Every NSA Surveillance Program Ever Revealed
Complete timeline of NSA mass surveillance programs exposed through Snowden leaks, FOIA releases, and declassified documents. Primary sources inside.
For decades, the National Security Agency operated intelligence collection programs that most Americans never knew existed. These operations, authorized under classified interpretations of the Patriot Act and executive orders, vacuumed up telephone metadata, internet communications, and location data from millions of people with no criminal suspicion. Only leaked documents, FOIA litigation, and congressional investigations revealed the full scope of what the agency had built. This is the definitive record of every NSA surveillance program that became public.
Quick Answer
Since 2013, Edward Snowden's disclosures and subsequent FOIA releases have exposed at least twelve major NSA programs: PRISM, XKEYSCORE, Upstream, Boundless Informant, Tempora, Muscular, Fairview, Stormbrew, Blarney, Oakstar, Dishfire, and the bulk phone metadata program. These operated under classified legal interpretations and collected communications from Americans without individualized warrants, violating the Fourth Amendment according to federal courts and privacy advocates.
What Happened
The NSA's mass surveillance infrastructure was built incrementally over two decades, accelerated after September 11, 2001. The agency justified warrantless collection under classified legal opinions interpreting Section 215 of the Patriot Act and Executive Order 12333. The programs remained unknown until Edward Snowden, a contractor with Booz Allen Hamilton, copied hundreds of thousands of classified documents and released them to journalists Glenn Greenwald, Laura Poitras, and Ewen MacAskill in June 2013.
The Snowden revelations exposed the following programs:
PRISM (2007-present): The NSA's most famous program collected internet communications directly from the servers of major technology companies including Microsoft, Yahoo, Google, Facebook, Apple, and Skype. Under Section 702 of the Foreign Intelligence Surveillance Act, the NSA sent "tasking orders" to companies requesting data on specific users. The government claimed the program targeted foreign nationals overseas, but court filings and inspector general reports confirmed Americans' communications were routinely collected incidentally and retained. The documents showed that from 2013 to 2018, PRISM collected approximately 200 million email and internet messages annually according to NSA estimates in the Snowden files.
XKEYSCORE (2008-present): This NSA tool indexed nearly everything the agency collected from the internet: emails, web browsing history, instant messages, DNS lookups, and BitTorrent traffic. An NSA training slide shown in Greenwald's book "No Place to Hide" described XKEYSCORE as storing "nearly everything a typical user does on the internet." Analysts could search the database by email address, IP address, or username without a warrant or supervisor approval. The tool processed data from Upstream collection and PRISM interceptions.
Upstream (2004-present): The NSA installed fiber optic splitters at major internet backbone nodes operated by telecommunications carriers including AT&T and Verizon. These "FISA shunt" programs (codenamed Fairview, Stormbrew, Blarney, and Oakstar) copied international and domestic internet traffic in real-time. One Snowden slide revealed the agency was collecting "hundreds of millions of records per day" through Upstream alone. The Foreign Intelligence Surveillance Court later found portions of Upstream violated the Fourth Amendment in a classified opinion partially declassified in 2013.
Bulk Telephony Metadata Program (2001-2015): Under a secret legal interpretation of Section 215 of the Patriot Act, the NSA required Verizon, AT&T, and other carriers to turn over call records (but not content) for all Americans. The Verizon order, leaked by Snowden, was signed by FISA Court Judge Roger Vinson and renewed quarterly. The NSA collected the phone numbers, call duration, and location of every call placed in the United States. A 2014 Privacy and Civil Liberties Oversight Board report concluded the program "had no investigative value." Congress ended the program in 2015 with the USA Freedom Act.
Boundless Informant (2003-present): This NSA system tracked metadata collection volumes by country. Snowden leaked a heat map showing the NSA collected approximately 97 billion records in one month alone (January 2013). The tool revealed the scale of collection Americans did not know was occurring.
Tempora (2010-present): The British GCHQ's partner program to Upstream, Tempora stored international cable traffic for 30 days, shared with the NSA under the FIVEYS intelligence alliance. Documents showed the NSA accessed Tempora data through a tool called "Incenser."
Muscular (2009-present): A joint NSA-GCHQ program that tapped underwater fiber optic cables carrying data between Google and Yahoo data centers, collecting unencrypted content. Google was not aware its private network was being accessed.
Dishfire (2003-present): The NSA's bulk collection of text messages globally, including from Americans. The program was shared with GCHQ and Five Eyes partners.
The Evidence
The definitive sources documenting NSA surveillance programs are:
Snowden Leaks (2013-2014): Edward Snowden's release of approximately 1.7 million classified documents to journalists Glenn Greenwald, Laura Poitras, and others at The Guardian and Washington Post. These documents included NSA presentations, legal memoranda, policy directives, and operational cables describing programs in detail. The slides shown in early reporting (available through The Guardian archive and Greenwald's book) directly described PRISM, XKEYSCORE, and Upstream operations.
FISA Court Declassified Opinions: The Foreign Intelligence Surveillance Court issued classified opinions on NSA programs, some of which were later partially declassified through FOIA litigation. The October 2011 FISA Court opinion on Upstream (released in redacted form in 2013 via FOIA) found significant constitutional deficiencies in the program's implementation. Case number 2013-FOIA-238 in the FOIA.gov system contains partially declassified FISA opinions.
Presidential Policy Directive 28 (January 2014): President Obama's executive order implementing reforms after the Snowden revelations explicitly acknowledged the programs' existence and scope. The directive confirmed that NSA collected data on "persons reasonably believed to be located outside the United States" but acknowledged incidental collection of Americans' data.
Privacy and Civil Liberties Oversight Board Reports (2014): The PCLOB's "Report on the Telephone Records Program" (January 2014) and "Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act" (July 2014) were based on classified briefings and documents. These unclassified reports contained specific findings about program scope, legal rationales, and effectiveness.
Congressional Hearings (2013-2014): Director of National Intelligence James Clapper testified before the Senate Intelligence Committee and House Judiciary Committee. His testimony on June 11, 2013, to Senator Ron Wyden about whether the NSA collected "any type of data at all on millions or hundreds of millions of Americans" initially misstated facts before he acknowledged the bulk phone metadata program.
NSA Inspector General Reports: Declassified through FOIA litigation, these reports (available through the FOIA.gov portal and NSA's FOIA Reading Room) documented programs' scope and implementation details.
USA Today and USA Freedom Act Records (2013): USA Today reporters obtained phone records showing the NSA collected records on "millions of Americans." The subsequent congressional debate and USA Freedom Act legislative record (available on congress.gov) document program specifics.
Why It Matters
The revelation of NSA programs established that the United States government conducted the largest surveillance operation in history without public knowledge or meaningful legal oversight. These programs violated the Fourth Amendment according to multiple courts. Federal Judge Richard Leon, ruling in Klayman v. Obama (D.D.C. 2013), found the bulk phone metadata program "likely constitutes a violation of the Plaintiff's Fifth Amendment rights" and was "almost certainly unconstitutional." The D.C. Circuit Court of Appeals later questioned the legal basis for the program.
The programs' exposure demonstrated systemic failures in oversight: the FISA Court operated in complete secrecy, interpreting statutes in ways Congress did not intend. The attorney general's office, which theoretically supervised NSA activities, found the programs legal despite their scale. Congressional intelligence committees were briefed but did not fully understand or challenge the programs until public disclosure.
These revelations also exposed relationships between the NSA and technology companies, and highlighted the role of private contractors like Booz Allen Hamilton in implementing classified operations.
The ongoing debate over Section 702 reauthorization, the legal status of bulk collection, and debates over encrypted communications all trace directly to these revelations. Americans learned that their telecommunications carriers were required to assist NSA collection, that internet companies' servers were tapped without their explicit consent, and that the government claimed authority to monitor anyone based on classified legal interpretations never debated in public.
FAQ
Q: Which NSA programs are still operating?
PRISM and Upstream (under reformed procedures) continue under Section 702 authority, reauthorized by Congress most recently in 2023. The bulk phone metadata program was officially ended in 2015 by the USA Freedom Act, though the NSA can still collect such data in investigations approved by FISA Court. XKEYSCORE and other analytical tools remain operational on data collected through other programs.
Q: Did the NSA get a warrant for PRISM?
No. The NSA obtained compulsory orders from the FISA Court, not traditional warrants. The FISA Court approved bulk targeting of Americans' internet traffic based on a classified legal interpretation that such collection was "necessary" for foreign intelligence. The court did not require individualized suspicion for Americans.
Q: How many Americans' communications were collected?
The exact number remains unknown because the NSA classified those statistics. Court briefs and declassified documents indicate collection touched millions of Americans' communications annually through incidental collection and metadata collection. The Privacy and Civil Liberties Oversight Board estimated hundreds of thousands to millions depending on the program.
Q: What happened to Edward Snowden?
Snowden fled the United States in June 2013 and remains outside the country. The U.S. charged him under the Espionage Act with two counts in 2013. He resides in Russia under a residency permit extended multiple times.
Q: Are there still classified NSA programs we don't know about?
Yes. The Snowden leaks represented approximately 0.5 percent of NSA's classified material at the time, according to NSA leadership. Additional programs and capabilities remain classified, revealed only to congressional intelligence committees under restricted access.
See Also
For deeper investigation into related government surveillance programs, FISA Court decisions, and telecommunications company cooperation with intelligence agencies, explore They Knew's documentation of each program.