The full extent of the National Security Agency's access to fibre-optic cables remains classified. The Office of the Director of National Intelligence issued a statement saying that legally authorised data collection "has been one of our most important tools for the protection of the nation's - and our allies' - security. Our use of these authorities has been properly classified to maximize the potential for effective collection against foreign terrorists and other adversaries."
It added, "As always, the Intelligence and law enforcement communities will continue to work with all members of Congress to ensure the proper balance of privacy and protection for American citizens."
Documents obtained by The Washington Post and Britain's Guardian newspaper in recent weeks make clear how the revolution in information technology sparked a revolution in surveillance, allowing the US government and its allies to monitor potential threats with a reach impossible only a few years earlier.
Yet any access to fiber-optic cables allows for possible privacy intrusions into Americans' personal communications, civil libertarians say.
As people worldwide chat, browse and post images through online services, much of the information flows within the technological reach of US surveillance. Though laws, procedural rules and internal policies limit how that information can be collected and used, the data from billions of devices worldwide flow through internet choke points that the United States and its allies are capable of monitoring.
This broad-based surveillance of fibre-optic networks runs parallel to the NSA's PRISM program, which allows analysts access to data from nine major internet companies, including Google, Facebook, Microsoft, Yahoo, AOL and Apple, according to classified NSA PowerPoint slides. (The companies have said the collection is legal and limited.)
One NSA slide titled, "Two Types of Collection," shows both PRISM and a separate effort labeled "Upstream" and lists four code names: Fairview, Stormbrew, Blarney and Oakstar. A diagram superimposed on a crude map of undersea cable networks describes the Upstream program as collecting "communications on fiber cables and infrastructure as data flows past."
The slide has yellow arrows pointing to both Upstream and PRISM and says, "You Should Use Both." It also has a header saying "FAA 702 Operations," a reference to a section of the amended Foreign Intelligence Surveillance Act that governs surveillance efforts of foreign targets related to suspected terrorism and other foreign intelligence.
Under that provision, the government may serve a court order on a company compelling it to reach into its networks for data on multiple targets who are foreigners reasonably believed to be overseas. At an internet gateway, the government may specify a number of e-mail addresses of foreigners to be targeted without the court signing off on each one.
When the NSA is collecting the communications of a foreign, overseas target who is speaking or emailing with an American, that American's email or phone call is considered to be "incidentally" collected.
Sign up for Computerworld eNewsletters.