Marc Ambinder is reporting that the NSA internet surveillance program mines the data from at least 50 companies, including major credit card corporations, as part of the PRISM program.
From the different types of data, including their credit card purchases, the locations they sign in to the internet from, and even local police arrest logs, the NSA can track people it considers terrorism or espionage suspects in near-real time. An internet geo-location cell is on constant standby to help analysts determine where a subject logs in from. Most of the collection takes place on subjects outside the U.S, but a large chunk of the world's relevant communication passes through American companies with servers on American soil. So the NSA taps in locally to get at targets globally.
It is not clear how the NSA interfaces with the companies. It cannot use standard law enforcement transmission channels to do, since most use data protocols that are not compatible with that hardware. Several of the companies mentioned in the Post report deny granting access to the NSA, although it is possible that they are lying, or that the NSA's arrangements with the company are kept so tightly compartmentalized that very few people know about it. Those who do probably have security clearances and are bound by law not to reveal the arrangement.
This arrangement allows the U.S. companies to "stay out of the intelligence business," one of the officials said. That is, the government bears the responsibility for determining what's relevant, and the company can plausibly deny that it subjected any particular customer to unlawful government surveillance. Previously, Congressional authors of the FAA said that such a "get out of jail free" card was insisted by corporations after a wave of lawsuits revealed the extent of their cooperation with the government.
It is possible, but not likely, that the NSA clandestinely burrows into servers on American soil, without the knowledge of the company in question, although that would be illegal.
There appears to be, at least, minimal safeguards to protect the privacy of innocent Americans. But as with the Bush program, no system is foolproof and I would imagine there are at least a few Americans who are inadvertently tracked.
But the real problem with all these programs is the potential for massive, police state-type spying. The NSA could tell Congress and the FISA court one thing, and then do another and, unless someone stepped forward, who would be any the wiser?
There's never enough oversight when it comes to surveillance programs with the potential to take away the liberties of American citizens.