Big U.S. technology companies were outed this week as key sources of data for the National Security Agency (NSA), under a surveillance program referred to inside the spy agency as Prism.
U.S. Internet companies that want to resist government demands to hand over customer data for intelligence investigations have few legal options, due to the classified nature of such probes and a court review process shrouded in secrecy.
Google, Facebook and Microsoft are among the big U.S. technology companies that were outed this week as key sources of data for the National Security Agency (NSA), under a surveillance program referred to inside the spy agency as Prism.
While the companies have uniformly denied knowledge of Prism and said they had not given the NSA direct access to their servers, U.S. officials have confirmed the existence of the program, which President Barack Obama defended as "a modest encroachment" on privacy that was necessary to protect national security.
The program relies on section 702 of the 2008 amended version of the Foreign Intelligence Surveillance Act (FISA), which lets the government collect electronic communications for the purpose of acquiring intelligence on non-U.S. targets that pose a threat to national security.
For electronic service providers, the law says the Foreign Intelligence Surveillance Court in Washington can authorize a company to provide "all information, facilities, or assistance necessary." In return for compliance, the company is compensated for its work and receives immunity from potential lawsuits.
Section 702 is a "broad tool to get the information they are looking for," said Matt Zimmerman, a lawyer at the Electronic Frontier Foundation, a San Francisco civil liberties group critical of the law.
The Foreign Intelligence Surveillance Court overwhelmingly approves FISA requests from the NSA, according to Justice Department reports. In 2012, the court received 1,856 applications for electronic surveillance and physical searches. All were approved except for one, which the government withdrew before the court could rule.
All of the court's cases are kept secret, including rulings, and companies are not given details about the investigations they have been asked to provide information for, legal experts familiar with the process say. That encourages compliance as corporate lawyers do not want to hinder probes that may help prevent a terrorist attack, for example.
Any company that objects to a judge's order can appeal to the entire Foreign Intelligence Surveillance Court, but there is no public data on whether they have ever done so. The law allows for further appeals to the Foreign Intelligence Surveillance Court of Review and ultimately the U.S. Supreme Court.
Sign up for CIO Asia eNewsletters.