Papers define limits of NSA’s spy program

Agency may keep data about emails, phone call if intel found

The Washington Post

The National Security Agency may keep the emails and telephone calls of citizens and legal residents if the communications contain “significant foreign intelligence” or evidence of a crime, according to classified documents that lay out procedures for targeting foreigners and for guarding Americans’ privacy.

Newly disclosed documents describe a series of steps the world’s largest spy agency is supposed to take to keep Americans from being caught in its massive surveillance net. The documents suggest that the NSA has latitude to keep and use citizens’ communications under certain conditions.

The papers, leaked to The Washington Post and Britain’s Guardian newspaper, are the first public written documentation of procedures governing a far-reaching NSA surveillance program authorized by Congress in 2008 to gather the emails and phone calls of targets who are supposed to be foreigners located overseas.

In recent days, the Obama administration has defended the program as critical to national security, saying it has helped foil more than 50 terrorist plots in the United States and abroad. NSA Director Keith Alexander described it as “limited, focused and subject to rigorous oversight.”

Testifying before Congress, Alexander said “the disciplined operation” of this and a related surveillance program “protects the privacy and civil liberties of the American people.”

A spokesman for the Office of the Director of National Intelligence declined to comment on the documents Thursday.

Privacy advocates expressed concern about what they viewed as rules that leave much wiggle room for NSA analysts to monitor Americans’ communications.

“These documents confirm what we have feared all along, that the NSA believes it can collect Americans’ international communications with little, if any, restriction,” said Alex Abdo, a staff lawyer with the American Civil Liberties Union.

“Its procedures allow it to target for surveillance essentially any foreigner located abroad — whether or not they’re suspected of any wrongdoing, let alone terrorism.”

Administration officials say the surveillance program does not target Americans anywhere without a warrant.

Still, said Gregory Nojeim, senior counsel for the Center for Democracy and Technology, “there’s a lot of leeway to use ‘inadvertently’ acquired domestic communications,” for instance, in criminal prosecutions if they contain evidence of a crime.

Congress authorized the collection program amid a great debate about the degree to which the government was expanding its surveillance authority without sufficient protection for Americans’ privacy.

Authorized by Section 702 of the amended Foreign Intelligence Surveillance Act (FISA), the program did away with the traditional individual warrant for each foreign suspect whose communications would be collected in the United States. In its place, the FISA court, which oversees domestic surveillance for foreign intelligence purposes and whose proceedings are secret, would certify the government’s procedures to target people overseas and ensure citizens’ privacy.

It issues a certificate, good for one year, that allows the NSA to order a U.S. Internet or phone company to turn over emails, phone calls and other communications related to a series of foreign targets, none of which the court approved individually.

In figuring out whether a target is “reasonably believed” to be located overseas, for example, the agency looks at the “totality of the circumstances” relating to a person’s location. In the absence of that specific information, “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person,” according to rules on the targeting of suspects.

Nonetheless, the documents contain a series of steps the NSA may take to determine a foreigner’s location. Agency analysts examine leads that may come from other agencies, including from human sources. They conduct research in NSA databases, scrutinize Internet protocol addresses and target “Internet links that terminate in a foreign country.”

“When NSA proposes to direct surveillance at a target, it does so because NSA has already learned something about the target,” according to the targeting rules. Often, that lead comes from the CIA or a law enforcement agency.

The NSA uses whatever details are contained in that lead to make an initial assessment of whether it is being asked to eavesdrop on an overseas target. But the agency then takes other steps depending on the circumstances, such as scanning databases “to which NSA has access but did not originate” for clues about location.

After it begins intercepting calls or emails, the NSA is supposed to continue to look for signs that the individual it is monitoring has entered the United States, which would prompt a halt in surveillance and possibly a notification to the FBI.

  • KAB

    I find it interesting that there is so little talk about the fact that the companies that provided information to the NSA also admit to giving similar information to the governments of several dozen other countries…