Case Study: The Snowden Revelations and Mass Surveillance

Claude (AI-Generated Textbook)

Case Study: The Snowden Revelations and Mass Surveillance

"I don't want to live in a society that does these sort of things. I do not want to live in a world where everything I do and say is recorded." — Edward Snowden, interview with Glenn Greenwald, June 2013

Overview

On June 5, 2013, The Guardian published the first in a series of stories that would reshape the global debate about surveillance, privacy, and democratic accountability. The source was Edward Snowden, a 29-year-old systems administrator working as a contractor for the National Security Agency (NSA) through the consulting firm Booz Allen Hamilton. Over the following weeks and months, Snowden provided journalists with tens of thousands of classified documents revealing the scope, scale, and legal architecture of mass surveillance programs operated by the NSA and its partners in the Five Eyes intelligence alliance.

The revelations demonstrated that the NSA was not merely conducting targeted surveillance of suspected terrorists — the stated justification for its post-9/11 authorities — but was collecting the communications data of hundreds of millions of ordinary people, including American citizens, on a scale that even many members of Congress did not understand. The programs exploited the architecture of the global internet itself, tapping undersea fiber optic cables, compelling cooperation from technology companies, and operating under legal interpretations so expansive that they were classified as national security secrets.

This case study examines the key programs Snowden revealed, the legal and institutional architecture that enabled them, the governance failures they exposed, and the reforms — and non-reforms — that followed.

Skills Applied: - Analyzing mass surveillance through the lens of proportionality and democratic accountability - Evaluating the gap between legal authorization and meaningful oversight - Connecting intelligence surveillance to broader concepts of dataveillance and power asymmetry - Assessing the effectiveness of post-crisis governance reforms

The Situation

Edward Snowden

Edward Snowden grew up in a military family in North Carolina and Maryland. He did not finish high school, instead earning a GED before pursuing a career in intelligence and technology. He worked for the CIA and later as a contractor for the NSA, with positions at facilities in Geneva, Japan, Maryland, and Hawaii. By his late twenties, he held a top-secret security clearance and had access to some of the most sensitive surveillance systems in the U.S. intelligence community.

Snowden later said that his decision to leak classified documents was driven by what he witnessed from inside the system. He described a surveillance apparatus that had grown far beyond what the public understood or what democratic processes had authorized. "The public needs to decide whether these programs and policies are right or wrong," he told journalists. His position was not that all surveillance should end, but that its scope and legal basis should be subject to informed public debate rather than concealed behind classification.

In May 2013, Snowden flew to Hong Kong with a cache of classified documents. He contacted journalists Glenn Greenwald and Laura Poitras, as well as The Guardian's Ewen MacAskill. The first story was published on June 5, 2013.

The Key Programs

PRISM. Authorized under Section 702 of the FISA Amendments Act of 2008, PRISM enabled the NSA to collect data directly from the servers of nine major U.S. technology companies: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. The data collected included emails, chat messages, video and voice calls, photos, stored files, and social networking activity. PRISM targeted non-U.S. persons believed to be located outside the United States, but because communications frequently cross borders and because "targeting" procedures were broad, vast quantities of Americans' data were inevitably collected — a phenomenon the NSA termed "incidental collection."

Bulk Telephony Metadata Collection. Under a classified interpretation of Section 215 of the USA PATRIOT Act, the NSA obtained orders from the Foreign Intelligence Surveillance Court (FISC) compelling major telephone companies to turn over the "metadata" of all domestic phone calls — not the content, but the numbers dialed, the duration of calls, and the time they occurred. This was not targeted: it encompassed the phone records of virtually every American who used a major carrier. The program operated continuously from at least 2006 to 2015.

XKEYSCORE. Described in internal NSA training documents as the agency's "widest-reaching" system, XKEYSCORE allowed analysts to search through enormous databases of intercepted internet activity — emails, chats, browsing histories, and more — using selectors such as a name, email address, IP address, or keyword. Training materials boasted that XKEYSCORE covered "nearly everything a typical user does on the internet." Low-level analysts could query the system with minimal supervisory approval.

Upstream Collection. While PRISM collected data from company servers, Upstream collection tapped the physical infrastructure of the internet itself — the fiber optic cables that carry international communications traffic. The NSA, working with telecommunications providers under compulsion, intercepted data as it flowed through key switching points on the U.S. network. This enabled bulk collection of both content and metadata from communications transiting through the United States, even when neither the sender nor the recipient was a surveillance target.

Five Eyes Cooperation. The NSA did not operate alone. The Five Eyes alliance — comprising the intelligence agencies of the United States (NSA), the United Kingdom (GCHQ), Canada (CSE), Australia (ASD), and New Zealand (GCSB) — shared intercepted communications, jointly operated collection systems, and coordinated targeting. GCHQ's TEMPORA program, for example, tapped over 200 fiber optic cables carrying internet traffic in and out of the United Kingdom, with the ability to store content for three days and metadata for thirty days. Intelligence-sharing arrangements enabled each member to access data collected by others, creating a surveillance network that spanned the globe.

The Legal Architecture

The programs operated under a layered legal framework that was, in critical respects, secret:

FISA and the FISC. The Foreign Intelligence Surveillance Act of 1978 created a specialized court — the FISC — to review government requests for surveillance orders in national security cases. The court operates in secret: its opinions are classified, its proceedings are ex parte (only the government presents arguments), and there is no adversarial process. Snowden's disclosures revealed that the FISC had approved sweeping interpretations of surveillance authorities — including the Section 215 bulk metadata program — that Congress and the public had never been told about. In the years before the disclosures, the FISC approved over 99% of government requests.

Section 215 of the USA PATRIOT Act. The statute authorized the government to obtain "any tangible things" relevant to an authorized investigation. The word "relevant" was interpreted by the FISC, in a classified opinion, to encompass the phone records of every American — on the theory that the entire database might contain records relevant to terrorism investigations. This interpretation was so expansive that the author of the PATRIOT Act, Representative Jim Sensenbrenner, publicly stated it was never the law's intent.

Section 702 of the FISA Amendments Act. Enacted in 2008, Section 702 authorized the surveillance of non-U.S. persons reasonably believed to be located outside the United States, without individualized court orders. The law was designed for targeted foreign intelligence collection, but its implementation — through PRISM and Upstream — resulted in the collection of enormous quantities of Americans' communications. The "incidental collection" of domestic data was not an aberration but an inherent feature of the system's architecture.

Executive Order 12333. The broadest and least constrained legal authority, EO 12333 authorized surveillance conducted outside the United States, which is not subject to FISA or FISC oversight. Much of the NSA's collection from undersea cables and foreign network infrastructure operated under this authority, which is governed by executive branch policies rather than judicial review.

The Governance Failures

Oversight That Did Not Oversee

The Snowden revelations exposed a pattern of oversight failure across all three branches of government:

Congressional oversight. The congressional intelligence committees — the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence — were nominally responsible for overseeing NSA programs. In practice, most members of Congress were unaware of the bulk metadata program's existence or scope. Classified briefings were available, but attendance was voluntary, notes were prohibited, and members could not discuss what they learned with staff or constituents. Senators Ron Wyden and Mark Udall, who sat on the intelligence committee, spent years making oblique public warnings about secret surveillance programs but were unable to reveal details because of classification rules.

Judicial oversight. The FISC was designed to provide a judicial check on surveillance, but its structure made meaningful oversight nearly impossible. The court heard only from the government, had no institutional capacity to verify the government's factual claims, and published no public opinions. When the FISC did identify compliance violations — the NSA exceeded the scope of authorized collection on multiple occasions — the violations were reported internally but not disclosed to the public.

Executive oversight. Internal oversight mechanisms, including the NSA's Office of the Inspector General and the Department of Justice's National Security Division, identified compliance problems but treated them as procedural issues rather than structural ones. The fundamental question — whether mass collection of Americans' data was appropriate in a democracy — was never subjected to internal review because the programs' legal basis was assumed to be settled.

The Accountability Gap in Practice

The Snowden case illustrates Chapter 8's broader theme about the accountability gap in surveillance governance. The legal authorities existed. The oversight bodies existed. The compliance procedures existed. And yet the result was a surveillance apparatus whose scope exceeded what the public, most of Congress, and arguably the FISC itself understood. The gap was not between law and lawlessness but between formal accountability (procedures on paper) and substantive accountability (meaningful democratic control over state power).

Aftermath and Reform

Immediate Consequences

Snowden was charged under the Espionage Act. He fled to Russia, where he was granted asylum and eventually citizenship. He remains unable to return to the United States.
Public reaction was intense. Polls showed a significant shift in American attitudes toward government surveillance, with a Pew Research Center survey finding that, for the first time, more Americans were concerned about civil liberties restrictions than about inadequate security measures.
Technology companies — initially embarrassed by their cooperation with PRISM — began implementing stronger encryption, including end-to-end encryption for messaging services, and publishing transparency reports detailing government data requests.
International relations were strained. Germany was particularly angered by revelations that the NSA had tapped Chancellor Angela Merkel's personal mobile phone. Brazil canceled a state visit to Washington. The European Court of Justice invalidated the Safe Harbor data-transfer agreement between the EU and the US (the Schrems I decision), citing inadequate protection against NSA surveillance.

Legislative and Policy Reforms

USA FREEDOM Act (2015). The most significant legislative response, this law ended the bulk collection of domestic phone metadata under Section 215, replacing it with a system in which the NSA must obtain FISC approval to query records held by telephone companies using specific selection terms. The law also created a panel of "amici curiae" to provide independent perspectives in significant FISC proceedings and required the declassification of significant FISC opinions.

Presidential Policy Directive 28 (PPD-28). Issued by President Obama in January 2014, PPD-28 extended certain privacy protections to non-U.S. persons — a recognition that the NSA's global surveillance affected the rights of people worldwide, not only Americans. The directive's practical impact was debated; critics noted that it was an executive order, not a law, and could be revoked by any future president.

Section 702 Reauthorization (2018). Despite the post-Snowden reform momentum, Congress reauthorized Section 702 in January 2018 with only modest changes. The reauthorization included a provision requiring a warrant before the FBI could search Section 702 databases for information about Americans in criminal investigations — but this provision was weakened by exceptions. Civil liberties organizations argued that the reauthorization preserved the core architecture of mass collection.

What Did Not Change

The reforms addressed some of the most visible programs but left the fundamental infrastructure of mass surveillance largely intact. Section 702 collection continued. Executive Order 12333 surveillance — conducted entirely outside the FISA framework — was not addressed by any legislation. The Five Eyes intelligence-sharing arrangements were not subject to reform. And the commercial data ecosystem that the chapter describes in Section 8.7 — in which government agencies can purchase surveillance-equivalent data from brokers without warrants — was not constrained by any of the post-Snowden reforms.

Discussion Questions

The whistleblower question. Edward Snowden has been called both a whistleblower and a traitor. Using the ethical frameworks from Chapter 6 (utilitarianism, deontology, virtue ethics), evaluate Snowden's decision to disclose classified information. Does the public benefit of the revelations justify the breach of his oath of secrecy? Does the answer change depending on which ethical framework you apply?
Mass surveillance and proportionality. The bulk metadata program collected records on virtually every American phone call. The government argued this was necessary because the "needle" (a terrorist communication) could only be found in the "haystack" (all communications). Evaluate this argument using the proportionality framework from Section 8.4.3. Is there a principled way to determine when the scope of surveillance becomes disproportionate to its purpose?
Secret law and democracy. The FISC's classified opinions effectively created a body of secret law governing surveillance. Can a democratic society function with legal interpretations that the public is not permitted to know? What happens when "national security" becomes a reason to conceal not just intelligence operations but the legal reasoning that authorizes them?
The reform paradox. The USA FREEDOM Act ended the bulk metadata program but left Section 702 collection intact. Some critics argue that the reforms gave the public a sense of resolution while leaving the most expansive surveillance authorities untouched — a kind of "theatrical reform" analogous to the "theatrical consent" discussed in Chapter 9. Evaluate this critique. Were the post-Snowden reforms meaningful, or were they designed to manage public anger rather than constrain surveillance?

Your Turn: Mini-Project

Option A: Timeline of Oversight. Create a detailed timeline of the NSA surveillance programs from their origins (post-9/11 authorizations) through the Snowden revelations and subsequent reforms. For each event, note: (1) what was happening, (2) what oversight mechanisms were supposed to catch it, and (3) why those mechanisms failed or succeeded. Present your timeline as an annotated visual or structured table. Use at least four sources beyond this textbook.

Option B: Comparative Analysis. Research how one non-U.S. country (Germany, Brazil, India, or South Africa) responded to the Snowden revelations. Did the revelations lead to domestic reforms? Did the country discover its own surveillance programs? Write a two-page analysis comparing the foreign country's response to the U.S. response, identifying what factors (political culture, legal tradition, relationship with the United States) shaped the different outcomes.

Option C: The Encryption Debate. Following the Snowden revelations, major technology companies expanded their use of encryption. Governments, including the United States, United Kingdom, and Australia, have since pushed for "lawful access" — requiring companies to build backdoors that would allow government decryption of encrypted communications. Research the current state of this debate. Write a two-page policy brief that presents the strongest arguments on both sides and proposes a governance framework that addresses both security and privacy concerns. Reference the encryption discussion in Section 8.8.

References

Greenwald, Glenn. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. New York: Metropolitan Books, 2014.
Harding, Luke. The Snowden Files: The Inside Story of the World's Most Wanted Man. London: Guardian Faber Publishing, 2014.
Snowden, Edward. Permanent Record. New York: Metropolitan Books, 2019.
Greenwald, Glenn. "NSA Collecting Phone Records of Millions of Verizon Customers Daily." The Guardian, June 5, 2013.
Gellman, Barton, and Laura Poitras. "U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program." The Washington Post, June 6, 2013.
Privacy and Civil Liberties Oversight Board. "Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court." January 23, 2014.
Savage, Charlie. Power Wars: The Relentless Rise of Presidential Authority and Secrecy. New York: Back Bay Books, 2017.
Zuboff, Shoshana. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. New York: PublicAffairs, 2019.
Pew Research Center. "Public Divided over Snowden's Role; More Concerned about Civil Liberties." January 20, 2014.
Court of Justice of the European Union. Maximillian Schrems v. Data Protection Commissioner. Case C-362/14, October 6, 2015.