Yet More Reporting on NSA's Surveillance Programs

I can't keep up with all the new reporting on NSA surveillance programs tonight. Here are two more. First, Mark Hosenball of Reuters reports that although NSA collects metadata for every phone call made, it makes only modest use of them:

Millions of phone records were collected in 2012, but the paper says U.S. authorities only looked in detail at the records linked to fewer than 300 phone numbers.

A person familiar with details of the program said the figure of fewer than 300 numbers applied to the entire mass of raw telephone "metadata" collected last year by the NSA from U.S. carriers — not just to Verizon, which is the only telephone company identified in a document disclosed by Snowden as providing such data to the NSA.

Is this true? Is this figure only for searches that began with a U.S. phone number, or for all searches of any kind? I don't know, but I'm passing it along. Take it with a grain of salt for now.

Next up is an AP story that describes how the PRISM program works. Prior to 2007, it reports, tech companies responded to warrants manually. But after the passage of the Protect America Act, NSA decided it wanted to streamline things:

Though the companies didn't know it, the passage of the Protect America Act gave birth to a top-secret NSA program, officially called US-98XN.

It was known as Prism....What the NSA called Prism, the companies knew as a streamlined system that automated and simplified the "Hoovering" from years earlier, the former assistant general counsel said. The companies, he said, wanted to reduce their workload. The government wanted the data in a structured, consistent format that was easy to search.

....Under Prism, the delivery process varied by company. Google, for instance, says it makes secure file transfers. Others use contractors or have set up stand-alone systems. Some have set up user interfaces making it easier for the government, according to a security expert familiar with the process.

Every company involved denied the most sensational assertion in the Prism documents: that the NSA pulled data "directly from the servers" of Microsoft, Yahoo, Google, Facebook, AOL and more.

Technology experts and a former government official say that phrasing, taken from a PowerPoint slide describing the program, was likely meant to differentiate Prism's neatly organized, company-provided data from the unstructured information snatched out of the Internet's major pipelines.

How accurate is this? It sounds about right to me, but reporting on this is reaching a fever pitch, so our understanding might change in the near future. Apparently the government is also preparing an unclassified white paper about all this, so we'll have that to chew over before long. Stay tuned.