Data Collection via Classified Programs PRISM Collects data and metadata from nine servers; Apple, AOL, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo, and YouTube MUSCULAR Collects user data and data links that connect Yahoo and Google data centers worldwide XKEYSCORE Collects real-time Internet activity, content, browsing history, and metadata into a comprehensive database

Under Pressure from Tech Companies and Constituents, Congress Proposes Changes 5 Source: Govtrack.us; Ellen Nakashima, “Senate bill would approve NSA program but try to curb it,” The Washington Post, October 31, 2013; Brendan Sasso, “Lawmakers propose USA Freedom Act to curb NSA”s powers,” The Hill, October 29, 2013; Stacy Kaper, “Can the Senate Crack Down on NSA Spying,” National Journal, November 7, 2013; David E. Sanger and Charlie Savage, “Obama is Urged to Sharply Curb NSA Data Mining,” December 18, 2013; National Journal Research, USA Freedom Act vs. FISA Improvement Act HeaderUSA FREEDOM ActFISA Improvement Act Introduced October 29, 2013October 31, 2013 Authors Sen. Patrick Leahy (D- Vt.) Rep. James Sensenbrenner (R-Wis.) Sen. Dianne Feinstein (D-Calif.) Goals To strengthen prohibitions regarding access to Americans’ personal information and interactions To strengthen national security by sustaining NSA’s metadata collection programs and to protect Americans’ privacy Key Provisions End the NSA’s bulk data collection authorized under Section 215 of the Patriot Act Require the government to delete all information about American citizens that was accidently collected Create a special advocate office to argue for stronger privacy protections before the FISA Court Require the Attorney General to disclose all relevant court decisions related to the interpretation of this law Enhance oversight of overseas intelligence collection Allow the government to keep phone records for up to five years Require FISA Court to review data collection to ensure “reasonable articulable suspicion” of terrorism Require Senate to approve NSA director and inspector general appointments (a provision the White House opposes) Revise intelligence gathering procedures every five years Prospects of Passing Positive: Most tech companies, civil liberties groups, and many lawmakers back the bill Positive: Bill has bicameral and bipartisan support Negative: Bill may be seen as encroaching on executive power Negative: Lacks House leadership backing Positive: Moderate approach to reform; more appetizing for conservatives Negative: Many see bill as codifying NSA surveillance powers Negative: House Intelligence Cmte. Chairman Mike Rogers (R- Mich.) may introduce a similar bill through the intelligence authorization bill with Speaker John Boehner’s (R-Ohio) support Takeaway Congressional leadership has not indicated that it is a top short-term priority; however, in Dec. 2013, a surveillance review board recommended 46 changes to the NSA’s counterterrorism and collection programs that restrict the NSA’s unilateral powers, increase the specificity of court approvals, and require more Congressional and presidential oversight