Both privacy advocates and the NSA are celebrating the USA Freedom Act that passed the Senate on June 2. The act legalized and simplified the collecting of phone metadata for the NSA. Meanwhile Skype continues to collect voice, chat, video and other data, and deliver it to the Five Eyes international spy coalition.

The passage of the USA Freedom Act — penned by General Keith Alexander, director of the NSA — was followed by general celebration over what is considered a small victory for privacy advocates, and the biggest surveillance reform since the 1970s.

Civil liberty groups and privacy buffs are not the only ones celebrating. According to a source from the Daily Beast, so are NSA officials. A former senior intelligence official, one of half a dozen who have spoken to The Daily Beast about the phone records program and efforts to change it, said:

“What no one wants to say out loud is that this is a big win for the NSA, and a huge nothing burger for the privacy community.”

The debate leading up to the reform focused greatly on amending or doing away with section 215 of the Patriot Act, which expired on June 1. This section was used by the NSA to justify the bulk collection of phone records of Americans, including metadata from corporations such as AT&T, Verizon and BellSouth.

Turns out the phone record collection program was a big headache for the intelligence agency. It required storing massive amounts of phone call data and, according to one source, provided a very small amount of useful information.

The source explained that when it came to serving intelligence information to the White House, the vast majority of their data collection came from Internet giants like Google, Facebook, Skype, Yahoo, etc., through the PRISM program, rather than through the metadata records.

“The NSA is coming out of this unscathed,” said the unnamed former NSA official almost two weeks before the act passed. According to the source, the act creates “a more efficient and comprehensive tool” for the NSA.

This is because under the USA Freedom Act, the NSA no longer has to store or manage the information. Thanks to the “reform,” the database maintenance costs of spying now rest on the laps of the Telecoms corporations.

Beyond the costs of maintaining the data base, the program has become a political lightning rod, requiring teams of lawyers and auditors to scrutinize whether the requests complied with section 215 of the Patriot Act. According to the Daily Beast:

“Before the Snowden leaks, the NSA was already looking for alternatives to storing huge amounts of phone records in the agency’s computers. And one of the ideas officials considered was asking Congress to require phone companies to hang onto that information for several years. The idea died, though, because NSA leaders thought that Congress would never agree.”

Now the NSA can request search queries with specific “selector” terms, and have the Telecoms deliver the information to them. The selector terms are supposed to be specific, rather the broad search queries, and must be approved by the secret FISA court — the one that approved almost every warrant since its inception and is closed off from public audit.

Skype 

The surveillance reform appears to indeed restrain the powers of the NSA, even if ever so slightly. The data collection levels pail in comparison, however, to the troves of data collected through the Internet giants. Much of this data flows through American and British soil and is thus fair game for the spy agencies who share information.

As far as phone call records, metadata and content, the ubiquitous and world-changing voice over IP provider, Skype, and similar software like WhatsApp, are gold mines of information. This is likely why Microsoft and Facebook bought the companies for US$8.5 billion and US$22 billion, respectively.

According to a 2014 report by TeleGeography, “Skype’s traffic was almost 40% the size of the entire conventional international telecom market.” Skype has over 500 million downloads on android and over 4.5 million daily active users. It is a huge market, and as a service has allowed cheap and easy voice and video communication internationally for years. Such a vast communications network should offer top-of-the-line customer protections and security, right? Think again.

According to documents released by Snowden in 2013, the NSA in collaboration with British and other spy agencies have compromised, collected and redacted Skype communications almost entirely.

"Sustained Skype collection began in Feb 2011," reads an NSA training document from Snowden’s archive, according to Spiegel International. Less than half a year later, in the fall, the NSA hackers declared their mission accomplished. Since then, data from Skype has been accessible to the NSA's snoops.

Software giant Microsoft, which acquired Skype in 2011, said in a statement last year: "We will not provide governments with direct or unfettered access to customer data or encryption keys."

The NSA had been monitoring Skype even before that, but since February 2011, the service has been under order from the secret U.S. Foreign Intelligence Surveillance Court (FISC), to not only supply information to NSA, but also to make itself accessible as a source of data for the agency, reported Spiegel.

An official statement from Microsoft published in 2013 also suggests they are under the constraints of a gag order in the U.S. It reads, “There are aspects of this debate that we wish we were able to discuss more freely.”

One document boasts that PRISM monitoring of Skype video has roughly tripled since a new capability was added on July 14, 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says, making it clear that they are collecting full content of conversations and not just metadata, as with the phone records debate.

Other documents state that "PRISM has a new collection capability: Skype stored communications," in a confidential NSA memo from 2013. "Skype stored communications will contain unique data which is not collected via normal real-time surveillance collection." The data includes buddy lists, credit card information, call records, user account data and "other material" that is of value to the NSA's special source operations. 

American spy agencies have also been redacting voice to text in real time since 2006, in order to better search the vast amounts of collected data. Last but not least, as reported by the Intercept:

“Previously released documents from the Snowden archive describe enormous efforts by the NSA during the last decade to get access to voice-over-internet content like Skype calls, for instance. And other documents in the archive chronicle the agency’s adjustment to the fact that an increasingly large percentage of conversations, even those that start as landline or mobile calls, end up as digitized packets flying through the same fiber-optic cables that the NSA taps so effectively for other data and voice communications.” 

After the passage of the USA Freedom Act, perhaps we can now move the debate to the vast amount of content surveillance that is actually happening. Or better yet, instead of waiting for more “reforms,” we can begin to look for ways to decentralize and encrypt online communications as they should be.