2013年曝光的美国国安局十大恶行

    2013年，爱德华•斯诺登彻底改变了大家所熟知的美国的监控范围，这一年因此而被历史铭记。这位美国国家安全局（National Security Agency）承包商的前雇员将机密文件泄露给了《卫报》（The Guardian）和《华盛顿邮报》（The Washington Post ）后就逃之夭夭，先是潜逃到香港，随后又到俄罗斯落脚。

    而现在，地球人都知道美国政府无处不在的窥探行为了。媒体关于此次泄密事件的第一篇报道发表六个月后，一位联邦法官就裁定，美国政府大量收集美国民众电话记录的行为可能违反了美国宪法。数天后，一个总统顾问小组就建议重新限定国安局的监控权力，包括终止电话记录监控项目。

    目前，美国政府仍然无法确知斯诺登到底还会披露多少惊天秘密。我们先来回顾一下今年所了解到的情况，也就是那些绝密机构到底是通过什么方式在收集美国及世界各地的电话记录和上网情况。

大量收集“业务记录”

    关于国安局的监控，第一个掀起轩然大波的爆料是威瑞森公司（Verizon）“持续”收集美国用户的电话记录——这主要归功于“外国情报监视法庭”（Foreign Intelligence Surveillance Court）所颁布的法令。这个法令主要依据《爱国者法案》（Patriot Act）中对“业务记录”的规定，但并不涉及到电话内容，而是这些电话的“元数据”，比如电话号码。据《卫报》报道，还有“地理位置数据、通话时长、唯一识别码、以及所有通话的时长”。

棱镜计划

    《卫报》和《华盛顿邮报》报道让国安局的“棱镜计划”大白于天下：据国安局的一张幻灯片透露，这个机构“直接从”美国的九大互联网公司“的服务器上收集数据”，微软公司（Microsoft）、雅虎公司（Yahoo）、谷歌公司（Google）、Facebook公司以及苹果公司（Apple）都赫然在列。

    所有这些公司要么否认知道这个项目的存在，要么说它们并没有让政府获得这些信息。最近，一帮科技巨头还联名向华盛顿当局提交了一封公开信，呼吁开展监控改革。

詹姆斯•克拉伯公开认错

    今年3月，国家情报总监詹姆斯•克拉伯向参议院情报委员会（Senate Intelligence Committee）表示，国安局并没有收集成千上万的美国人的信息——至少“不是有意的”。

    但到了6月21日，就在关于斯诺登泄密事件的首批报道出笼后，克拉伯又在一封致情报委员会主席黛安•范斯坦的信中为上述说法公开认错。他说：“我的反应显然是错误的——为此我必须道歉。”

XKeyscore计划几乎让“一切”水落石出

    据《卫报》称，国安局的培训材料将这个项目称为其收集网上情报的“覆盖面最广”的手段，它让分析师可以通过填写屏幕上的表格来搜索各类网上活动。

    这份报道称：“一份演示报告称这个项目涵盖了‘用户在网上的几乎所有活动’，包括电子邮件的内容，访问的网站，各类搜索以及其元数据。”

Lavabit关闭电邮服务

    8月，爱德华•斯诺登的加密电邮服务供应商Lavabit在一场秘密官司中关停了服务。Lavabit的所有人拉达•莱文森在一封致用户的信中写道：“在未经国会批准或已有可靠的司法判例前，我强烈建议大家不要将私人数据委托给与美国政府有实际链接的公司管理。”

    两个月后，公开庭审记录显示，美国政府想要莱文森提供Lavabit所有客户的电子邮件的加密密匙。他告诉《纽约时报》（The New York Times）：“在这件事上，他们就想打开整个邮箱，拿到那个特定联系人的资料。”

国安局审计详细披露了违规行为

    据《华盛顿邮报》称，一项从2012年5月开始的针对国安局的审计显示，“此前12个月里，针对受到法律保护的通讯信息共发生了2,276起未经授权的收集、存储、提取及传播事件”。对此，国安局合规总监约翰•德龙的回应是，这些违规行为并不是“有意为之”，而且这些事件的概率是“百万分之几或十亿分之几”。

    同样针对这份报告，美国外国情报监控法庭（Foreign Intelligence Surveillance Court）的首席法官向《邮报》表示，法庭的监管能力也是有限的。美国地区法官雷吉•华尔顿在一份声明中称：“外国情报监控法庭没有能力调查不合规问题。在这方面，一旦涉及强制要求（政府）遵守规定，这个法庭与其他法庭的地位并无二致。”

    2013 will be remembered as the year Edward Snowden changed everything we know about the scope of U.S. surveillance practices. The former National Security Agency contractor leaked classified documents to The Guardian and the Washington Post before fleeing the country first for Hong Kong and then Russia.

    By now the revelations about the government's snooping are well known. Six months after the first media reports were published, a federal judge ruled that the government's bulk collection of Americans' phone records likely violates the Constitution. Days later, a presidential advisory panel recommended new limits on NSA surveillance powers, including an end to the phone records program.

    The government still doesn't know how many more secrets may yet surface from Snowden's leak. Here, a look back on what we learned this year about how the super-secret agency has been gathering intel about phone and internet activity in the U.S. and around the world.

Collecting "business records" in bulk

    The first blockbuster disclosure about NSA surveillance revolved around the "ongoing" collection of Verizon (VZ) customer records in the U.S. -- thanks to a secret court order granted by the Foreign Intelligence Surveillance Court. Such court orders -- which rely on the "business records" provision in the Patriot Act -- cover not the content of calls, but their "metadata," such as the phone numbers involved, "location data, call duration, unique identifiers, and the time and duration of all calls," The Guardian reported.

PRISM

    Reports by The Guardian and the Washington Post blew the lid off an NSA program called PRISM: "collection directly from the servers" of nine U.S. Internet companies, including Microsoft (MSFT), Yahoo (YHOO), Google (GOOG), Facebook (FB), and Apple (AAPL), according to an agency presentation slide.

    All of those companies either denied knowledge of the program, or that they provided the government with such access. More recently, a group of tech giants issued an open letter to Washington, urging surveillance reform.

James Clapper recants

    As recently as March, director of national intelligence James Clapper told the Senate Intelligence Committee that the NSA did not collect data on millions of Americans -- at least, "not wittingly."

    But on June 21, following the initial stories on the Snowden leaks, Clapper recanted that statement in a letter to intelligence committee chairwoman Dianne Feinstein (D-Calif.). "My response was clearly erroneous -- for which I apologize," he said.

XKeyscore unlocks almost "everything"

    NSA training materials described this program as the agency's "widest-reaching" means for gathering intelligence online, allowing analysts to search for a variety of internet activity by filling out an on-screen form, according to The Guardian.

    "One presentation claims the program covers 'nearly everything a typical user does on the Internet,' including the content of emails, websites visited, and searches, as well as their metadata," the paper reported.

Lavabit shuts down email service

    In August, Edward Snowden's encrypted email service provider, Lavabit, shut down its business amid a secret court battle. "Without congressional action or a strong judicial precedent," Lavabit owner Ladar Levison wrote in a message to users, "I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."

    Two months later, unsealed court records showed that the government wanted Levison to provide encryption keys for the emails of all Lavabit customers. "In my case, they wanted to break open the entire box just to get to one connection," he told the New York Times.

NSA audit details violations

    An NSA audit from May 2012 showed "2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications,"according to the Washington Post. Responding to the report, NSA compliance director John DeLong said the violations weren't "willful," and that they numbered in the "parts-per-million or parts-per-billion range."

    Commenting on the same report, the chief judge of the Foreign Intelligence Surveillance Court told the Post that the court's oversight capabilities were limited. "The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders," U.S. district judge Reggie Walton said in a statement.