This section is intended to be presentation-heavy. It opens with a short video explaining the foreign intelligence surveillance court, followed by another introducing NSA whistleblower Edward Snowden. The legal material can be somewhat dry, so it's especially important to focus on the surveillance capabilities outlined, followed secondarily by the authorities under which those capabilities exist. Finally, the module opens up to discussion time.
Upon successful completion of this lesson, students will be able to compare the legal authorities to conduct electronic surveillance over telephone metadata and web traffic.
Students will be able to identify the circumstances under which foreign surveillance necessarily includes surveillance of domestic data.
Students will be able to analyze and critique the relative risks and benefits of untargeted surveillance in relation to contemporary journalistic practice.
Why this matters
Mass surveillance doesn't only affect journalists, but understanding the rules surrounding U.S. intelligence targeting, particularly when speaking to sensitive or foreign sources, is important to help threat model effectively.
Optional: Bringing back threat modeling, what are the circumstances where journalists are most likely to be targeted? Realistically, what could be done to address this concern? Consider using the threat modeling handout once again: Threat Modeling Activity Handout (English, Spanish)
Questions for discussion
If you talk to international sources in your work, this may mean your conversations with them are being gathered for intelligence purposes. If you don’t talk to international sources very much, perhaps this is less of a problem for your situation.
How frequently have you worked with international sources or colleagues in your previous reporting? How much would this affect your work?
If you used a piece of technology (e.g., a VPN, Tor) to make yourself look like you are coming from a foreign country, do you think your data will be considered foreign? What if you appear to come from the U.S.? Note: If it's ambiguous whether the data is foreign, it is generally now considered foreign intelligence data. This includes cases where someone is using Tor or a VPN. Because a VPN or Tor are designed to obfuscate the location of the data source, it may be ambiguous whether the data source is a U.S. person, and it is therefore vulnerable to interception. It does not matter if the traffic exits in the United States.
What are the consequences of "incidental" interception? Are there circumstances where you feel it's okay? Are there circumstances where it would be unacceptable to you?