This section is intended to be presentation-heavy. It opens with a short video explaining the foreign intelligence surveillance court, followed by another introducing NSA whistleblower Edward Snowden. The legal material can be somewhat dry, so it's especially important to focus on the surveillance capabilities outlined, followed secondarily by the authorities under which those capabilities exist. Finally, the module opens up to discussion time.

Prerequisites

Threat modeling
Internet and telecommunication security
Legal requests in the U.S.

Estimated time

45-50 minutes

Objectives

• Upon successful completion of this lesson, students will be able to compare the legal authorities to conduct electronic surveillance over telephone metadata and web traffic.
• Students will be able to identify the circumstances under which foreign surveillance necessarily includes surveillance of domestic data.
• Students will be able to analyze and critique the relative risks and benefits of untargeted surveillance in relation to contemporary journalistic practice.

Why this matters

Mass surveillance doesn't only affect journalists, but understanding the rules surrounding U.S. intelligence targeting, particularly when speaking to sensitive or foreign sources, is important to help threat model effectively.

Homework

(After class)
- Read this article about the impact of NSA surveillance on writers, following the Snowden disclosures: "Chilling Effects: NSA Surveillance Drives U.S. Writers to Self-Censor"
- Watch this video from Professor Jonathan Mayer describing surveillance authorities under the Foreign Intelligence Surveillance Act: "The Foreign Intelligence Surveillance Act (FISA)"
- Read this "one pager" from the Electronic Frontier Foundation describing the mass surveillance capabilities claimed under Section 702 of the Foreign Intelligence Surveillance Act: https://www.eff.org/document/702-one-pager-adv
- Read this piece on the use of Section 215 of the Patriot Act to surveil visits to particular websites: "U.S. Used Patriot Act to Gather Logs of Website Visitors"

Sample slides

Mass surveillance in the U.S. (Google Slides)

Activities

• Watch this short video on Section 702 of the Foreign Intelligence Surveillance Act: The FISA Court: History, Purpose, and Controversy [No. 86]
• Optional: Bringing back threat modeling, what are the circumstances where journalists are most likely to be targeted? Realistically, what could be done to address this concern? Consider using the threat modeling handout once again: Threat Modeling Activity Handout (English, Spanish)
  

Questions for discussion

• If you talk to international sources in your work, this may mean your conversations with them are being gathered for intelligence purposes. If you don’t talk to international sources very much, perhaps this is less of a problem for your situation.
  • How frequently have you worked with international sources or colleagues in your previous reporting? How much would this affect your work?
• If you used a piece of technology (e.g., a VPN, Tor) to make yourself look like you are coming from a foreign country, do you think your data will be considered foreign? What if you appear to come from the U.S.?
  Note: If it's ambiguous whether the data is foreign, it is generally now considered foreign intelligence data. This includes cases where someone is using Tor or a VPN. Because a VPN or Tor are designed to obfuscate the location of the data source, it may be ambiguous whether the data source is a U.S. person, and it is therefore vulnerable to interception. It does not matter if the traffic exits in the United States.
  
• What are the consequences of "incidental" interception? Are there circumstances where you feel it's okay? Are there circumstances where it would be unacceptable to you?

Other related resources

• Check out the Electronic Frontier Foundation's one-pager on Section 215 of the Patriot Act.
• Check out the Center for Democracy and Technology's Section 702 "Myths and Facts" sheet.