Recent reports have detailed how the National Security Agency (NSA) has been vacuuming up millions of Americans’ phone data, online communications and files, and credit card transaction details. How did we get here?
September 11: Nearly 3,000 people are killed when terrorists fly planes into the World Trade Center and the Pentagon, and crash another in Pennsylvania. Soon afterward, the NSA begins a “special collection program” to track the communications of Al Qaeda leaders and suspected terrorists.
October 4: President George W. Bush secretly authorizes the NSA to track suspected terrorists by monitoring domestic communications without a warrant. The 1978 Foreign Intelligence Surveillance Act prohibits the government from eavesdropping inside the United States without first getting a warrant from the Foreign Intelligence Surveillance Court, also known as the FISA court.
October 26: Bush signs the Patriot Act. The law expands the government’s electronic surveillance powers. “The existing law was written in the era of rotary telephones. This new law that I sign today will allow surveillance of all communications used by terrorists, including emails, the internet, and cellphones,” Bush declares.
February 13: The New York Times reports that the Information Awareness Office, a new Pentagon agency headed by retired vice admiral and Iran-Contra figure John Poindexter, “is developing technologies to give federal officials instant access to vast new surveillance and information-analysis systems.”
November 9: Poindexter’s Total Information Awareness (TIA) project, “a vast electronic dragnet” that could sweep up electronic and voice communications as well as financial data, is revealed in the Times.
September 25: Congress shuts down the Information Awareness Office over fears that TIA could violate Americans’ privacy.
March 10: Deputy Attorney General James Comey prevents White House counsel Alberto R. Gonzales and chief of staff Andrew Card from trying to persuade Attorney General John Ashcroft, who was hospitalized, to reauthorize the NSA warrantless wiretapping program. The progam is modified in 2004 due to objections from the Justice Department and a FISA judge.
March 6: The Patriot Act is renewed and signed by Bush.
May 11: USA Today reports that the NSA has been tracking tens of millions of Americans’ phone calls using data provided by AT&T, Verizon, and BellSouth.
May 25: Former AT&T technician Mark Klein says that in 2002 the company let the NSA install a device in one of its San Francisco facilities that allowed the government to monitor internet and phone traffic.
June 21: Salon reports that other former AT&T workers say the company’s internet traffic routed through St. Louis may be tapped by a government agency, likely the NSA.
August 1: Presidential candidate Sen. Barack Obama (D-Ill.) says the Bush administration “puts forward a false choice between the liberties we cherish and the security we demand. I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom.”
September 11: The NSA’s PRISM program begins getting data from Microsoft, according to official documents recently published by the Guardian. The program’s existence is not revealed until June 2013.
March 12: The NSA’s PRISM program begins getting data from Yahoo, according to official documents.
July 10: Bush signs the FISA Amendments Act, which gives the federal government the power to compel telecoms to provide access to emails, phone calls, and text messages if one party is “reasonably believed” to be overseas. The law also gives legal immunity to the phone companies that had participated in the NSA’s warrantless wiretapping program. Sen. Obama opposes extending immunity to the phone companies, but votes for what he calls “an improved but imperfect bill.”
August: In a secret decision, the Foreign Intelligence Surveillance Court of Review rules that telecoms must cooperate with federal requests to monitor the international communications of Americans suspected of being terrorists.
January 4: The NSA’s PRISM program begins getting data from Google, according to official documents.
April 15: Intelligence officials tell the New York Times about the “overcollection” of domestic communication by the NSA despite the new limits set in 2008.
June 3: A federal judge affirms the constitutionality of retroactive immunity for the companies that participated in the NSA’s warrantless eavesdropping program. (An appeals court upholds the ruling in December 2011.) On the same day, the NSA’s PRISM program begins getting data from Facebook, according to official documents.
December 7: The NSA’s PRISM program begins getting data from PalTalk, according to official documents.
March 10: A federal judge rules that the NSA warrantless wiretapping program started during the Bush administration is illegal.
April 15: Federal authorities charge Thomas Drake, an NSA employee passed information about the agency’s activities to reporters, under the Espionage Act. He accepts a plea deal on a lesser charge in 2011.
September 24: The NSA’s PRISM program begins getting data from YouTube, according to official documents.
January: NSA begins construction of a massive, 1 million square foot, $2 billion data center in Utah. “Just as we defend our lands, America also needs to also defend our cyberspace,” Sen. Orrin Hatch (R-Utah) says at the groundbreaking ceremony. It is scheduled to be completed in September 2013.
February 6: The NSA’s PRISM program begins getting data from Skype, according to official documents.
March 31: The NSA’s PRISM program begins getting data from AOL, according to official documents.
May 7: The Patriot Act is renewed and signed by President Barack Obama.
May 26: Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) say that the Department of Justice has been misapplying the Patriot Act to allow expanded domestic surveillance. “When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry,” says Wyden.
June 15: The inspector general of the Office of the Director of National Intelligence says it “would itself violate the privacy of US persons” to reveal how many people the NSA had tracked inside the country.
July 20: In a letter to Wyden, the Office of the Director of National Intelligence concedes that some of the surveillance conducted under the 2008 FISA amendment has “sometimes circumvented the spirit of the law” and that one occasion a FISA judge found such “collection” to violate the Fourth Amendment.
October: The NSA’s PRISM program begins getting data from Apple, according to official documents.
December 30: Obama signs a five-year extension of Foreign Intelligence Surveillance Act. Amendments to provide more oversight of untargeted mass wiretapping are defeated in the Senate. Sen. Dianne Feinstein (D-Calif.) says the surveillance of foreigners’ communications in the United States “produced and continues to produce significant information that is vital to defend the nation against international terrorism and other threats.”
March 12: During an intelligence committee hearing, Sen. Wyden asks Director of National Intelligence James Clapper, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper’s reply: “No sir.”
June 5: The Guardian reports that the NSA has been collecting millions of Verizon customers’ call data. The FISA court approved the surveillance in April.
June 6: The Washington Post and the Guardian reveal the existence of PRISM, a top-secret NSA program that has access to emails, documents, audio, video, photographs, and connection logs from nine internet firms. The program, started in 2007, mines user data from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. The Wall Street Journal reports that the NSA also has been accessing AT&T and Sprint Nextel customer data as well as credit card transaction data.
June 7: “Nobody is listening to your telephone calls. That’s not what this program’s about,” Obama says at a speech in Silicon Valley. “But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism.” He adds, “”You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience.”
This post has been updated.