Although the US government says an NSA program collecting email records of Americans was shut down in December 2011, it is likely the practice still continued, according to documents obtained by the New York Times under the Freedom of Information Act.
Edward Snowden’s leaks first revealed the National Security Agency’s email metadata program to the public, but it was played down compared to other surveillance programs when US officials claimed the email program was dropped in December 2011 for “operational and resource reasons.”
The newly released January 2007 NSA Inspector General report shows that, indeed, other operations or resources were used to replace the NSA’s program. However, the replacement system came under much less scrutiny from the Foreign Intelligence Surveillance Court (FISC), while also circumventing telecommunications companies.
“Other authorities can satisfy certain foreign intelligence requirements that the PRTT program was designed to meet,” the NSA IG report reads, referring to the Pen Register and Trap and Trace program, as it had been called, which was authorized by Section 402 of the Foreign Intelligence Surveillance Act.
FISC had secretly authorized PRTT in 2004, but eventually placed limitations on the program, according to the Office of the Director of National Intelligence. Upon approval from a court order, the database could be accessed using something like an email address as a search target, if it was relevant to an FBI counterterrorism investigation, and if reasonable and articulable suspicion was written down by the analyst.
Moreover, if the email address could reasonably be believed to belong to a US person, the NSA Office of General Counsel would look to make sure the suspected connection to the investigation was not entirely based on First Amendment protected activity.
Citing Section 702 of the FISA Amendments Act, which covers surveillance gathered domestically when the target is a noncitizen outside the US, and the Special Procedures Governing Communications Metadata Analysis (SPCMA) under Executive Order (EO) 12333, which authorizes collection of Americans’ data even when they’re not targets, the NSA IG report outlines how the bulk email metadata collection is still lawful.
By simply using fiber optic internet cables outside the US, the NSA can still obtain domestic email data, and the FISC hardly enters into the equation.