NSA collected US email records in bulk for more than two years under Obama
• Secret program
launched by Bush continued 'until 2011'
• Fisa court renewed collection order every 90 days
• Current NSA programs still mine US internet metadata
• Fisa court renewed collection order every 90 days
• Current NSA programs still mine US internet metadata
By Glenn Greenwald
and Spencer Ackerman
"The
Guardian" -
The
Obama administration for more than two years permitted
the National Security Agency to continue collecting vast
amounts of records detailing the email and
internet usage of Americans, according to secret
documents obtained by the Guardian.
The
documents indicate that under the program, launched in 2001,
a federal judge sitting on the secret
surveillance panel called the
Fisa court would approve a bulk collection order for
internet
metadata
"every 90 days". A senior administration official confirmed
the program, stating that it ended in 2011.
The
collection of these records began under the Bush
administration's wide-ranging warrantless surveillance
program, collectively known by the
NSA codename Stellar Wind.
According to a top-secret draft report by the
NSA's inspector general –
published for the first time today by the Guardian – the
agency began "collection of bulk internet
metadata"
involving "communications with at least one communicant
outside the
United States or for which no communicant was known to
be a citizen of the United States".
Eventually, the
NSA
gained authority to "analyze communications
metadata
associated with United States persons and persons believed
to be in the United States",
according to a 2007 Justice Department memo, which is
marked secret.
The
Guardian
revealed earlier this month that the
NSA
was collecting the call records of millions of US Verizon
customers under a
Fisa
court order that, it later emerged, is renewed every 90
days. Similar orders are in place for other phone carriers.
The
internet
metadata
of the sort
NSA
collected for at least a decade details the accounts to
which Americans sent emails and from which they received
emails. It also details the internet protocol addresses (IP)
used by people inside the United States when sending emails
– information which can reflect their physical location. It
did not include the content of emails.
"The
internet
metadata
collection program authorized by the
Fisa
court was discontinued in 2011 for operational and resource
reasons and has not been restarted," Shawn Turner, the Obama
administration's director of communications for National
Intelligence, said in a statement to the Guardian.
"The
program was discontinued by the executive branch as the
result of an interagency review," Turner continued. He would
not elaborate further.
But
while that specific program has ended, additional secret
NSA
documents seen by the Guardian show that some collection of
Americans' online records continues today. In December 2012,
for example, the NSA launched one new program allowing it to
analyze communications with one end inside the US, leading
to a doubling of the amount of data
passing through its filters.
What your email metadata reveals
The
Obama administration argues that its internal checks on
NSA
surveillance programs, as well as review by the
Fisa
court, protect Americans'
privacy. Deputy attorney general James Cole defended the
bulk collection of Americans' phone records as outside the
scope of the fourth amendment's protections against
unreasonable searches and seizures.
"Toll
records, phone records like this, that don't include any
content, are not covered by the fourth amendment because
people don't have a reasonable expectation of privacy in who
they called and when they called," Cole testified to the
House intelligence committee on June 18. "That's something
you show to the phone company. That's something you show to
many, many people within the phone company on a regular
basis."
But
email
metadata
is different. Customers' data bills do not itemize online
activity by detailing the addresses a customer emailed or
the IP addresses from which customer devices accessed the
internet.
Internal government documents describe how revealing these
email records are. One 2008 document, signed by the US
defense secretary and attorney general, states that the
collection and subsequent analysis included "the information
appearing on the 'to,' 'from' or 'bcc' lines of a standard
email or other electronic communication" from Americans.
In
reality, it is hard to distinguish email
metadata
from email content. Distinctions that might make sense for
telephone conversations and data about those conversations
do not always hold for online communications.
"The
calls you make can reveal a lot, but now that so much of our
lives are mediated by the internet, your IP [internet
protocol] logs are really a real-time map of your brain:
what are you reading about, what are you curious about, what
personal ad are you responding to (with a dedicated email
linked to that specific ad), what online discussions are you
participating in, and how often?" said Julian Sanchez of the
Cato Institute.
"Seeing your IP logs – and especially feeding them through
sophisticated analytic tools – is a way of getting inside
your head that's in many ways on par with reading your
diary," Sanchez added.
The
purpose of this internet
metadata
collection program is detailed in the full classified March
2009 draft report prepared by the
NSA's
inspector general (IG).
One
function of this internet record collection is what is
commonly referred to as "data mining", and which the
NSA
calls "contact chaining". The agency "analyzed networks with
two degrees of separation (two hops) from the target", the
report says. In other words, the NSA studied the online
records of people who communicated with people who
communicated with targeted individuals.
Contact chaining was considered off-limits inside the
NSA
before 9/11. In the 1990s, according to the draft IG report,
the idea was nixed when the Justice Department "told NSA
that the proposal fell within one of the
Fisa
definitions of electronic surveillance and, therefore, was
not permissible when applied to
metadata
associated with presumed US persons".
How
the US government came to collect Americans' email records
The
collection of email
metadata
on Americans began in late 2001, under a top-secret
NSA
program started shortly after 9/11, according to the
documents. Known as Stellar Wind, the program initially did
not rely on the authority of any court – and initially
restricted the NSA from analyzing records of emails between
communicants wholly inside the US.
"NSA
was authorized to acquire telephony and internet
metadata
for communications with at least one communicant outside the
United States or for which no communicant was known to be a
citizen of the United States," the draft report states.
George
W Bush briefly "discontinued" that bulk internet
metadata
collection, involving Americans, after a dramatic rebellion
in March 2004 by senior figures at the Justice Department
and FBI, as the Washington Post first reported. One of the
leaders of that rebellion was deputy attorney general James
Comey, whom Barack Obama nominated last week to run the FBI.
But
Comey's act of defiance did not end the IP
metadata
collection, the documents reveal. It simply brought it under
a newly created legal framework.
As
soon as the
NSA
lost the blessing under the president's directive for
collecting bulk internet
metadata,
the NSA IG report reads, "DoJ [the Department of Justice]
and NSA immediately began efforts to recreate this
authority."
The
DoJ quickly convinced the
Fisa
court to authorize ongoing bulk collection of email
metadata
records. On 14 July 2004, barely two months after Bush
stopped the collection,
Fisa court
chief judge Collen Kollar-Kotelly legally blessed it under a
new order – the first time the surveillance court exercised
its authority over a two-and-a-half-year-old surveillance
program.
Kollar-Kotelly's order "essentially gave
NSA
the same authority to collect bulk internet
metadata
that it had under the PSP [Bush's program], except that it
specified the datalinks from which NSA could collect, and it
limited the number of people that could access the data".
How NSA gained more power to study Americans' online habits
The
Bush email
metadata
program had restrictions on the scope of the bulk email
records the
NSA
could analyze. Those restrictions are detailed in a legal
memorandum written in a 27 November 2007, by assistant
attorney general Kenneth Wainstein to his new boss, attorney
general Michael Mukasey, who had taken office just a few
weeks earlier.
The
purpose of that memorandum was to advise Mukasey of the
Pentagon's view that these restrictions were excessive, and
to obtain permission for the
NSA
to expand its "contact chains" deeper into Americans' email
records. The agency, the memo noted, already had "in its
databases a large amount of communications
metadata
associated with persons in the United States".
But,
Wainstein continued, "NSA's
present practice is to 'stop' when a chain hits a telephone
number or [internet] address believed to be used by a United
States person."
Wainstein told Mukasey that giving
NSA
broader leeway to study Americans' online habits would give
the surveillance agency, ironically, greater visibility into
the online habits of foreigners – NSA's original mandate.
"NSA
believes that it is over-identifying numbers and addresses
that belong to United States persons and that modifying its
practice to chain through all telephone numbers and
addresses, including those reasonably believed to be used by
a United States person," Wainstein wrote, "will yield
valuable foreign intelligence information primarily
concerning non-United States persons outside the United
States."
The
procedures "would clarify that the National Security Agency
(NSA)
may analyze communications
metadata
associated with United States persons and persons believed
to be in the United States", Wainstein wrote.
In
October 2007, Robert Gates, the secretary of defense, signed
a set of "Supplemental Procedures" on internet
metadata,
including what it could do with Americans' data linked in
its contact chains. Mukasey affixed his signature to the
document in January 2008.
"NSA
will continue to disseminate the results of its contact
chaining and other analysis of communications
metadata
in accordance with current procedures governing the
dissemination of information concerning US persons," the
document states, without detailing the "current procedures".
It was
this program that continued for more than two years into the
Obama administration.
Turner, the director of national intelligence spokesman, did
not respond to the Guardian's request for additional details
of the
metadata
program or the reasons why it was stopped.
A
senior administration official queried by the Washington
Post denied that the Obama administration was "using this
program" to "collect internet
metadata
in bulk", but added: "I'm not going to say we're not
collecting any internet metadata."
No comments:
Post a Comment