No domestic spying? How NSA collects Americans' cross-border emails
An NSA source has admitted the agency’s data collection technology makes it impossible to intercept communication with foreigners without gathering data on US citizens. This counters Obama’s claim that US surveillance only concerns ‘terrorist threats.’
A senior official at the National Security Agency anonymously
explained the process to The New York Times, broadly confirming
the revelations about US spying mechanisms leaked by Edward
Snowden in previous weeks.
According to Foreign Intelligence Surveillance Act (FISA)
regulations from 2008, the NSA is only allowed to track
communication between foreign suspects, or a foreigner and an
American, without a warrant. Collecting data exchanged between US
citizens that way is illegal.
But it appears to be impossible to filter out data relevant to a
particular suspect in real-time without capturing a much larger
flow of information passing through the world’s communication
cables, as data parcels are fractured and need to be copied whole
before being pieced together.
This data includes communication between non-suspect US citizens,
although accessing such correspondence is illegal.
The needed information concerning legitimate foreign suspects is
picked out from the mass with what the source called a “very
precise” ‘selector’ - an email address, name or some other
form of identifier pertinent to a suspect. Then, a “clone of
selected communication links” such as emails or internet
browsing histories is made. It is then stored and distributed to
other agencies for further investigation.
The rest of the information is discarded, according to the
source. He added that since the overall
amount of data gathered is so huge, it can only be stored for a
limited time – so “retrospective searches” are not
possible. Snowden’s records indicated the storage period to be up
to three days.
But the NSA insider admitted that illegal American data is
gathered not only at the initial stage, but is sometimes
“inadvertently collected” after the filter is applied
(picture it as a very precise Google search that nevertheless
produces accidental results). After presumably being illegally
examined by an NSA agent, this data is removed within “a small
number of seconds.”
The NSA employee claimed that such “overcollection” of US
data occurs routinely, but is regularly reported to overseers,
and the ‘selector’ search mechanisms are modified to produce
results more relevant to catching actual terror suspects.
In response to the revelations, NSA spokesperson Judith A. Emmel
told The Times that the agency “collects only what it is
explicitly authorized to collect,” and that its targets are
“foreign powers and their agents, foreign organizations,
foreign persons or international terrorists.”
Earlier this week, Obama also staunchly defended the NSA.
“We don't have a domestic spying program. What we do have are
some mechanisms where we can track a phone number or an email
address that we know is connected to some sort of terrorist
threat,” the President said on the Tonight Show.
The validity of those statements seems to hinge on a somewhat
narrow and self-defined meaning of what it is to “collect”
data and to “target.”
Assuming that NSA agents work exclusively in good faith and never
break regulations, it is plausible that they “collect”
only information from suspects, and that US individuals are never
“targeted.” That is, their names are never typed in as
‘selectors.’
But in a more general way, it is also clear that even the most
honest-minded NSA staff will possess information relating to
millions of innocent Americans, which they are not legally
allowed to read, and that this information will be accessed on a
routine basis - without any legal or practical supervision.