WASHINGTON -- Growing evidence of far-reaching federal surveillance of the phone records and Internet activity of millions of Americans reignited the debate Thursday about how aggressively the federal government uses its surveillance powers to protect against terrorist attacks.
In the latest revelation, The Washington Post found that the National Security Agency and the FBI have been tapping into the servers of nine leading U.S. Internet companies, extracting a huge cache of audio, video, photograph and e-mail information and other records, according to a document intended for senior NSA officials. That news brought outrage from civil liberties advocates, especially coming on the heels of a disclosure Wednesday that the NSA has been secretly collecting Americans' phone records since 2006.
"I'm completely astonished. It's hard to think of what remains of privacy in this country," said Leslie Harris, president of the Center for Democracy & Technology.
Jameel Jaffer, deputy legal director for the American Civil Liberties Union, said the Internet data program, code-named PRISM, "is very disturbing. . . . These companies have an obligation to their subscribers and their customers to protect sensitive information."
Several of the companies named have denied any knowledge of the program and said the government did not have access to their servers.
The outrage among civil liberties advocates followed a day-long furor over a report Wednesday night on the website of the Guardian newspaper that a Verizon subsidiary, Verizon Business Network Services, was providing the NSA with "all call detail records" for domestic and international calls by its customers under an order from the federal court that oversees the Foreign Intelligence Surveillance Act.
The Washington Post reported late Wednesday night that the order appeared to be part of a surveillance program that began in 2006. Under that program, court orders are routinely renewed every 90 days so the surveillance is not interrupted, an expert told The Post and lawmakers confirmed.
The disclosure that a major U.S. phone company has been turning over the records of millions of Americans under a top-secret court order sparked sharply different views on the balance between privacy and national security.
"The question is: What do we need to do to be safe in America?" said Sen. Richard Durbin, D-Ill., a member of the Judiciary Committee. "How far do we need to go? Do we have to sacrifice our own privacy and rights to do it? That is an important question that should be asked and answered constantly in a democracy."
On Thursday, several lawmakers confirmed that the Verizon order was only a glimpse of a broader program of records-collection and analysis that dates back seven years. It was not clear whether other telecommunications companies have received similar orders and are turning over the same information about their customers.
The program is lawful, said Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee. She added that members of the judiciary and intelligence panels in the House and the Senate had been been briefed on the program.
Feinstein and other key members of Congress joined the Obama administration in defending the secret program, saying that the surveillance had helped avert terrorist attacks and operated under the required supervision of the FISA court.
Administration officials were quick to point out that the collection process required Verizon to provide only the time and number logs showing when calls were made, not the content of the communications or names of subscribers.
White House spokesman Josh Earnest described the court order as a critical tool that allows the intelligence community to know when terrorists or suspected terrorists are engaging in dangerous activities. He said that's particularly true for people in the United States.
The "metadata" being swept up by the NSA could give the FBI and other agencies extensive information about the activities of ordinary Americans as well as terrorism suspects.
At the most basic level, counterterrorism officials could trace a suspect's communication, assembling networks of contacts who could then be subjected to additional scrutiny. Analysts also could use data to track an individual's movements and assemble patterns of activity on purchases and other behavior. Depending on how long the information is kept, it could be searched again every time a suspicious number is uncovered or associated with a plot.
Feinstein said that NSA analysts may not search the records without "reasonable, articulable suspicion" that the data are related to a specific terrorism case.
House Intelligence Committee Chairman Mike Rogers, R-Mich., said the NSA phone records collection helped thwart a significant case of terrorism in the United States "within the last few years."
In a Capitol Hill news conference, Rogers declined to elaborate on the nature of the attack, pending efforts to declassify information about the plot.
"Within the last few years, this program was used to stop a terrorist attack in the United States. We know that. It's important. It fills in a little seam that we have," Rogers said. "And it's used to make sure that there is not an international nexis to any terrorism event if there may be one ongoing. So in that regard, it is a very valuable thing."
Despite such assurances, civil liberties advocates, some industry lawyers and lawmakers were angered by the sweep of the surveillance.
"I am barred by Senate rules from commenting on some of the details at this time," said Sen. Ron Wyden, D-Ore., who is among a handful of lawmakers who have raised concerns that the government was conducting surveillance that, if exposed, would "stun" most Americans.
"I believe that when law-abiding Americans call their friends, who they call, when they call, and where they call from is private information," Wyden said in a statement. "Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans' privacy."
Even backers of the law were concerned. "As the author of the Patriot Act, I am extremely disturbed by what appears to be an overbroad interpretation of the Act," Rep. F. James Sensenbrenner Jr., R-Wis., said in a statement. "These reports are deeply concerning and raise questions about whether our constitutional rights are secure."
Authorized under Section 215 of the USA Patriot Act, also known as the business records provision, the surveillance program enables the government to seek court orders requiring companies to provide "the content of any communications or the name of any subscriber," a senior administration official said in a statement. The information, the official said, "relates exclusively to metadata, such as a telephone number or the length of a call."
The law also has been used to obtain broader information. In March 2011, a senior Justice Department official, Todd Hinnen, testified before Congress that Section 215 "has been used to obtain driver's license records, hotel records, car rental records, apartment leasing records, credit card records and the like."
The court process began in the George W. Bush administration after the 2005 disclosure that the government had been conducting warrantless wiretaps of phone calls and e-mail by Americans. In the Obama administration, the number of requests for records has soared, although it is not known how many are of the scope Verizon received. The government made six requests in 2007 during the Bush administration; 21 in 2009, Obama's first year in office; and 212 last year, according to reports to Congress.
Companies are barred from disclosing receipt of the court orders and Verizon declined to comment Thursday.
But Randy Milch, the company's general counsel, said in an e-mail to employees that he had no comment on the accuracy of the Guardian article. He stressed that the "alleged order" contained language that "compels Verizon to respond" and "forbids Verizon from revealing (its) existence." In other words, his company was obeying the law.
Analysts noted that companies may challenge the orders. It is impossible to know how many such challenges arise because they generally remain secret.
The order compelling Verizon to provide the records was issued by the Foreign Intelligence Surveillance Court, which is based in Washington. Its proceedings are secret and its opinions are generally classified.
Wyden and other senators have argued that the secrecy surrounding the proceedings has permitted potential abuse to go unreported and they have demanded the release of redacted versions of court opinions on surveillance requests.
Wyden said that the Obama administration has an obligation to give a "substantive and timely response" to the American people and that he hopes the revelation will force a larger debate about the government's domestic surveillance authorities.
Marc Zwillinger, a Washington lawyer who represents Internet and wireless companies, said he cannot understand how Section 215 authorizes the government to obtain large amounts of call records on a daily basis. That law, he said, was intended to collect records that existed at the time of the order -- historical records. "This seems to be an abuse of the statute," he said.
Moreover, he said, the Verizon order "is not an order targeted at a single customer, or a group of customers, or even all customers in a geographic region. This order encompasses every single customer to whom Verizon Business Services provides telephone service. That scope is potentially staggering."
Lawmakers have made efforts over the years to limit the sweep of surveillance. In 2005, a group of Democratic senators, including Barack Obama, D-Ill., sponsored a measure to limit Section 215 to "specific and articulable facts giving reason to believe that the person to whom the records pertain is . . . an agent of a foreign power."
It was never adopted. And similar efforts since have failed.