For decades, it was a conspiracy theory: that the United States government was secretly intercepting the private communications of ordinary citizens on a massive scale. Then, in June 2013, a 29-year-old NSA contractor named Edward Snowden handed a cache of classified documents to journalists at The Guardian and The Washington Post. The conspiracy theory became documented fact. But the story did not begin with Snowden — and it did not end with him either.
ECHELON: The Cold War Origins of Mass Surveillance
The infrastructure of global surveillance did not materialize overnight. It was built methodically, over sixty years, starting in the aftermath of World War II. In 1946, the United States and the United Kingdom formalized an intelligence-sharing agreement that would later expand to include Canada, Australia, and New Zealand. This alliance — now known as the Five Eyes — became the operational backbone of the most comprehensive signals intelligence network ever constructed.
The system that grew from this arrangement was called ECHELON. By the 1960s and 1970s, ECHELON had evolved into a global network of interception stations capable of capturing satellite communications, telephone calls, faxes, and eventually internet traffic. Ground stations were established at Menwith Hill in England, Pine Gap in Australia, Waihopai in New Zealand, and dozens of other sites positioned to capture signals from commercial and military satellites across every hemisphere.
For most of the Cold War, ECHELON's existence was officially denied. Governments that operated it refused to confirm or deny the network existed. The few journalists who reported on it were treated as fringe figures. The phrase "mass surveillance by allied governments" appeared primarily in the output of civil liberties organizations and was dismissed accordingly.
That began to change in 1988, when British journalist Duncan Campbell published a detailed report for the New Statesman titled "They've Got It Taped," describing the ECHELON system in considerable technical detail. The article was largely ignored by mainstream outlets. A decade later, a European Parliament investigation — the STOA report — formally confirmed ECHELON's existence and documented its capabilities, including its use for economic espionage targeting European companies on behalf of American corporate interests. By 2001, the European Parliament had published a second, more detailed report recommending that member states encrypt sensitive communications as a defense against interception by their nominal allies.
The US and UK governments still declined to officially acknowledge the program. It took the Snowden documents to force that acknowledgment — years later, and only partially.
The Whistleblowers Who Came Before Snowden
Edward Snowden is the name most associated with NSA surveillance revelations, but he was not the first person to try to warn the public. Several intelligence insiders raised alarms years before 2013, at tremendous personal cost, and were largely ignored.
William Binney
William Binney spent 36 years at the NSA, rising to become one of its best mathematicians and the technical director of the World Geopolitical and Military Analysis Reporting Group. After the September 11 attacks, Binney watched as the NSA repurposed a surveillance program he had helped design — originally intended for foreign targets — and turned it against American citizens without legal authorization.
Binney resigned in October 2001 and spent the following years attempting to raise concerns through official channels. In 2002, he and several colleagues filed a complaint with the Department of Defense Inspector General. In 2007, FBI agents raided his home at gunpoint while he was in the shower, part of a broader investigation into NSA whistleblowers that was eventually dropped. No one was charged.
Binney continued speaking publicly about unconstitutional mass collection. He estimated that by the late 2000s, the NSA had accumulated trillions of intercepted communications from American citizens. He was treated as a crank. When the Snowden documents confirmed everything he had described, Binney noted — without evident satisfaction — that he had been saying the same things for twelve years.
Thomas Drake
Thomas Drake was a senior NSA executive who raised concerns about warrantless surveillance and waste through proper whistleblower channels — the Inspector General, the congressional intelligence committees, and the Department of Defense. He then spoke to a Baltimore Sun reporter about NSA waste and mismanagement, in a manner he believed was legally protected.
In 2010, the Obama administration charged Drake under the Espionage Act. He faced up to 35 years in prison. The government's case collapsed in 2011 — none of the information Drake had discussed was ever proven to be classified — and he pleaded guilty to a single misdemeanor of unauthorized use of a computer. He was sentenced to a year of community service. He lost his career, his pension, and his security clearance. The Obama administration charged more whistleblowers under the Espionage Act than all previous administrations combined.
Mark Klein and AT&T Room 641A
Mark Klein was an AT&T technician who, in 2003, discovered that the NSA had installed a secret room — Room 641A — in AT&T's San Francisco internet switching facility. The room was connected to a fiber optic splitter that copied the entire flow of internet traffic passing through the facility. Klein documented the installation with photographs and technical schematics.
In 2006, Klein provided his documentation to the Electronic Frontier Foundation, which filed a class action lawsuit against AT&T. The lawsuit was ultimately blocked by the Foreign Intelligence Surveillance Court and effectively killed by the FISA Amendments Act of 2008, which granted retroactive immunity to telecommunications companies that had cooperated with NSA surveillance. Klein's evidence was physically precise — he had circuit diagrams. The government's response was to make the lawsuit disappear.
The Snowden Revelations: What the Documents Showed
On June 5, 2013, The Guardian published the first story based on Edward Snowden's documents: a top-secret court order requiring Verizon to hand over the phone records of millions of Americans to the NSA on an "ongoing, daily basis." Three days later, The Washington Post and The Guardian published details of PRISM.
PRISM
PRISM was an NSA program that collected internet communications directly from the servers of nine major US technology companies: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. The program operated under Section 702 of the Foreign Intelligence Surveillance Act, which authorized collection targeting foreign nationals outside the United States. In practice, the data of American citizens was swept up incidentally — and retained.
The slide deck that Snowden provided described PRISM as the "number one source of raw intelligence used in NSA analytic reports." All nine companies initially denied any knowledge of the program. Subsequent reporting, and eventual government acknowledgment, confirmed that the program existed and that the companies had been legally compelled to cooperate under gag orders that prevented them from disclosing the requests.
XKeyscore
XKeyscore was described in NSA documents as the agency's "widest reaching" intelligence system. A presentation Snowden provided showed that XKeyscore allowed analysts to search through vast databases of emails, online chats, and browsing histories of people around the world. An analyst could search the full content of communications — not just metadata — using selectors such as email addresses, names, or phone numbers.
The documents showed that by 2012, XKeyscore was collecting over 41 billion records in a single 30-day period. These were stored on rolling buffers — full content held for three to five days, metadata held for up to 30 days — before being deleted or indexed for longer retention if flagged by an analyst. The scale was not targeted intelligence collection. It was indiscriminate interception followed by selective retention.
Upstream Collection
While PRISM collected data from company servers, the "Upstream" program collected data directly from the fiber optic cables that carry internet traffic across the United States. This was, in essence, the Room 641A program that Mark Klein had documented in 2003, now confirmed at a systemic level. The NSA, working with telecommunications companies, had installed interception equipment at key network junctions and was copying internet traffic in transit.
Upstream collection included a technique called "about collection," which captured communications not just to or from a target, but any communication that merely mentioned a target's identifier. The NSA discontinued about collection for domestic communications in 2017, citing compliance problems — a quiet acknowledgment that the practice had been sweeping up purely domestic communications with no foreign intelligence value.
How Tech Companies Responded
The PRISM revelations triggered an immediate and lasting change in how technology companies approached encryption and government requests. The reputational damage from being perceived as cooperative with mass surveillance was severe enough that companies that had previously resisted end-to-end encryption moved quickly to implement it.
Google accelerated the encryption of traffic between its own data centers — a direct response to NSA documents that showed the agency had been tapping the unencrypted links between Google facilities. Apple introduced end-to-end encryption in iMessage and later expanded it to iCloud backups. WhatsApp, then owned by Facebook, rolled out full end-to-end encryption to its billion users in 2016. Signal became the de facto standard for secure communications among journalists, activists, and security researchers.
The technology industry also became significantly more aggressive about publishing transparency reports — documents disclosing the volume and type of government data requests received. These reports had existed before Snowden, but after 2013 they became more detailed and more adversarial in tone.
The encryption push created a sustained conflict between the intelligence community and technology companies that continues today. FBI Director James Comey began regularly warning about "going dark" — the prospect of investigators losing access to encrypted communications — as early as 2014. The debate over whether the government should have compelled access to encrypted devices reached a public flashpoint in 2016, when the FBI sought a court order requiring Apple to help unlock an iPhone belonging to one of the San Bernardino shooters. Apple refused. The FBI eventually paid a third party to crack the phone, and the case was dropped.
Legal and Legislative Fallout
The Obama administration's initial response to the Snowden revelations was to defend the programs as legal, necessary, and subject to robust oversight. President Obama stated that Congress had been briefed and that federal courts had authorized the collection. Both claims were technically accurate and substantively misleading — the briefings were limited to members of the intelligence committees under classification restrictions that prevented them from discussing what they had learned, and the court authorizations came from the Foreign Intelligence Surveillance Court, a secret body that hears only the government's side of the argument.
In December 2013, federal judge Richard Leon ruled that the NSA's bulk phone records collection was likely unconstitutional, calling it "almost Orwellian" and noting that James Madison, the author of the Fourth Amendment, "would be aghast." A week later, a different federal judge reached the opposite conclusion. The contradiction illustrated the unsettled legal state of a surveillance architecture that had been built largely in secret, without adversarial judicial review.
The USA FREEDOM Act, passed in June 2015, nominally ended the NSA's bulk collection of American phone records under Section 215 of the Patriot Act. Under the new framework, telephone companies were required to retain the records and the NSA would query them with specific selectors rather than receiving the entire database. Critics noted that the reform was narrower than it appeared: other mass collection authorities remained intact, and the telephone metadata program was eventually discontinued entirely in 2019 after the NSA acknowledged it had collected records it was not authorized to collect on multiple occasions.
Section 702 — the authority underlying PRISM and Upstream collection — survived repeated reauthorization debates with minimal structural changes. Congress reauthorized it in 2018 and again in 2024. The 2024 reauthorization expanded the definition of "electronic communication service provider" to potentially include any business that handles electronic communications, broadening the pool of entities that could be compelled to assist with surveillance.
The Current State of NSA Surveillance
More than a decade after the Snowden revelations, the surveillance infrastructure he documented remains substantially intact. The specific programs he named have been modified, renamed, or in some cases formally discontinued — but the legal authorities that enabled them, and the technical architecture that supported them, continue to operate.
The NSA's 2024 annual transparency report acknowledged that under Section 702, the agency collected communications from approximately 149,000 foreign targets in the most recent reporting period. The number of Americans whose communications were incidentally collected in the process is not publicly disclosed. The Office of the Director of National Intelligence has acknowledged that counting such "incidental collection" is technically and methodologically difficult — a position that civil liberties organizations argue is a choice rather than a technical constraint.
The Five Eyes arrangement continues to operate. Intelligence sharing among the US, UK, Canada, Australia, and New Zealand remains the primary framework for allied signals intelligence cooperation, and documents released through ongoing Freedom of Information litigation continue to reveal new dimensions of joint collection activities.
Edward Snowden received Russian citizenship in 2022. He has stated he would return to the United States to face trial if he could be guaranteed a public interest defense — a right that does not exist under the Espionage Act charges he faces. William Binney and Thomas Drake, who attempted to work within the system, had their careers destroyed. Mark Klein's technical documentation was used in a lawsuit that Congress retroactively killed.
The consistent pattern across all of these cases is the same: the surveillance was real, the scale was larger than admitted, the legal authorization was constructed to minimize judicial oversight, and those who tried to expose it faced prosecution while those who conducted it faced none.
What the Record Shows
The history of NSA mass surveillance is not a story about a single program exposed by a single whistleblower. It is a story about a surveillance infrastructure built across six decades, denied at every stage, exposed incrementally by people who paid significant personal prices, and then largely preserved through legal architecture that the public had no meaningful opportunity to contest.
ECHELON was denied until European parliamentary investigation forced acknowledgment. Room 641A was documented photographically and suppressed through retroactive immunity legislation. The bulk phone records program was defended as legal until a federal judge called it Orwellian, and then modified rather than ended. PRISM was unknown to the public until classified documents leaked, despite operating for years under legal authorities that required no public disclosure.
The documents exist. The court orders exist. The technical specifications exist. The congressional testimony of officials who denied these programs, later contradicted by the documentary record, exists. This is not speculation. It is a documented history of what governments build when they can build it in secret.