EPIC v. DOJ - PRISM
- Top Human Rights Court Rules UK Mass Surveillance Program Violated Privacy Rights: This week, the grand chamber of the European Court of Human Rights issued a final judgement in Big Brother Watch v. UK confirming that the UK's intelligence agency violated the right to privacy by systematically intercepting online communications without first applying necessary safeguards. The agency's mass surveillance program was "not in accordance with [EU] law," which only allows governments to retain data in an effort to combat "serious crime" and requires a court or administrative body to sign off on data collection. The UK law at issue was not limited to serious crime, nor did it require independent authorization; these "fundamental deficiencies" impermissibly increased the "risk of the bulk interception power being abused." Nevertheless, the grand chamber found that the agency's decision to operate a bulk interception program did not itself violate human rights, and the agency's sharing of sensitive digital intelligence with foreign counterparts--including with the NSA--was legal. Several chamber judges believed this ruling did not go far enough to condemn the sharing of wrongfully collected communications with other countries, noting the chamber "missed an excellent opportunity to fully uphold the importance of private life ... when faced with interference in the form of mass surveillance." EPIC has a strong interest in protecting the human right to privacy and has continuously opposed suspicionless mass collection of personal communications by domestic and foreign governments. EPIC participated in this case as a third-party intervenor and filed a brief describing U.S. intelligence authorities that allow the NSA to access the private communications of non-U.S. persons in violation of their rights. EPIC was also chosen by the Irish High Court to make amicus submissions in a case involving the international transfer of data from European servers to the U.S. in violation of E.U. law. (May. 25, 2021)
- Irish High Court Orders DPC to Move Forward in Facebook Investigation: The Irish High Court today issued an order in a follow-on case to Irish Data Protection Commissioner v. Facebook and Schrems ("Schrems II") and, as a result, the investigation into Facebook's U.S.-EU data transfers will move forward. The case arises from a complaint filed with the DPC in Ireland against Facebook by privacy activist Max Schrems in 2013 alleging that the company violated EU law when it transferred personal data to the U.S. (where the company is obliged to provide access to the government). The case has since been referred two separate times to the highest court in Europe (the CJEU), and has led to the invalidation of both the U.S.-EU Safe Harbor Agreement and the U.S.-EU Privacy Shield Agreement. The CJEU in the Schrems II decision last year remanded the case to the Irish DPC to determine whether Facebook violated the law and whether it was necessary to block Facebook's U.S.-EU data transfers. The DPC later issued a Preliminary Draft Decision to Facebook and laid out procedures for the inquiry. Both Facebook and Schrems challenged the DPC procedures. The DPC agreed in a settlement with Schrems that it would complete the investigation into his original complaint. The Irish High Court today rejected Facebook's challenge to the DPC inquiry, and both the Schrems complaint and this new DPC inquiry against Facebook will move forward. EPIC participated as an amicus curiae in Schrems II, arguing that U.S. Surveillance law does not provide adequate privacy protections or remedies for non-U.S. persons abroad. (May. 14, 2021)
- Senator Feinstein Proposes Reforms to Broad Spying Authority: Senator Dianne Feinstein, the former chair of the Senate Intelligence Committee, today outlined reforms to Section 702 surveillance authority. The law, which allows the NSA "PRISM" and "Upstream" surveillance programs, is set to expire at the end of this year. Senator Feinstein would end permanently the NSA's "about" searches, expand the amicus role at the intelligence court, and require the continued sunsetting of FISA authorities created in the The FISA Amendments Act of 2008. In 2012, EPIC testified before Congress on the need to establish better oversight for Section 702 prior to renewal. (Jun. 9, 2017)
- Government Argues for PRISM Reauthorization in New Report: The Office of the Director of National Intelligence has released a report on the controversial Section 702 "PRISM" program, which is set to expire on December 31, 2017. The report argues for renewal, but significant questions remain about the PRISM program. Despite repeated requests from Congress, the ODNI has refused to reveal the number of U.S. persons who are swept up in PRISM surveillance every year. EPIC sent a letter to the House Judiciary Committee urging public reporting of the Government's surveillance activities. EPIC also warned that the Section 702 legal controversy could block international data transfers. (Apr. 20, 2017)
- EPIC v. DOJ: No Analysis of PRISM Legality: In a recently concluded Freedom of Information Act lawsuit, EPIC tried to obtain legal analysis concerning the controversial PRISM surveillance program. The Justice Department responded that "no responsive records" exist. An earlier FOIA case brought by EPIC revealed that the Office of Legal Counsel provided advice on the warrantless wiretapping program of President Bush. But apparently no similar memos exist on the legality of the mass collection of Internet traffic by the NSA. For more information, see EPIC v. DOJ (PRISM). (Apr. 11, 2014)
- EPIC Files Lawsuit to Determine Legal Authority For PRISM Program: EPIC has filed a Freedom of Information Act lawsuit against the Department of Justice's Office of Legal Counsel for the secret legal analyses that justifies the use of the NSA PRISM program. PRISM is a program that allows the FBI and NSA to collect information - including the contents of internet users' communications - directly from internet service providers, and without a warrant. Through this lawsuit, EPIC seeks to clarify which, if any, legal authority would permit such extensive domestic surveillance of personal activities. The secrecy of these opinions is of increasing concern to Open Government advocates. EPIC, joined by a coalition of FOIA organizations, recently filed an amicus brief in support of a New York Times lawsuit for opinions of the Office of Legal Counsel. For more information, see EPIC v. DOJ - PRISM. (Nov. 25, 2013)
On November 25, 2013, EPIC filed a Freedom of Information Act lawsuit against the Department of Justice, challenging the agency's failure to release legal documents related to PRISM.
On June 6, 2013, the Washington Post reported that the NSA and FBI were "tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, emails, documents and connection logs that enable analysts to track a person's movements and contacts over time." The Director of National Intelligence subsequently revealed that this collection program, known as PRISM, has been in operation since 2008. Under the PRISM program, the National Security Agency ("NSA") obtains electronic communications in real-time from Internet service providers, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. The Foreign Intelligence Surveillance Court ("FISC") found in 2011 that the PRISM program accounts for 91% of the roughly 250 million Internet communications acquired each year under Section 702 of the FAA. The CIA can search PRISM data for communications between U.S. persons. The Guardian newspaper reported that PRISM "facilitates extensive, in-depth surveillance on both live communications and stored information. ... It also opens the possibility of communications made entirely within the U.S. being collected without warrants."
The Foreign Intelligence Surveillance Act
The Foreign Intelligence Surveillance Act ("FISA"), 50 U.S.C.§ 1801 et seq., authorizes electronic surveillance of foreign intelligence information" between "foreign powers" and "agents of foreign powers." The purpose of the FISA is to allow the U.S. Intelligence Community to participate in foreign - not domestic - intelligence gathering. When the FISA was passed, the Senate noted, "This legislation is in large measure a response to the revelations that warrantless electronic surveillance in the name of national security has been seriously abused." S. Rep. No. 95-604(I) at 7 (1977), reprinted in 1978 U.S.C.A.A.N. 3904, 3908. The purpose of the FISC is to ensure that FISA investigations remain focused on foreign agents, not U.S. persons. As the Supreme Court recently described, Congress enacted the FISA to "authorize and regulate certain governmental electronic surveillance of communications for foreign intelligence purposes." Clapper v. Amnesty International USA, 133 S.Ct. 1138, 1143 (2013).
OLC Memorandums and Opinions
The Office of Legal Counsel ("OLC") definitively interprets the law for the Executive Branch. Its legal opinions are binding on all federal agencies under Executive Order 2877. OLC "drafts legal opinions of the Attorney General and also provides its own written opinions and oral advice" in response to Executive Branch requests. It would have been OLC's responsibility to draft legal memorandums and opinions interpreting the legality of the PRISM program under the Fourth Amendment, FISA, and other statutes. To the extent that the FBI and NSA may access the electronic communications of U.S. persons using U.S. internet service providers, it would be the responsibility of the OLC to interpret the legality of those actions.
EPIC's Freedom of Information Act Request and Subsequent Lawsuit
On June 6, 2013, the day the Washington Post reported on the existence of PRISM, EPIC submitted a FOIA request to OLC's FOIA Office, seeking records regarding the legal authority for PRISM. EPIC's request specifically asked for:
"All final legal analyses, memoranda, and opinions regarding the PRISM program, including, but not limited to, records addressing the Foreign Intelligence Surveillance Act, 50 U.S.C. §§ 1801 et seq., and the Fourth Amendment to the U.S. Constitution."
On June 17, 2013, EPIC received a letter from OLC in the mail, acknowledging receipt of EPIC's FOIA Request. The agency notified EPIC that expedited processing had been granted.
On August, 1, 2013, EPIC filed an administrative appeal with the OLC for a failure to make a timely response. At the time of the administrative appeal, 40 business days had elapsed since EPIC's FOIA Request was submitted, and 33 business days had passed since EPIC received OLC's letter.
On September 26, 2013, the Office of Information Policy ("OIP") emailed EPIC, confirming receipt of the administrative appeal. OIP is the office that processes administrative appeals for several agencies and components, including the OLC. In the email, the agency wrote, "As no adverse determination has yet been made by OLC, there is no action for this Office to consider on appeal." OIP further stated, "I can assure you that this Office has contacted OLC and has been advised that your request is currently being processed." To date, the agency has not produced a single document.
On February 24, 2014, the U.S. Department of Justice's Office of Legal Counsel emailed a response letter to EPIC. The response stated, "A search of OLC's files has located no records responsive to your request."
EPIC v. DOJ, 1:13-cv-01848 (D.D.C. filed Nov. 25, 2013)
- EPIC Complaint (Nov. 25, 2013)
- Joint Status Report (Jan. 22, 2014)
- Notice Of Voluntary Dismissal (Apr. 10, 2014)
- Cover Letter and Response to EPIC's FOIA Request (Feb. 24, 2014)
- OIP Letter to EPIC (Sep. 26, 2013)
- EPIC FOIA Administrative Appeal (Aug. 1, 2013)
- OLC Letter to EPIC (Jun. 14, 2013)
- EPIC FOIA Request (Jun. 6, 2013)
- OLC Response Letter, (Feb. 24, 2014)
- NSA PRISM Program Slides, via The Guardian (November 1, 2013)
- EPIC: Clapper v. Amnesty Int'l USA
- EPIC: In re: EPIC - NSA Telephone Records Surveillance
- Klayman v. Obama, Civ. No. 1:13-cv-00851 (RJL), via The New York Times (December 16, 2013)
- Barton Gellman, Mission accomplished, says Edward Snowden, Sydney Morning Herald (December 24, 2013)
- Barton Gellman, Edward Snowden, after months of NSA revelations, says his mission’s accomplished, Washington Post (December 23, 2013)
- Dan Seitz, The NSA’s PRISM Program Has Been Deemed Unconstitutional. But Will Anything Change? , UpRoxx (December 17, 2013)
- Bill Mears and Evan Perez, Judge: NSA domestic phone data-mining unconstitutional , CNN (December 16, 2013)
- Brian Jackson, Major tech brands form coalition in response to PRISM leaks , IT Business (December 9, 2013)
- Fiona O’Cleirigh, UK citizen sues Microsoft over Prism private data leak to NSA, Computer Weekly (December 5, 2013)
- Elad Yoran, NSA Surveillance: First Prism, Now Muscled Out Of Cloud, Information Week (November 26, 2013)
- Kwame Opam, Senators pen New York Times op-ed calling for an immediate end to NSA surveillance , The Verge (November 26, 2013)
- Ron Wyden, Mark Udall, and Martin Heinrich, Op Ed: End the N.S.A. Dragnet, Now, The New York Times (November 25, 2013)
- Nicole Perlroth and John Markoff, N.S.A. May Have Hit Internet Companies at a Weak Spot, The New York Times (November 25, 2013)
- Martha Mendoza, NSA’s Google and Yahoo data taps may be legal thanks to decades-old presidential order, The Washington Post (November 20, 2013)
- Associated Press, Yahoo expands security measures, promises to encrypt all personal data by end of March, (November 18, 2013)
- Timothy B. Lee, Here’s how people are changing their Internet habits to avoid NSA snooping, The Washington Post (November 7, 2013)
- Paul Owen, Spy agency chiefs defend surveillance - as it happened, The Guardian (November 7, 2013)
- Barton Gellman, Ashkan Soltani, and Andrea Peterson, How we know the NSA had access to internal Google and Yahoo cloud data, The Washington Post (November 4, 2013)
- Andrea Peterson, PRISM already gave the NSA access to tech giants. Here’s why it wanted more, The Washington Post (October 30, 2013)
- Brian Fung, Former NSA chief: NSA and U.S. Cyber Command are now ‘indistinguishable’, The Washington Post (October 23, 2013)
- Ashkan Soltani, Why Apple’s claim that it can’t intercept iMessages is largely semantics, The Washington Post (October 19, 2013)
- NSA slides explain the PRISM data-collection program, The Washington Post (July 10, 2013)
- Glenn Greenwald and James Ball, The top secret rules that allow NSA to use US data without a warrant, The Guardian (June 20, 2013)
- Dominic Rushe, Technology giants struggle to maintain credibility over NSA Prism surveillance, The Guardian (June 9, 2013)
- James Ball, NSA's Prism surveillance program: how it works and what it can do, The Guardian (June 8, 2013)
- Shira Ovide, U.S. Official Releases Details of Prism Program, The Wall Street Journal (June 8, 2013)
- Margot Kaminski, PRISM's Legal Basis: How We Got Here, and What We Can Do to Get Back, The Atlantic (June 7, 2013)
- Dominic Rushe and James Ball, PRISM scandal: tech giants flatly deny allowing NSA direct access to servers, The Guardian (June 7, 2013)
- Glenn Greenwald and Ewan MacAskill, NSA Prism program taps in to user data of Apple, Google and others, The Guardian (June 6, 2013)
- Barton Gellman and Laura Poitras, U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program, Washington Post (June 6, 2013)
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.