[Updated, 2 A.M. June 7th]

“They quite literally can watch your ideas form as you type,” an unnamed intelligence officer told Barton Gellman and Laura Poitras of the Washington Post. “They” are the National Security Agency, and the Post report reveals that an N.S.A. program called Prism has, for the past six years, been “tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time.”

These were not occasional, extraordinary incursions: the Post, in addition to talking to the intelligence officer—who decided to speak out of a concern for civil liberties that seems to have been distinctly lacking at higher levels—obtained PowerPoint slides from an internal N.S.A. briefing and other documents. The Guardian also got the briefing materials. One of the slides explains that “NSA reporting increasingly relies on PRISM” for close to one in seven of its intelligence reports, and the program, which began in 2007, is said to be growing rapidly. The history of Prism, Gellman and Poitras write, “shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques.”

This is the second story in the past twenty-four hours with deeply troubling constitutional and privacy implications—the first was the news, reported in the Guardian, of a secret court order compelling a Verizon subsidiary to turn over call records to the N.S.A. (It is increasingly clear that such orders went to companies well beyond Verizon.) We have gone through the day with Administration spokesmen and friendly senators telling us that we shouldn’t worry so much about the Verizon case because of the supposedly abstract quality of metadata. That was always a hollow defense—metadata reveals a great deal that is properly private, as Jane Mayer explains—but it is especially meaningless now, in the face of what appears to be a sprawling effort to look over the shoulders of Internet users.

After the Post and Guardian published their stories, James Clapper, the Director of National Intelligence, said that the activities they described were “pursuant to section 702 of the Foreign Intelligence Surveillance Act” and “entirely legal,” and that the reports contained “inaccuracies” that he didn’t specify. (Meanwhile, other media outlets confirmed the basic account.) Clapper said that the intended targets were foreign, and that information about Americans was “incidentally acquired.” What is incidental to the government can, of course, be central to its citizens. (Foreigners whose e-mail is read might object, too.) Clapper also called the “unauthorized disclosure” of the program “reprehensible”; this may not be the best moment for the Administration to be making an argument for secrecy.

The N.S.A.-briefing slides mix corporate cheer and disturbing revelations. They look like sales-meeting charts. There are the logos of the nine companies involved: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple. That is the order in which they joined Prism. The Post describes Apple as a holdout (it acquiesced, coincidentally or not, after Steve Jobs’s death). Thursday night, the companies involved issued denials, or rather disclaimers, that turned on whether they had given the N.S.A. direct access to their servers or just complied with specific requests. Google, for example, said, “From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘backdoor’ for the government to access private user data.” An Apple spokesman, in a statement, said that it, too, relied on court orders: “We have never heard of Prism.” So why did Prism seem confident about Apple? Was the N.S.A. bragging internally, or were the companies left out? Or may the dispute, again, simply be about whether it was corporate servers or something else that provided the mechanism for all this? The Post pointed to a note in the documents about “equipment installed at company-controlled locations.” Each company still needs to give a better account of what it did and what it thought its options were.

The slides refer, too, to another metadata program, code-named Blarney, the summary for which was “set down alongside a cartoon insignia of a shamrock and a leprechaun hat.” Prism’s logo looks like a teen-ager’s drawing of the “Dark Side of the Moon” album cover. The tackiness is a depressing touch.

And why did President Obama sign on, not only to the program but also to the idea that it should grow? According to the Post, the N.S.A. briefing “described the new tool as the most prolific contributor to the President’s Daily Brief.” Did all of this appeal most to Obama’s fear, his curiosity, or a certain sense of his own cleverness? He seems to have acted as a steward not of the law but of some of its worst distortions under his predecessor. This Administration seems to have forgotten that Americans have a perfect right to keep secrets. If there is a legal basis for these programs, then something is wrong with the way the laws in question are written or read—in a way that may be up to the Supreme Court and, through political mechanisms, the public to address.

The legalistic tools include the findings of the FISA court, which works in secret. At times, the government seems to rely on redefinitions of ordinary words: the Post notes that, in classified orders, the court “defined massive data sets as ‘facilities,’” as if the private information amassed by a technology company was a single terrorist safe house that the N.S.A. could put under continuous surveillance. (As I wrote earlier, the government having its own, unpublicized definitions of laws is something that Senators Ron Wyden and Mark Udall have warned about.)

According to the Post report,

To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially.

Again, this is all supposedly meant to stop terrorism by foreigners. But when the N.S.A. looks through the private files of people who are one or two degrees of separation from the person who has caught its eye, it hasn’t just gone beyond that mission but has betrayed it. The Post article described analysts using “selectors” that are “designed to produce at least 51 percent confidence in a target’s ‘foreignness.’ ” If they turn out to have targeted “U.S. content”—beyond all the incidental information on Americans that’s swept up—they are supposed to submit it to yet another database, “but it’s nothing to worry about.” Actually, it is.

Photograph by Patrick Semansky/AP.

[#image: /photos/59095103ebe912338a37265d]

Read more of our coverage of government surveillance programs.