WASHINGTON/LONDON – White House officials on Wednesday faced deepening political skepticism over a far-reaching counterterrorism program that collects millions of Americans’ phone records, even as they released newly declassified documents in an attempt to spotlight privacy safeguards.
The previously secret material — a court order and reports to Congress — was released by Director of National Intelligence James Clapper as a Senate Judiciary Committee hearing opened Wednesday morning in which lawmakers sharply questioned the efficacy of the collection of bulk phone records. A senior National Security Agency official conceded that the surveillance effort was the primary tool in thwarting only one plot — not the dozens that officials had previously suggested.
In recent weeks, political support for such broad collection has sagged, and the House last week narrowly defeated a bipartisan bid to end the program, at least in its current form. On Wednesday, senior Democratic senators voiced equally strong doubts .
“This bulk-collection program has massive privacy implications,” said Senate Judiciary Committee Chairman Patrick Leahy of Vermont. “The phone records of all of us in this room — all of us in this room — reside in an NSA database. I’ve said repeatedly, just because we have the ability to collect huge amounts of data does not mean that we should be doing so. . . . If this program is not effective, it has to end. So far, I’m not convinced by what I’ve seen.”
Administration officials defended the collection effort and a separate program targeting foreigners’ communication as essential and operating under stringent guidelines.
“With these programs and other intelligence activities, we are constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties,” Deputy Attorney General James Cole said. “We believe these two programs have achieved the right balance.”
Cole nonetheless said the administration is open to amending the program to achieve greater public trust.
The NSA’s phone records collection program began after the September 2001 terrorist attacks and was brought under the supervision of the Foreign Intelligence Surveillance Court in 2006. But its existence remained hidden until June, when the Guardian newspaper in Britain published a classified FISC order to a U.S. phone company to turn over to the NSA all call records. Former NSA contractor Edward Snowden leaked the order to the newspaper.
On Wednesday, The Guardian published new documents provided by the fugitive Snowden that outlined previously unknown features of an NSA data retrieval system called XKeyscore. The newspaper reported that the search tool allowed analysts to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals.”
NSA slides describing the system published with The Guardian article indicated that analysts used it to sift through government databases, including Pinwale, the NSA’s primary storage system for email and other text, and Marina, the primary storage and analysis tool for “metadata.” Another slide described analysts using XKeyscore to access a database containing phone numbers, email addresses, log-ins and Internet user activity generated from other NSA programs.
Other slides appear to carry screenshots showing what analysts would see as they trawled the intercepted conversations, including sample search queries such as “Show me all encrypted word documents from Iran” or “Show me all the word documents that reference Osama bin Laden.”
In an indication of the program’s scope, one slide says that XKeyscore has led to the capture of more than 300 terrorists. In a statement, the NSA said that figure only included captures up to the year 2008, and pushed back against any suggestion of illegal or arbitrary collection of data.
“These types of programs allow us to collect the information that enables us to perform our missions successfully — to defend the nation and to protect U.S. and allied troops abroad,” the statement said.
How and from where the program draws its data isn’t completely clear, but one slide said XKeyscore was supported by 700 servers and 150 sites across the globe. Another slide seemed to show the program drawing data from a body codenamed SSO — an apparent reference to the NSA’s Special Source Operations, which previous Guardian articles have described as capturing large numbers of communications between the United States and other countries.
The volume of data available to analysts through XKeyscore appears to be vast. The Guardian quoted one slide as saying that nearly 42 billion records had been captured by the system during a one-month period in 2012 — a rate of half a trillion records every year. So much content was being collected, the newspaper said, that it could only be stored for short periods of time — generally just a few days.
“At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours,” The Guardian quoted one document as saying.
The newspaper said the disclosures shed light on Snowden’s claim that the NSA’s surveillance programs allowed him while sitting at his desk to “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.” U.S. officials have denied that he had such capability.
In a statement responding to the Guardian report, the NSA said “the implication that NSA’s collection is arbitrary and unconstrained is false. NSA’s activities are focused and specifically deployed against — and only against — legitimate foreign intelligence targets.” The agency further said: “Access to XKEYSCORE, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks. . . . Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.”
On Wednesday, Clapper disclosed the FISA court’s “primary” order that spells out the program’s collection rules and two reports to Congress that discussed the program, which is authorized under Section 215 of the “business records” provision of the Foreign Intelligence Surveillance Act. Administration officials released the documents to reassure critics that the program is strictly supervised and minimally invasive.
For instance, the primary order states that only “appropriately trained and authorized personnel” may have access to the records, which consist of phone numbers of calls made and received, their time and duration, but not names and content. Officials call this metadata. The order also states that to query the data, there must be “reasonable, articulable suspicion,” presumably that the number is linked to a foreign terrorist group.
But the documents fueled more concern about the program’s scope among civil liberties advocates who are pressing the administration to release the legal rationale that might explain what makes such large numbers of records relevant to an authorized investigation.
Perhaps most alarming to some critics was the disclosure, in the order, that queries of the metadata return results that are placed into a “corporate store” that may then be searched for foreign intelligence purposes with fewer restrictions.
That disclosure takes on significance in light of June testimony by Deputy NSA Director John Inglis that analysts could extend their searches by “three hops.” That means that starting from a target’s phone number, analysts can search on the phone numbers of people in contact with the target, then the numbers of people in contact with that group. In theory, that is potentially millions of people, said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, who also testified Wednesday.
The Office of the DNI earlier released a statement that fewer than 300 numbers were queried in 2012. That could still mean potentially hundreds of millions of records, Sen. Richard Durbin, an Illinois Democrat, said at the hearing.
Also, according to the order, the NSA does not need to audit the results of searches of the corporate store.
The order asserts that phone metadata could be obtained with a grand jury subpoena. That may be true for one person or even a group of people, but not for all Americans’ phone records, critics said.
Privacy advocates criticized redactions in the reports to Congress of information about the NSA’s failure to comply with its own internal rules. That is “among the most important information that the American public needs to critically assess whether these programs are proper,” according to Mark Rumold, staff attorney for the Electronic Frontier Foundation.