Allegedly, access to such data is made directly through the main servers of the major companies or through a formal channel requesting the required data from such companies. The companies involved are all US based, and include Google, Facebook, Microsoft and Yahoo among others. The PRISM program has reportedly been in operation since 2007.

When news reports recently revealed that these companies as well as several countries were involved in the PRISM program critics were quick to lament the ‘killing [of] trust in web freedom’. They claimed that such intelligence-gathering methods threatened individuals’ online privacy as well as raised serious questions about transparency and accountability.

The US government has admitted to the existence of PRISM but stated that PRISM is used only for valid foreign intelligence purpose; US citizens and individuals in America are not intentionally targeted; companies supply information to the government when lawfully required to do so; and intelligence-gathering via PRISM is scrutinised by the executive, legislative and judicial branches. As could be expected, critics and naysayers remain unconvinced.

This raises three key questions: should we expect contemporary intelligence-gathering techniques, especially those conducted online, to be more intrusive; can a balance ever be struck between privacy and national security concerns; and how can governments convince their citizens that such activities will not be misused?

Intelligence-gathering post 9-11 is increasingly more complex mainly due to the changing nature of contemporary national security threats as well as the corresponding shift in focus from state to non-state actors. This has increased both the number of consumers of intelligence and the variety and types of intelligence products in demand.

As non-state actors are growing more sophisticated, intelligence agencies must likewise improve their tradecraft or, better yet, stay ahead of their targets to be effective. A common medium of communication often used by non-state actors is the internet and social media and, as such, intelligence-gathering has correspondingly shifted into this domain. The need for timely intelligence requires a quick and efficient method to sieve through voluminous internet traffic and identify relevant data to be analysed and transformed into information. Hence, new techniques of gathering intelligence online, such as the PRISM program, have arisen.

Around the world, intelligence agencies are planning and improving their online surveillance capabilities. For instance, Der Spiegel reports that the German Foreign Intelligence Service will spend 100 million euro over the next five years to expand its online surveillance program.

It would be safe to assume that online intelligence-gathering techniques will continue to expand, and be highly intrusive.

The ongoing debate on striking the right balance between privacy and security concerns is unlikely to be resolved in the foreseeable future. During times of peace, the debate often skews towards increased protection of individual privacy, whereas in times of conflict or tension increasing security at the cost of privacy is regarded more favourably. In any case, the reality, as US President Obama pointed out, is that ‘it’s important to recognise that you can’t have 100 per cent security and also then have 100 per cent privacy and zero inconvenience’.

Given that online intelligence-gathering techniques are highly intrusive and will continue to raise concerns about privacy issues, it is imperative for governments around the world to build and enhance their citizens’ trust in the system. This will help negate (although not eliminate) the aversion, cynicism and suspicion often associated with intelligence-gathering and intelligence agencies.

In addition to having the necessary checks and balances in place within the system — such as the ability of a citizen to seek legal recourse in the event that his/her privacy has been unnecessarily breached — and extensive scrutiny by the three branches of government, it might be useful to apply the UK think-tank Demos’ six ethical principles of intelligence-gathering to guide such activities. These principles are:

1. there must be sufficient, sustainable cause
2. there must be integrity of motive
3. the methods used must be proportionate and necessary
4. there must be right authority, validated by external oversight
5. recourse to secret intelligence must be a last resort if more open sources can be used, and
6. there must be a reasonable prospect of success.

In relation to the PRISM incident, a CNN/ORC poll conducted in the United States recently showed that while 61 per cent of respondents disapproved of how the Obama administration was carrying out surveillance of US citizens in general, 66 per cent did support the government’s actions to gather and analyse online data obtained from IT companies provided it was done to ‘locate suspected terrorists’ and not inappropriately used to target US citizens.

The spectre of 9-11 is a contributory factor to this outcome, but more importantly the statistics seem to suggest that Americans will tolerate reduced privacy for national security provided it is done through proper means and ‘under strict controls’ — an outcome that governments should aspire to achieve.

The ethical principles mentioned above serve primarily as a guide, and operational realities must also be taken into account. For instance, many intelligence-gathering activities must remain secret as their revelation could jeopardise the individuals, organisations or states involved. Also, open source data may be incomplete and/or inaccurate and therefore must be complemented with closed source data to provide a clearer perspective.

Perhaps in the interests of further transparency and accountability, a seventh principle should be added to the above-mentioned: the need to withhold information must be validated through independent review. Ultimately, intelligence serves to reduce uncertainty in decision-making, and must not be used to victimise particular individuals or groups.

Damien D. Cheong is a Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University.

A version of this article was originally published here as RSIS Commentary No. 115/2013.