Revealed: the top secret rules that allow NSA to use US data without a warrant
Fisa court
submissions show broad scope of procedures governing NSA's
surveillance of Americans' communication
• Document one: procedures used by NSA to target non-US persons
• Document two: procedures used by NSA to minimise data collected from US persons
• Document one: procedures used by NSA to target non-US persons
• Document two: procedures used by NSA to minimise data collected from US persons
By Glenn Greenwald
and James Ball
Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information "inadvertently" collected from domestic US communications without a warrant.
Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information "inadvertently" collected from domestic US communications without a warrant.
The
Guardian is publishing in full two documents submitted to
the secret Foreign Intelligence Surveillance Court (known as
the
Fisa court), signed by Attorney General Eric Holder and
stamped 29 July 2009. They detail the procedures the NSA is
required to follow to target "non-US persons" under its
foreign intelligence powers and what the agency does to
minimize data collected on US citizens and residents in the
course of that surveillance.
The
documents show that even under authorities governing the
collection of foreign intelligence from foreign targets, US
communications can still be collected, retained and used.
The
procedures cover only part of the NSA's surveillance of
domestic US communications. The bulk collection of domestic
call records,
as first revealed by the Guardian earlier this month,
takes place under rolling court orders issued on the basis
of a legal interpretation of a different authority, section
215 of the Patriot Act.
The
Fisa court's
oversight role
has been referenced many times by Barack Obama and
senior intelligence officials as they have sought to
reassure the public about surveillance, but the procedures
approved by the court have never before been publicly
disclosed.
The
top secret documents published today detail the
circumstances in which data collected on US persons under
the foreign intelligence authority must be destroyed,
extensive steps analysts must take to try to check targets
are outside the US, and reveals how US call records are used
to help remove US citizens and residents from data
collection.
However, alongside those provisions, the Fisa court-approved
policies allow the NSA to:
• Keep
data that could potentially contain details of US persons
for up to five years;
•
Retain and make use of "inadvertently acquired" domestic
communications if they contain usable intelligence,
information on criminal activity, threat of harm to people
or property, are encrypted, or are believed to contain any
information relevant to cybersecurity;
•
Preserve "foreign intelligence information" contained within
attorney-client communications;
•
Access the content of communications gathered from "U.S.
based machine[s]" or phone numbers in order to establish if
targets are located in the US, for the purposes of ceasing
further surveillance.
The
broad scope of the court orders, and the nature of the
procedures set out in the documents, appear to clash with
assurances from President Obama and senior intelligence
officials that the NSA could not access Americans' call or
email information without warrants.
The
documents also show that discretion as to who is actually
targeted under the NSA's foreign surveillance powers lies
directly with its own analysts, without recourse to courts
or superiors – though a percentage of targeting decisions
are reviewed by internal audit teams on a regular basis.
Since
the Guardian first revealed the extent of the NSA's
collection of US communications, there have been repeated
calls for the legal basis of the programs to be released. On
Thursday, two US congressmen
introduced a bill compelling the
Obama administration to declassify the secret legal
justifications for NSA surveillance.
The
disclosure bill, sponsored by Adam Schiff, a California
Democrat, and Todd Rokita, an Indiana Republican, is a
complement to one proposed in the Senate last week. It would
"increase the transparency of the Fisa Court and the state
of the law in this area," Schiff told the Guardian. "It
would give the public a better understanding of the
safeguards, as well as the scope of these programs."
Section 702 of the Fisa Amendments Act (FAA), which was
renewed for five years last December, is the authority under
which the NSA is allowed to collect large-scale data,
including foreign communications and also communications
between the US and other countries, provided the target is
overseas.
FAA
warrants are issued by the Fisa court for up to 12 months at
a time, and authorise the collection of bulk information –
some of which can include communications of US citizens, or
people inside the US. To intentionally target either of
those groups requires an individual warrant.
One-paragraph order
One
such warrant seen by the Guardian shows that they do not
contain detailed legal rulings or explanation. Instead, the
one-paragraph order, signed by a Fisa court judge in 2010,
declares that the procedures submitted by the attorney
general on behalf of the NSA are consistent with US law and
the fourth amendment.
Those
procedures state that the "NSA determines whether a person
is a non-United States person reasonably believed to be
outside the United States in light of the totality of the
circumstances based on the information available with
respect to that person, including information concerning the
communications facility or facilities used by that person".
It
includes information that the NSA analyst uses to make this
determination - including IP addresses, statements made by
the potential target, and other information in the NSA
databases, which can include public information and data
collected by other agencies.
Where
the NSA has no specific information on a person's location,
analysts are free to presume they are overseas, the document
continues.
"In
the absence of specific information regarding whether a
target is a United States person," it states "a person
reasonably believed to be located outside the United States
or whose location is not known will be presumed to be a
non-United States person unless such person can be
positively identified as a United States person."
If it
later appears that a target is in fact located in the US,
analysts are permitted to look at the content of messages,
or listen to phone calls, to establish if this is indeed the
case.
Referring to steps taken to prevent intentional collection
of telephone content of those inside the US, the document
states: "NSA analysts may analyze content for indications
that a foreign target has entered or intends to enter the
United States. Such content analysis will be conducted
according to analytic and intelligence requirements and
priorities."
Details set out in the "minimization procedures", regularly
referred to
in House and Senate hearings, as well as public
statements in recent weeks, also raise questions as to the
extent of monitoring of US citizens and residents.
NSA
minimization procedures signed by Holder in 2009 set out
that once a target is confirmed to be within the US,
interception must stop immediately. However, these
circumstances do not apply to large-scale data where the NSA
claims it is unable to filter US communications from non-US
ones.
The
NSA is empowered to retain data for up to five years and the
policy states "communications which may be retained include
electronic communications acquired because of limitations on
the NSA's ability to filter communications".
Even
if upon examination a communication is found to be domestic
– entirely within the US – the NSA can appeal to its
director to keep what it has found if it contains
"significant foreign intelligence information", "evidence of
a crime", "technical data base information" (such as
encrypted communications), or "information pertaining to a
threat of serious harm to life or property".
Domestic communications containing none of the above must be
destroyed. Communications in which one party was outside the
US, but the other is a US-person, are permitted for
retention under FAA rules.
The
minimization procedure adds that these can be disseminated
to other agencies or friendly governments if the US person
is anonymised, or including the US person's identity under
certain criteria.
A
separate section of the same document notes that as soon as
any intercepted communications are determined to have been
between someone under US criminal indictment and their
attorney, surveillance must stop. However, the material
collected can be retained, if it is useful, though in a
segregated database:
"The
relevant portion of the communication containing that
conversation will be segregated and the National Security
Division of the Department of Justice will be notified so
that appropriate procedures may be established to protect
such communications from review or use in any criminal
prosecution, while preserving foreign intelligence
information contained therein," the document states.
In
practice, much of the decision-making appears to lie with
NSA analysts, rather than the Fisa court or senior
officials.
A
transcript of a 2008 briefing on FAA from the NSA's general
counsel sets out how much discretion NSA analysts possess
when it comes to the specifics of targeting, and making
decisions on who they believe is a non-US person. Referring
to a situation where there has been a suggestion a target is
within the US.
"Once
again, the standard here is a reasonable belief that your
target is outside the United States. What does that mean
when you get information that might lead you to believe the
contrary? It means you can't ignore it. You can't turn a
blind eye to somebody saying: 'Hey, I think so and so is in
the United States.' You can't ignore that. Does it mean you
have to completely turn off collection the minute you hear
that? No, it means you have to do some sort of
investigation: 'Is that guy right? Is my target here?" he
says.
"But,
if everything else you have says 'no' (he talked yesterday,
I saw him on TV yesterday, even, depending on the target, he
was in Baghdad) you can still continue targeting but you
have to keep that in mind. You can't put it aside. You have
to investigate it and, once again, with that new information
in mind, what is your reasonable belief about your target's
location?"
The
broad nature of the court's oversight role, and the
discretion given to NSA analysts, sheds light on responses
from the administration and internet companies to the
Guardian's disclosure of the
PRISM program. They have stated that the content of
online communications is turned over to the NSA only
pursuant to a court order. But except when a US citizen is
specifically targeted, the court orders used by the NSA to
obtain that information as part of Prism are these general
FAA orders, not individualized warrants specific to any
individual.
Once
armed with these general orders, the NSA is empowered to
compel telephone and internet companies to turn over to it
the communications of any individual identified by the NSA.
The Fisa court plays no role in the selection of those
individuals, nor does it monitor who is selected by the NSA.
The
NSA's ability to collect and retain the communications of
people in the US, even without a warrant, has fuelled
congressional demands for an estimate of how many Americans
have been caught up in surveillance.
Two US
senators, Ron Wyden and Mark Udall – both members of the
Senate intelligence committee – have been seeking this
information since 2011, but senior White House and
intelligence officials have repeatedly insisted that the
agency is unable to gather such statistics.
No comments:
Post a Comment