Parts of NSA's PRISM program declassified

Donna Leinwand Leger | USA TODAY

The National Security Agency's classified PRISM program is an internal government computer system used to manage foreign intelligence collected from Internet and other electronic service providers, Director of National Intelligence James Clapper said in a statement Saturday.

The disclosure Saturday marks the most extensive explanation the government has offered of what the program is, how it works and what it is authorized to collect.

Clapper said he declassified the details of the NSA's surveillance and intelligence collection programs "in hope that it will help dispel some of the myths and add necessary context to what has been published" about government surveillance of Americans' phone records and foreigners' Internet use.

The National Security Agency and the FBI are siphoning personal data from the main computer servers of nine major U.S. Internet firms, The Washington Post and the London-based Guardian reported Thursday night. Clapper said those reports lacked context about how the program is governed.

The Guardian this week revealed that the government demanded millions of phone records from Verizon. On Saturday, the newspaper reported on a classified NSA data-mining program called "Boundless Informant" that allegedly records and analyzes where electronic intelligence comes from. The classified document shows NSA collected nearly 3 billion pieces of intelligence from U.S. computer networks in one month, the paper reported.

"Over the last week, we have seen reckless disclosures of intelligence community measures used to keep Americans safe. In a rush to publish, media outlets have not given the full context — including the extent to which these programs are overseen by all three branches of government — to these effective tools," Clapper said.

"PRISM is not an undisclosed collection or data mining program," Clapper said in a fact sheet that accompanied his statement.

The system manages foreign intelligence information collected under Section 702 of the Foreign Intelligence Surveillance Act, he said. "The authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008," he said.

The program has yielded results, including providing insight into a terrorist organization's strategic planning efforts, intelligence about weapons of mass destruction proliferation networks and information about potential cyberthreats, the fact sheet said.

"This insight has led to successful efforts to mitigate these threats," the fact sheet said.

Clapper said Congress "after extensive public debate" reauthorized Section 702 in December. He and Attorney General Eric Holder provide "exhaustive" reports assessing compliance with targeting to Congress twice a year, Clapper said in the fact sheet. Congress also receives opinions from the Foreign Intelligence Surveillance Court, he said, and congressional intelligence and judiciary committees are regularly briefed.

The government "does not unilaterally obtain information from the servers of U.S. electronic communication service providers," Clapper added. "The notion that Section 702 activities are not subject to internal and external oversight is similarly incorrect. Collection of intelligence information under Section 702 is subject to an extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial branches."

The Foreign Intelligence Surveillance Court, which meets in secret, approves the information collection and the providers know about it, Clapper said. The decisions are based on "a written directive" from Holder and Clapper, the fact sheet said. Eleven federal judges, appointed by the chief justice of the Supreme Court, sit on the court.

"In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight," the fact sheet said. "Service providers supply information to the government when they are lawfully required to do so."

Executives from Facebook, Google and Apple disputed reports that the companies have provided direct access to their servers for the National Security Agency and the FBI.

To target someone for such intelligence collection, the government must have "an appropriate, and documented, foreign intelligence purpose," such as for the prevention of terrorism, hostile cyberactivities, or nuclear proliferation, and the foreign target must be "reasonably believed to be outside the United States," the fact sheet said. Section 702 prohibits "intentionally" targeting any U.S. citizen or anyone known to be in the United States, the sheet said. The agency also cannot target a person overseas if the purpose is to get information from a person inside the United States, the sheet said.

"We cannot target even foreign persons overseas without a valid foreign intelligence purpose," the fact sheet said.

If the intelligence community intercepts communications for a person in the U.S., it cannot use the information unless it is needed to understand or assess the importance of foreign intelligence, is evidence of a crime, or indicates a threat of death or serious injury, the fact sheet said.

Targeting decisions are reviewed by the Office of the Director of National Intelligence and the Department of Justice, the fact sheet said.