I can’t stand it.

A few days ago, I wrote in some detail about the National Security Agency’s data-mining program in hopes of calming the hysteria that has been whipped up in the last number of days by incorrect and misleading reports, as well as by plenty of ill-informed commentary based on those errors. At this point, I’ve decided that I need to tell a little bit more.

Some explanation up front: I spent seven years investigating the national-security systems and policies established in the aftermath of the 9/11 attacks for my book *500 Days.*I learned a fair amount about the data-mining programs of the N.S.A. and wrote about it. I summarized those findings in my last post. However, now it has become obvious to me that I need to go further than I did in my book, at least in hopes of calming things down. When discussing errors, I’m going to mention “reports” regarding news articles, but I’m not going to identify them—the last thing I want is for this to become a back-and-forth between reporters.

First, the much-ballyhooed PRISM program is not a program and not a secret, and anyone who says it is should not be trusted because they don’t know what they’re talking about. PRISM is the name for the government computer system that is used to handle the foreign-intelligence data collected under Section 702 of the Foreign Intelligence Surveillance Act.

Those rules are very specific. The targeting can only be of foreign nationals outside the United States. These are the restrictions:

[The N.S.A.] (1) may not intentionally target any person known at the time of acquisition to be located in the United States; (2) may not intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States; (3) may not intentionally target a United States person reasonably believed to be located outside the United States; (4) may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; and (5) shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.

There are many other restrictions and requirements on how data can be properly obtained and used in the PRISM system. But since this doesn’t require some secret, confidential source to understand, I invite you to click on the link I provided above and read through the law.

However, targeting is not done willy-nilly. The system is subject to review by the judiciary, the Congress, and the executive branch. Both the attorney general and the director of the N.S.A. must make a determination that they “reasonably believe” a person they wish to target is, in fact, a foreign national outside the country whose activities raise national-security concerns for the United States. That standard, of course, is lower than probable cause, which is a small part of why any information obtained can’t be used in a criminal case.

Courts established under the Foreign Intelligence Surveillance Act review these determinations and must approve the targeting. (Much has been made of the fact that these approvals appear to be given frequently, with some saying the F.I.S.A. courts are just rubber stamps. I disagree; given the requirements for prior review and assessment at the top of the executive branch, a high approval rate for subpoenas would be expected. I’d be more concerned if they were frequently rejected, because that would signal the executive branch was probably attempting to abuse the system.)