The Foreign Intelligence Surveillance Act (FISA) has greatly impacted the way our social media, email and other personal online information is stored and monitored. And because Big Brother is watching your online activity, it's time for you to get educated about what it means for you and your business.

What the F.I.S.A. is Going On?

While President Obama is currently taking the heat, the Foreign Intelligence Surveillance Act was actually signed into law by President Jimmy Carter in 1978. But FISA has gained renewed attention over the last 10 years. It was amended in 2001 to include terrorism on behalf of groups that are not specifically backed by a foreign government, and has been amended repeatedly since the September 11 attacks. The most recent amendment to FISA includes provisions for storing and retrieving electronic data from internet service providers and other online data sources.

Although reports differ about how the latest surveillance works, the concept is that the federal government has access to email, social media postings, and other online activity. The internet service providers who have been interviewed about the new FISA guidelines say that the government has access, but that it is not a continuous feed of information. But if there is reason to warrant investigation into suspicious online activity, under FISA, the government is allowed to access portals of information located on servers.

Fulfilling FISA Data Requests

In some cases, companies like Facebook have even changed their data storage systems in an effort to make them more accessible for FISA data requests. However, companies like Google insist the federal government does not have continuous access to data streams — and that it needs to make specific requests in order to receive electronic information. Google's CEO Larry Page explains, “The U.S. government does not have direct access or a ‘back door' to the information stored in our data centers.”

Companies like Twitter aren't bending over backwards to make it easier for the feds to retrieve information, and why should they? Nothing in the law says they need to improve the method of access — and lawyers are a big part of FISA compliance. Even if an electronic data server is designed for government access, a lawyer representing a company such as Yahoo, would still need to review and approve individual request for information. The code defines “foreign intelligence information” as information necessary to protect the U.S. against actual or potential grave attack, sabotage or international terrorism.

How Much Surveillance is Occurring?

FISA requests from the government can be broad or very specific. Sometimes, the online activity of a certain individual or group is targeted, while others are screened for specific search engine terms or websites. In order to invoke FISA, the federal government needs to show probable cause that the target of surveillance is a foreign power or agent of a foreign power.

Apple reported between December 2012 and May 2013, it received between 4,000 and 5,000 requests for data from the federal government, concerning between 9,000 to 10,000 accounts. The company says it never hands over transcripts of electronic conversations that take place over iMessage and FaceTime because they are protected by encryption that even Apple cannot break. “Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form,” said a company representative.

In the last half of 2012, Facebook reported between 9,000 and 10,000 requests from the federal government for information about its users, covering 18,000 to 19,000 user accounts.

Personal Online Security

Individuals and businesses can potentially be affected by FISA, so just how can you protect all of your personal online information from being stored and used? You can't control what others do with the information, but you can control what you place on social media, chat rooms and anywhere else online.

If you are in doubt, leave it to an offline or in-person discussion. If you do regularly use social media and don't want to sacrifice your right to free expression, be judicious about what you discuss online — if you wouldn't want to see it on the front page of the paper, it should not be going in an email, in a Tweet or on a Facebook post.

One Comment

  1. Shane, thanks for a highly readable article. I do, however, beg to differ when you advise people to keep things out of email that they want to see on the front page of the paper.

    There’s a universe of private information out there which concerns legal activities, yet we wouldn’t want publicized. And email should be regarded with the same respect for privacy accorded to snail mail correspondence. Also, ‘be judicious about what you discuss online’ is open to wide interpretation, and the definition of ‘judicious’ varies from one country to the next. In Thailand, you can’t even imply that the king is anything less than a paragon of probity, regardless of your opinion, knowledge or personal experience: their law books include the crime of lèse-majesté.

    In Saudi Arabia, it is injudicious for a woman to tweet that she should have the right to drive.

    I completely understand that people who blog in representation of a business, be it their own or someone else’s business, had better practice the art of circumspection but, that doesn’t mean that in their private communications they shouldn’t be protected from snooping and unlawful seizure of the content of their communications. The Internet has blown up the old walls of privacy, which is why we need newer, updated, more efficient laws. Privacy is a human right – the speed and convenience of electronic platforms and data transmission doesn’t change that.

    Moxie Marlinspike put this whole thing much better than I could in his article, “We Should All Have Something to Hide.”

Leave a Reply

Your email address will not be published.