A lot remains uncertain about the number of users affected by the NSA PRISM surveillance program that is taking place, the extent to which companies are involved, and how the NSA handles this sensitive data. Does the NSA regularly collect and examine a huge swath of the cloud communications of American and foreign Internet users? Does the agency present evidence and seek careful judicial review to obtain limited amounts of user data related to individual investigations? Or is the answer somewhere in the middle, with queries being constructed such that algorithms scan most or all of the accounts, identifying a smaller set of "interesting" accounts whose contents are sent to the NSA?

This post attempts to set out some fundamental questions that we need answered in order to gain enough clarity on the surveillance taking place to have an informed democratic policy debate.1 We also give our approximations of the realistic "Best case" and "Worst case" scenarios given what we already know about the program, to highlight the range of possible realities.

Best case: The NSA sends a small number FISA 702 orders that are narrowly targeted for specific investigations and touch upon only a small number of user accounts; ideally at most hundreds or perhaps thousands of accounts have information passed on to the NSA every year.

Worst case: Companies receive incredibly broad FISA 702 orders that result in turning over huge swaths of user data to the NSA on a regular or ongoing basis, such as the emails of all users in a particular country, or any that contain a phrase like “golden gate bridge”.

Best case: The NSA is not monitoring any metadata or content data of users except via lawful and targeted requests made to the companies.

Worst case: The NSA is broadly monitoring user metadata and content data without any company involvement.

Best case: Data is only sought once there is substantial evidence of terrorism of other activities that might affect national security. Only data relevant to an active investigation is stored, and only as long as it is needed. Data that is not relevant is immediately deleted. All employee access of private data is logged and regularly reviewed for inappropriate or questionable uses.

Worst case: Analysts can go on fishing expeditions without any evidence of wrongdoing. Data is stored indefinitely. Irrelevant data is not discarded, including domestic data on American users. There are few checks on how employees with access can use the tools at their disposal, and little accountability as a result.

America has long struggled to reconcile democratic principles with intelligence imperatives. Striking the right balance is difficult; while there may be legitimate arguments for confidentiality with respect to specific sources and operations, secret legal interpretations and practices are plainly antithetical to American values: the public, acting through Congress, gets to decide what's allowed. That critical governance process is only possible with transparency. Implausible and unsubstantiated claims that oversight endangers national security only further erode the American public's trust in the intelligence community. We hope that the NSA will choose a better path: appropriately declassify information, work with companies to disclose the scope of their surveillance programs, and earn the trust of the American public. We urge you to join us in asking the hard questions.

• 1. Note that the following questions are about the sources for the collection of information, and the scope of that collection, but aren't centered around “PRISM” itself to avoid the word games that government and intelligence agency officials have played to avoid giving substantive answers about the surveillance taking place.
• 2. FISA 702 orders refer to 50 USC § 1881a.