EPIC v. DOJ - PRISM

Top News

  • Top Human Rights Court Rules UK Mass Surveillance Program Violated Privacy Rights: This week, the grand chamber of the European Court of Human Rights issued a final judgement in Big Brother Watch v. UK confirming that the UK's intelligence agency violated the right to privacy by systematically intercepting online communications without first applying necessary safeguards. The agency's mass surveillance program was "not in accordance with [EU] law," which only allows governments to retain data in an effort to combat "serious crime" and requires a court or administrative body to sign off on data collection. The UK law at issue was not limited to serious crime, nor did it require independent authorization; these "fundamental deficiencies" impermissibly increased the "risk of the bulk interception power being abused." Nevertheless, the grand chamber found that the agency's decision to operate a bulk interception program did not itself violate human rights, and the agency's sharing of sensitive digital intelligence with foreign counterparts--including with the NSA--was legal. Several chamber judges believed this ruling did not go far enough to condemn the sharing of wrongfully collected communications with other countries, noting the chamber "missed an excellent opportunity to fully uphold the importance of private life ... when faced with interference in the form of mass surveillance." EPIC has a strong interest in protecting the human right to privacy and has continuously opposed suspicionless mass collection of personal communications by domestic and foreign governments. EPIC participated in this case as a third-party intervenor and filed a brief describing U.S. intelligence authorities that allow the NSA to access the private communications of non-U.S. persons in violation of their rights. EPIC was also chosen by the Irish High Court to make amicus submissions in a case involving the international transfer of data from European servers to the U.S. in violation of E.U. law. (May. 25, 2021)
  • Irish High Court Orders DPC to Move Forward in Facebook Investigation: The Irish High Court today issued an order in a follow-on case to Irish Data Protection Commissioner v. Facebook and Schrems ("Schrems II") and, as a result, the investigation into Facebook's U.S.-EU data transfers will move forward. The case arises from a complaint filed with the DPC in Ireland against Facebook by privacy activist Max Schrems in 2013 alleging that the company violated EU law when it transferred personal data to the U.S. (where the company is obliged to provide access to the government). The case has since been referred two separate times to the highest court in Europe (the CJEU), and has led to the invalidation of both the U.S.-EU Safe Harbor Agreement and the U.S.-EU Privacy Shield Agreement. The CJEU in the Schrems II decision last year remanded the case to the Irish DPC to determine whether Facebook violated the law and whether it was necessary to block Facebook's U.S.-EU data transfers. The DPC later issued a Preliminary Draft Decision to Facebook and laid out procedures for the inquiry. Both Facebook and Schrems challenged the DPC procedures. The DPC agreed in a settlement with Schrems that it would complete the investigation into his original complaint. The Irish High Court today rejected Facebook's challenge to the DPC inquiry, and both the Schrems complaint and this new DPC inquiry against Facebook will move forward. EPIC participated as an amicus curiae in Schrems II, arguing that U.S. Surveillance law does not provide adequate privacy protections or remedies for non-U.S. persons abroad. (May. 14, 2021)
  • Senator Feinstein Proposes Reforms to Broad Spying Authority: Senator Dianne Feinstein, the former chair of the Senate Intelligence Committee, today outlined reforms to Section 702 surveillance authority. The law, which allows the NSA "PRISM" and "Upstream" surveillance programs, is set to expire at the end of this year. Senator Feinstein would end permanently the NSA's "about" searches, expand the amicus role at the intelligence court, and require the continued sunsetting of FISA authorities created in the The FISA Amendments Act of 2008. In 2012, EPIC testified before Congress on the need to establish better oversight for Section 702 prior to renewal. (Jun. 9, 2017)
  • Government Argues for PRISM Reauthorization in New Report: The Office of the Director of National Intelligence has released a report on the controversial Section 702 "PRISM" program, which is set to expire on December 31, 2017. The report argues for renewal, but significant questions remain about the PRISM program. Despite repeated requests from Congress, the ODNI has refused to reveal the number of U.S. persons who are swept up in PRISM surveillance every year. EPIC sent a letter to the House Judiciary Committee urging public reporting of the Government's surveillance activities. EPIC also warned that the Section 702 legal controversy could block international data transfers. (Apr. 20, 2017)
  • EPIC v. DOJ: No Analysis of PRISM Legality: In a recently concluded Freedom of Information Act lawsuit, EPIC tried to obtain legal analysis concerning the controversial PRISM surveillance program. The Justice Department responded that "no responsive records" exist. An earlier FOIA case brought by EPIC revealed that the Office of Legal Counsel provided advice on the warrantless wiretapping program of President Bush. But apparently no similar memos exist on the legality of the mass collection of Internet traffic by the NSA. For more information, see EPIC v. DOJ (PRISM). (Apr. 11, 2014)
  • EPIC Files Lawsuit to Determine Legal Authority For PRISM Program: EPIC has filed a Freedom of Information Act lawsuit against the Department of Justice's Office of Legal Counsel for the secret legal analyses that justifies the use of the NSA PRISM program. PRISM is a program that allows the FBI and NSA to collect information - including the contents of internet users' communications - directly from internet service providers, and without a warrant. Through this lawsuit, EPIC seeks to clarify which, if any, legal authority would permit such extensive domestic surveillance of personal activities. The secrecy of these opinions is of increasing concern to Open Government advocates. EPIC, joined by a coalition of FOIA organizations, recently filed an amicus brief in support of a New York Times lawsuit for opinions of the Office of Legal Counsel. For more information, see EPIC v. DOJ - PRISM. (Nov. 25, 2013)

Background

On November 25, 2013, EPIC filed a Freedom of Information Act lawsuit against the Department of Justice, challenging the agency's failure to release legal documents related to PRISM.

PRISM

On June 6, 2013, the Washington Post reported that the NSA and FBI were "tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, emails, documents and connection logs that enable analysts to track a person's movements and contacts over time." The Director of National Intelligence subsequently revealed that this collection program, known as PRISM, has been in operation since 2008. Under the PRISM program, the National Security Agency ("NSA") obtains electronic communications in real-time from Internet service providers, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. The Foreign Intelligence Surveillance Court ("FISC") found in 2011 that the PRISM program accounts for 91% of the roughly 250 million Internet communications acquired each year under Section 702 of the FAA. The CIA can search PRISM data for communications between U.S. persons. The Guardian newspaper reported that PRISM "facilitates extensive, in-depth surveillance on both live communications and stored information. ... It also opens the possibility of communications made entirely within the U.S. being collected without warrants."

The Foreign Intelligence Surveillance Act

The Foreign Intelligence Surveillance Act ("FISA"), 50 U.S.C.§ 1801 et seq., authorizes electronic surveillance of foreign intelligence information" between "foreign powers" and "agents of foreign powers." The purpose of the FISA is to allow the U.S. Intelligence Community to participate in foreign - not domestic - intelligence gathering. When the FISA was passed, the Senate noted, "This legislation is in large measure a response to the revelations that warrantless electronic surveillance in the name of national security has been seriously abused." S. Rep. No. 95-604(I) at 7 (1977), reprinted in 1978 U.S.C.A.A.N. 3904, 3908. The purpose of the FISC is to ensure that FISA investigations remain focused on foreign agents, not U.S. persons. As the Supreme Court recently described, Congress enacted the FISA to "authorize and regulate certain governmental electronic surveillance of communications for foreign intelligence purposes." Clapper v. Amnesty International USA, 133 S.Ct. 1138, 1143 (2013).

OLC Memorandums and Opinions

The Office of Legal Counsel ("OLC") definitively interprets the law for the Executive Branch. Its legal opinions are binding on all federal agencies under Executive Order 2877. OLC "drafts legal opinions of the Attorney General and also provides its own written opinions and oral advice" in response to Executive Branch requests. It would have been OLC's responsibility to draft legal memorandums and opinions interpreting the legality of the PRISM program under the Fourth Amendment, FISA, and other statutes. To the extent that the FBI and NSA may access the electronic communications of U.S. persons using U.S. internet service providers, it would be the responsibility of the OLC to interpret the legality of those actions.

EPIC's Freedom of Information Act Request and Subsequent Lawsuit

On June 6, 2013, the day the Washington Post reported on the existence of PRISM, EPIC submitted a FOIA request to OLC's FOIA Office, seeking records regarding the legal authority for PRISM. EPIC's request specifically asked for:

    "All final legal analyses, memoranda, and opinions regarding the PRISM program, including, but not limited to, records addressing the Foreign Intelligence Surveillance Act, 50 U.S.C. §§ 1801 et seq., and the Fourth Amendment to the U.S. Constitution."
EPIC also requested "News Media" fee status, fee waiver, and expedited processing.

On June 17, 2013, EPIC received a letter from OLC in the mail, acknowledging receipt of EPIC's FOIA Request. The agency notified EPIC that expedited processing had been granted.

On August, 1, 2013, EPIC filed an administrative appeal with the OLC for a failure to make a timely response. At the time of the administrative appeal, 40 business days had elapsed since EPIC's FOIA Request was submitted, and 33 business days had passed since EPIC received OLC's letter.

On September 26, 2013, the Office of Information Policy ("OIP") emailed EPIC, confirming receipt of the administrative appeal. OIP is the office that processes administrative appeals for several agencies and components, including the OLC. In the email, the agency wrote, "As no adverse determination has yet been made by OLC, there is no action for this Office to consider on appeal." OIP further stated, "I can assure you that this Office has contacted OLC and has been advised that your request is currently being processed." To date, the agency has not produced a single document.

On February 24, 2014, the U.S. Department of Justice's Office of Legal Counsel emailed a response letter to EPIC. The response stated, "A search of OLC's files has located no records responsive to your request."

Legal Documents

EPIC v. DOJ, 1:13-cv-01848 (D.D.C. filed Nov. 25, 2013)

Freedom of Information Act Documents

Related Pages, Documents, and Links

News Items

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security