Yahoo fought an order to help the government spy on foreign users arguing it would violate the Fourth Amendment protections from unwarranted search and seizure by incidentally collecting the communications of American citizens, but a 2008 Foreign Intelligence Surveillance Act Court (FISC) ruling rejected their argument calling their concerns “overblown,” the New York Times reported Friday. Under the ruling, Yahoo was legally required to participate in the PRISM program.

The opinion previously came to light in 2009, but the name of the company was not revealed at the time due to a gag order. Sources have now confirmed the company’s identity to the New York Times. In the ruling, the court chided Yahoo for offering “no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case,” and said that the government’s “reasonable” efforts to minimize incidental data collection made the company’s points moot.

Then-Sen. Russ Feingold (D-WI), who served on the Senate Select Committee on Intelligence, noted at the time because Yahoo “did not have access to all relevant information” about the implementation of the Protect America Act (PAA) and its successor the FISA Amendments Act (FAA), the ruling relied on a good faith acceptance of the government’s claims and provided the company with no avenue for discovering other evidence. Feingold suggested the court would have taken a “fundamentally altered” view had the company been able to obtain the evidence the court demanded.

At least one FISC opinion within the last few years ruled some aspect of government surveillance unconstitutional under the Fourth Amendment, but the government has been fighting against releasing that opinion. The Electronic Frontier Foundation (EFF) is suing the Department of Justice (DOJ) for the release of that opinion. On Wednesday, the secret court said that it has no objection to that opinion being declassified and its rulings are not secret-by-default. This first known victory for a non-governmental party before the FISC will not declassify the opinion itself.

Overall, the new revelations about the Yahoo opinion are not all that surprising. The FISC approved the Verizon court order, which allowed for the broad collection of metadata on the phone calls of U.S. citizens. And, according to the Electronic Privacy Information Center (EPIC), the court approved 33,942 FISA applications between 1979 and 2012, while rejecting just 11.

Slide referencing BLARNEY as an upstream data collection option (Credit: The Guardian)

The details of the BLARNEY program revealed so far appear to closely match the testimony and documents of former AT&T employee and whistleblower Mark Klein. Klein worked at AT&T for twenty-two years, retiring in 2004. During that time, he has testified he witnessed the installation of a fiber-optic splitting device in the San Francisco office where he worked, with a copy of all data being diverted to a room controlled by the NSA. In that room was “powerful computer equipment connecting to separate networks” and with the capability to “analyze communications at high speed.” As part of his testimony, he also provided AT&T documents that included diagrams of the splitter technology used.

In a conversation with ThinkProgress, Cindy Cohn, Legal Director with the Electronic Frontier Foundation (EFF) which is litigating the Jewel v. NSA case, agreed BLARNEY “appears to be what we’ve been saying, and what Mark Klein’s evidence shows.”

According the Washington Post, BLARNEY gathers up metadata from choke points along the backbone of the Internet as part of “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.” A slide later revealed by The Guardian lists the program as an upstream option for data collection, which relies on sucking up information “on fiber cables and infrastructure as it flows past.” From those descriptions, it sounds somewhat analogous to an internet version of the broad telephone metadata collection authorized in the Verizon order revealed last week, which some electronic privacy advocates believes oversteps the authority of Foreign Intelligence Surveillance Act (FISA) courts.

Klein’s testimony and documents form the basis of the ongoing Jewel v. NSA court case originally filed in 2008, which alleges “an illegal and unconstitutional program of dragnet communications surveillance conducted by the National Security Agency (the ‘N.S.A.’) and other defendants in concert with major telecommunications companies.” A similar case against the telecommunications company, Hepting v. AT&T, was dismissed following the passage of retroactive immunity for telecom companies in the 2008 renewal of the FISA.

Three former NSA intelligence analysts, William E. Binney, Thomas A. Drake and J. Kirk Wiebe have also backed the Jewel case, saying the NSA either has, or is in the process of obtaining, the ability to seize and store most electronic communications passing through its U.S. intercept centers like “secret room” described by Klein.

The Obama administration moved to dismiss the Jewel case in 2009, invoking the “state secrets” privilege and saying that it was immune from the suit. It was instead dismissed on standing grounds, but the 9th U.S. Circuit Court of Appeals ruled that it could proceed to district court in December 2011. In September 2012 the government again renewed it’s state secret argument. Last Friday the government responded to the NSA leaks by requesting delay on any decisions on pending motions until it can file a new status report taking newly public information into account.

(Credit: Politico)

On the campaign trail, candidate Barack Obama decried the privacy invasions of the Bush surveillance program in 2007, saying it put “forward a false choice between the liberties we cherish and the security we provide.” Though these comments referred to different (and, often, illegal) programs than the ones now being widely discussed, we now know that surveillance programs started under the Bush administration have been extensively expanded during his presidency.

First, The Guardian exposed the tip of the iceberg, releasing a Foreign Intelligence Surveillance Court (FISC) order compelling Verizon to turn over metadata on nearly all calls, such as phone numbers, time stamps, and cell site location data. It was later revealed that this was a continuation of a seven year program involving all major telecommunications companies. This program would have been significantly curtailed, however, if a younger Obama’s attempt to limit such surveillance had succeeded. In 2005, then-Senator Obama co-sponsored the SAFE Act, which would have would drastically limited this sort of dragnet surveillance by amending the USA PATRIOT Act to require intelligence agencies show “specific and articulable facts” that a target was an “agent of a foreign power” before accessing phone records.

Soon after news of the Verizon order leaked, more details about the broad scope of American surveillance programs came out. On Thursday, The Guardian and the Washington Post revealed two programs, codenamed PRISM and BLARNEY with broad online surveillance implications — PRISM deals with the content of foreigners’ online communication (but with a very low threshold of proof that likely resulted in many American citizens’ privacy being “incidentally” compromised); BLARNEY appears to involve a broad collection of digital metadata. While tech companies have denied direct access to their servers or to their data as compelled by the law and the Post has since backtracked on that aspect of their report, that doesn’t rule out the NSA obtaining copies of that data. Subsequent coverage by the Wall Street Journal suggests the government also has access to credit card and Internet service provider (ISP) data.

But while revelations about both programs produced outrage, a White House spokesman told reporters aboard Air Force One Thursday before the PRISM story broke that the phone log data collection was a “critical tool in protecting the nation from terror threats” and that “[t]he president welcomes a discussion of the trade-offs between security and civil liberties.”

Unlike the warrantless wiretapping programs of the Bush administration, the Obama administration asserts PRISM is legal under section 702 of the Foreign Intelligence Surveillance Act (FISA). That section stemmed from the Protect America Act (PAA), signed by President Bush in 2007, which many at the time warned could end up being used to implement broad surveillance programs with “no meaningful judicial oversight.”

A statement from the Director of National Intelligence James Clapper declassifying some details of the phone data collection program released late last night decried the leaks that exposed the surveillance programs as threatening to do “potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation.”

President Obama’s transition from a Senator and presidential candidate who objected to the specter of a surveillance state existing outside of the law (either on ideological grounds or to score political points) to a president who embraced the the expansion of of similar programs after they gained a cloak of legal legitimacy is perhaps unsurprising: The power and access to intelligence information that comes with the position can change perspectives. But the pre-presidential Obama seemed to understand the way an overaggressive surveillance state can transform society.

The reaction to the National Security Agency (NSA)’s secret online spying program, PRISM, has been polarized between seething outrage and some variant on “what did you expect?” Some have gone so far as to say this program helps open the door to fascism, while others have downplayed it as in line with the way that we already let corporations get ahold of our personal data.

That second reaction illustrates precisely why this program is so troubling. The more we accept perpetual government and corporate surveillance as the norm, the more we change our actions and behavior to fit that expectation — subtly but inexorably corrupting the liberal ideal that each person should be free to live life as they choose without fear of anyone else interfering with it.

Put differently, George Orwell isn’t who you should be reading to understand the dangers inherent to the NSA’s dragnet. You’d be better off turning to famous French social theorist Michel Foucault.

The basic concern with the PRISM program is that it is undoubtedly collecting information on significant numbers of Americans, in secret, who may not have any real connection to the case the Agency is pursuing. PRISM sifts through tech giants’ databases to cull information about suspected national security threats. However, since it uses a 51 percent confidence threshold for determining whether a target is foreign, and likely extends to individuals that are “two degrees of separation” from the original target, the chances are extraordinarily high that this program is spying on a significant number of Americans.

A citizenry that’s constantly on guard for secret, unaccountable surveillance is one that’s constantly being remade along the lines the state would prefer. Foucault illustrated this point by reference to a hypothetical prison called the Panopticon. Designed by utilitarian philosopher Jeremy Bentham, the Panopticon is a prison where all cells can be seen from a central tower shielded such that the guards can see out but the prisoners can’t see in. The prisoners in the Panopticon could thus never know whether they were being surveilled, meaning that they have to, if they want to avoid running the risk of severe punishment, assume that they were being watched at all times. Thus, the Panopticon functioned as an effective tool of social control even when it wasn’t being staffed by a single guard.

In his famous Discipline and Punish, Foucault argues that we live in a world where the state exercises power in the same fashion as the Panopticon’s guards. Foucault called it “disciplinary power;” the basic idea is that the omnipresent fear of being watched by the state or judged according to prevailing social norms caused people to adjust the way they acted and even thought without ever actually punished. People had become “self-regulating” agents, people who “voluntarily” changed who they were to fit social and political expectations without any need for actual coercion.

Online privacy advocates have long worried that government surveillance programs could end up disciplining internet users in precisely this fashion. In 1997, the FBI began using something called Project Carnivore, an online surveillance data tool designed to mimic traditional wiretaps, but for email. However, because online information is not like a phone number in several basic senses, Carnivore ended up capturing far more information than it was intended to. It also had virtually no oversight outside of the FBI.

As the Electronic Frontier Foundation told Congress in 2000, “Systems like Carnivore have the potential to turn into mass surveillance systems that will harm our free and open society…Once individuals realize that they have a lowered expectation of privacy on the Net, they may not visit particular web sites that they may otherwise have visited.” Writing in 2004, a group of scholars drew a straight line from this analysis to Foucault’s theory of disciplinary power. “Resembling the ever-present powers of the central watchtower in a prison modeled after the Panopticon,” they wrote “the very fact that the FBI has the potential to monitor communications on a website may lead Internet users to believe that they are constantly being watched.”

We know now that this hypothetical fear about Carnivore has become a reality, courtesy of the NSA. The more people come to see mass online surveillance as a norm, rather than something used only on specific subjects of investigation, the more they’ll tailor their online habits to it. Since people understandably don’t want the government looking at their private information, that’ll mean the internet will over time slowly become less of a place for vibrant self-expression. That should trouble anyone who believes that the best society is one in which people are most free to be themselves in whatever way they find most meaningful. In essence, that should trouble anyone committed to the basic liberal project.

Foucault’s point wasn’t that disciplinary power was intrinsically bad; the idea that, for example, pedophiles might be deterred from accessing child pornography for fear of state surveillance of child porn sites shouldn’t bother anyone. Rather, Foucault warned, disciplinary power was dangerous — used in certain fashions, it could be subtly corrosive of exactly the sorts of freedoms of expression and self-identity that liberal democracies purportedly protected absolutely. The NSA program, especially as its breadth becomes clear, is exactly the sort of overreach his work should warn us against.

Tumblr announced on Monday it was being bought by tech giant Yahoo! for $1.1 billion in one of the largest social media buyouts in years, but while the purchase will make Tumblr’s founders rich, it may bode poorly for the privacy protections of Tumblr users.

In a recent report card from the Electronic Frontier Foundation (EFF), comparing which tech companies protect user’s data from government snooping, Yahoo received one of the lowest scores with only one out of five stars. Tumblr performed significantly better, receiving three stars for requiring a warrant for content, fighting for users’ privacy rights in Congress, and publishing law enforcement guidelines.

A Yahoo spokesperson told reporters in January that the company was requiring warrants for email content data on fourth amendment grounds, joining Google others tech giants. It’s not yet clear how Yahoo will integrate Tumblr into the company, although Yahoo has promised “not to screw it up” in a press statement and said Tumblr will be independently operated as a separate business with David Karp remaining as CEO.

Online privacy law has lagged significantly behind technology advancements. Under the statute governing law enforcement access to digital communications — including private messages over Tumblr’s Fanmail and Yahoo email — the Electronic Privacy Communications Act (ECPA) of 1986, content data over 180 days old stored remotely only requires an administrative subpoena to access, which has a lower threshold of proof than a probable cause warrant.

There are a number of current legislative proposals to update ECPA, one of which was approved by the Senate Judiciary Committee in late April. The U.S. Court of Appeals for the Sixth Circuit ruled email providers cannot be compelled to turn over the content of messages without a probable cause warrant no matter how long the information has been stored in the cloud in United States v. Warshak. That ruling only applies to the four states in the court’s jurisdiction.