Keep your tin hat handy -- here's what we know and don't know about the National Security Agency's massive spying program I don’t know how you spent your weekend, but I spent mine glued to my Twitter feed, scanning Google News, and generally obsessing over the continuing mind-blowing revelations over spying by the National Security Agency. The reports that came in last week were chaotic and contradictory. Some were overstated, others clearly wrong. Separating truth from fiction in any complex story is difficult, but when the story is about the world’s largest and most secretive organization, it becomes nearly impossible. Still, here’s a summary of what we think we know. PRISM is not the name of an NSA secret data gathering operation, but rather the name of the software used by the spooks to mine and analyze data (most likely built by Palantir Technologies, though the company has so far denied it). The spooks apparently did not build automatic backdoors into Apple, Google, Facebook, Yahoo, and the rest, and do not automatically capture all data posted to these networks. But it is likely the NSA has built some kind of black-box system or even just an API that allows access to data from these Internet giants on select individuals. The NSA and the White House claim that the spying is only targeted at foreign nationals, not U.S. citizens. But they also acknowledge that some Americans get caught up in the net. What happens to these citizens and their data, though, remains a mystery — classified, top secret, and not for our eyes at all. The man behind the curtain But the biggest bombshell is that yesterday the leaker revealed himself to the world. He’s a 29-year-old IT infrastructure analyst named Edward Snowden, working for government contractor Booz Allen Hamilton, who couldn’t live with his conscience any more about what he felt was a clear and present danger to our freedoms posed by the immense power of the NSA. Snowden is no Bradley Manning. He didn’t leak these documents to hurt the United States. He professes to love his country. He says he deliberately withheld information that could expose NSA personnel or hurt individuals (which means he’s no Lewis Libby or Dick Cheney, either). Before deciding to leak the documents to the press, he left his home and his $200K job in Hawaii and holed up in a hotel room in Hong Kong. The Guardian has a 12-minute video interview with Snowden in his hotel room that’s worth watching. He seems like a forthright, sincere, smart, and somewhat guileless individual — an innocent, if you will, who may well end up slaughtered, if not penned up for the rest of his life. At around the 2:45 mark he gets into the heart of why he did what he did: The NSA specifically targets the communications of everyone, it ingests them by default. It collects them in its system and it filters them and it analyzes them and it stores them for periods of time, simply because that’s the easiest, most efficient, and most valuable way to achieve these ends. While they may be intending to target someone associated with a foreign government or someone they suspect of terrorism, they’re collecting your communications to do so… Any analyst at any time can target anyone. Any selector, anywhere. Where those communications will be picked up depends on the range of the sensor networks and the authorities the analyst is empowered with… I, sitting at my desk, certainly had the authority to wiretap anyone, from you or your accountant to a federal judge to even the president if I had a personal email. I think there’s only one appropriate response: Holy ****! Maybe Snowden has it wrong. Maybe he’s dramatically overstating the capabilities of the NSA. But he released these documents and unmasked himself so that Americans could finally have a free and open debate about what the NSA is doing in our name and where that road could lead. He certainly got everyone’s attention. Who’s watching the watchers Blanket surveillance is not by itself evil. It does, however, open the door to evil, invite it to sit on the couch, and make itself comfortable. It all depends on what limits are placed on the spooks and who’s watching the watchers. The answer to that last question comes in three parts: the Foreign Intelligence Surveillance Court, Congress, and the NSA itself. Let’s look at how they’ve fared. In 2011 the FISA court — otherwise known as the largest rubber stamp ever invented by man — decided the NSA’s spy practices were violating the Constitution. However, we may never know in what manner the NSA was violating our rights because the court issued its ruling in secret. The Electronic Frontier Foundation sued to get a copy of the 86-page ruling, which “determined that the government had violated the spirit of federal surveillance laws and engaged in unconstitutional spying” per Mother Jones’ David Corn. We’re still waiting for a decision on that one. In 2007, the EFF tried to make another FISA court ruling public but lost. Since that year, two members of the U.S. Senate Intelligence Committee, Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) have issued cryptic warnings that Americans would be “extremely surprised” to find out how much the NSA was spying on us. But that’s all they were allowed to say, due to secrecy rules regulating Committee members. After last week’s leaks, Wyden acknowledged that these programs were what he and Udall were referring to. The senators also asked the NSA for the approximate number of Americans that were unintentionally caught up in the agency’s net, only to be turned down because releasing such a number would violate the privacy of U.S. citizens, according to the NSA. Then of course there is the NSA itself, whose director James Clapper tells us there’s nothing to worry about, nothing to see here, please move along. The Week’s Marc Ambinder, author of a recent book all about our national security state, has a really good (if also extremely wonky) description of how PRISM probably works. He notes: Everything the NSA analyst leaves an audit trail. And the NSA has a staff of auditors who do nothing but sample the target folders for over-collects. There are many unknowns, of course, and many places where the system could break down. We do not know the minimization rules. They are highly classified. We do not know how long minimized data sits in storage. We don’t know how many NSA analysts are trained to handle U.S. persons’ data, or HOW they are trained. We don’t know the thresholds to determine what the NSA finds to be relevant enough. We don’t know how long the NSA can collect on a target without getting a FISA order, though we do know that they can start collecting without one if the circumstances demand it. Is the NSA violating our Constitutional rights? The short answer: We don’t know. And perhaps never will. But thanks to Ed Snowden we’re at least asking the question. The old joke is that NSA really stands for No Such Agency, but increasingly it stands for No Serious Accountability. That’s the problem — because an intelligence service run amok quickly translates into No Safety for Anyone. Technology Industry