Published on Portside (https://portside.org)
Official - NSA Did Keep Its E-Mail Metadata Program After It
'Ended' In 2011
Cyrus Farivar
Friday, November 20, 2015
Ars Technica
Though it was revealed by Edward Snowden in June 2013, the
National Security Agency's (NSA) infamous secret program to domestically
collect Americans’ e-mail metadata in bulk technically ended in December 2011.
Or so we thought. A new document obtained through a lawsuit filed by The New York
Times [1] confirms that this program effectively continued under
the authority of different government programs [2] with
less scrutiny from the Foreign Intelligence Surveillance Court (FISC).
The bulk electronic communications metadata program was initially
authorized by the government under the Pen Register and Trap and Trace (PRTT)
provision, also known as Section 402 of the Foreign Intelligence Surveillance
Act. The Times’ document [3], a
previously-top secret National Security Agency Inspector General (NSA IG)
report from January 2007, contains a lot of intelligence jargon but crucially
notes: "Other authorities can satisfy certain foreign intelligence
requirements that the PRTT program was designed to meet."
While such a theory had been pushed previously by some national security watchers [4], including
Marcy Wheeler, this admission had yet to be officially confirmed. Wheeler
argued that not only do the post-PRTT programs achieve the same goal, but she
believed they were in fact more expansive than what was previously
allowed.
The bulk metadata program, which began in secret under
authorization from the FISC in 2004, allowed the NSA to collect all
domestic e-mail metadata including to, from, date, and time. When this program
was revealed by the Snowden leaks in The Guardian [5], the
government said that the PRTT program had been shut down 18 months earlier for
"operational and resource reasons."
It was believed that the FISC imposed [6] a number of
restrictions on the PRTT program, according to the Office of the Director of
National Intelligence (ODNI) itself.
The databases could be queried using an identifier such as an
email address only when an analyst had a reasonable and articulable suspicion
that the email address was associated with certain specified foreign terrorist
organizations that were the subject of FBI counterterrorism investigations. The
basis for that suspicion had to be documented in writing and approved by a
limited number of designated approving officials identified in the Court’s
Order. Moreover, if an identifier was reasonably believed to be used by a
United States person, NSA’s Office of General Counsel would also review the
determination to ensure that the suspected association was not based solely on
First Amendment-protected activities.
The PRTT program was designed to
help the intelligence community intercept and analyze "one-end
foreign" communication—in other words, people in the US communicating with
people outside the US.
EO 12333 strikes again
The newly public document cites two legal authorities that
govern foreign data collection: Section 702 of the FISA Amendments Act and
the Special Procedures Governing Communications Metadata
Analysis (SPCMA) [7], which sits under Executive Order (EO) 12333 [8].
Section 702 [9] largely
governs content collection wholly outside the United States (it’s what PRISM
falls under). Meanwhile, EO 12333, which ex-government officials (including
Snowden himself) have complained [10] about,
is a broad Reagan-era authority that allows data collection on Americans even
when Americans aren't specifically targeted. Without this executive order, such
actions would be forbidden under the Foreign Intelligence Surveillance Act [11] (FISA)
of 1978.
[12]
EO 12333 specifically allows the intelligence community to
"collect, retain, or disseminate information concerning United States
persons" if that information is "obtained in the course of a lawful
foreign intelligence, counterintelligence, international narcotics, or
international terrorism investigation."'
According to John Tye, a former State Department official who spoke with Ars in August 2014 [14], EO 12333
has the potential to be abused as it could "incidentally" collect
foreign-held data on Americans. "12333 is used to target foreigners
abroad, and collection happens outside the US," he told Ars. "My
complaint is not that they’re using it to target Americans, my complaint is
that the volume of incidental collection on US persons is
unconstitutional."
Tye continued:
There are networks of servers all over the world and there have
been news stories on Google and Yahoo—the minute the data leaves US soil it can
be collected under 12333. That’s true not just for Google and Yahoo, that’s
true for Facebook, Apple iMessages, Skype, Dropbox, and Snapchat. Most likely
that data is stored at some point outside US or transits outside the US. Pretty
much every significant service that Americans use, at some point it transits
outside the US.
Hypothetically, under 12333 the NSA could target a single
foreigner abroad. And hypothetically if, while targeting that single person,
they happened to collect every single Gmail and every single Facebook message
on the company servers not just from the one person who is the target, but from
everyone—then the NSA could keep and use the data from those three billion
other people. That’s called 'incidental collection.' I will not confirm or deny
that that is happening, but there is nothing in 12333 to prevent that from
happening.
UPDATE Saturday 12:55pm ET: Tye also e-mailed Friday evening,
adding:
Yes, this is consistent with what I've been saying. One of the key
points is that section 215 provides only a small part of the data that the NSA
collects on US persons; most such data is collected outside the borders of the
US under EO 12333.
There is a lot more than even the Savage article explains. We're
beginning to scratch the surface.
Source URL: https://portside.org/2015-11-23/it%E2%80%99s-official-nsa-did-keep-its-e-mail-metadata-program-after-it-ended-2011
Links:
[1] http://www.nytimes.com/2015/11/20/us/politics/records-show-email-analysis-continued-after-nsa-program-ended.html
[2] http://electrospaces.blogspot.com/2015/09/nsas-legal-authorities.html
[3] https://www.documentcloud.org/documents/2511338-savage-nyt-foia-nsa-release-11-10-2015.html#document/p65/a260431
[4] https://www.emptywheel.net/2015/11/20/the-reasons-to-shut-down-the-domestic-internet-dragnet-purpose-and-dissemination-limits-correlations-and-functionality/
[5] http://www.theguardian.com/world/2013/jun/27/nsa-data-mining-authorised-obama
[6] http://www.dni.gov/index.php/newsroom/press-releases/198-press-releases-2014/1099-newly-declassified-documents-regarding-the-now-discontinued-nsa-bulk-electronic-communications-metadata-pursuant-to-section-401-of-the-foreign-intelligence-surveillance-act
[7] http://electrospaces.blogspot.com/2015/09/nsas-legal-authorities.html#spcma
[8] http://www.archives.gov/federal-register/codification/executive-order/12333.html
[9] http://icontherecord.tumblr.com/topics/section-702
[10] http://arstechnica.com/tech-policy/2014/08/a-twisted-history-how-a-reagan-era-executive-order-led-to-mass-spying/
[11] https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act
[12] http://cdn.arstechnica.net/wp-content/uploads/2015/11/12333flowchart.jpg
[13] https://edwardsnowden.com/2014/07/24/sigint-authority-decision-tree/
[14] http://arstechnica.com/tech-policy/2014/08/meet-john-tye-the-kinder-gentler-and-by-the-book-whistleblower/
[2] http://electrospaces.blogspot.com/2015/09/nsas-legal-authorities.html
[3] https://www.documentcloud.org/documents/2511338-savage-nyt-foia-nsa-release-11-10-2015.html#document/p65/a260431
[4] https://www.emptywheel.net/2015/11/20/the-reasons-to-shut-down-the-domestic-internet-dragnet-purpose-and-dissemination-limits-correlations-and-functionality/
[5] http://www.theguardian.com/world/2013/jun/27/nsa-data-mining-authorised-obama
[6] http://www.dni.gov/index.php/newsroom/press-releases/198-press-releases-2014/1099-newly-declassified-documents-regarding-the-now-discontinued-nsa-bulk-electronic-communications-metadata-pursuant-to-section-401-of-the-foreign-intelligence-surveillance-act
[7] http://electrospaces.blogspot.com/2015/09/nsas-legal-authorities.html#spcma
[8] http://www.archives.gov/federal-register/codification/executive-order/12333.html
[9] http://icontherecord.tumblr.com/topics/section-702
[10] http://arstechnica.com/tech-policy/2014/08/a-twisted-history-how-a-reagan-era-executive-order-led-to-mass-spying/
[11] https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act
[12] http://cdn.arstechnica.net/wp-content/uploads/2015/11/12333flowchart.jpg
[13] https://edwardsnowden.com/2014/07/24/sigint-authority-decision-tree/
[14] http://arstechnica.com/tech-policy/2014/08/meet-john-tye-the-kinder-gentler-and-by-the-book-whistleblower/
- See more at: https://portside.org/print/node/10219#sthash.M1AhF9B2.dpuf
Donations can be sent
to the Baltimore Nonviolence Center, 325 E. 25th St., Baltimore, MD
21218. Ph: 410-366-1637; Email: mobuszewski [at] verizon.net. Go to http://baltimorenonviolencecenter.blogspot.com/
"The master class
has always declared the wars; the subject class has always fought the battles.
The master class has had all to gain and nothing to lose, while the subject
class has had nothing to gain and everything to lose--especially their
lives." Eugene Victor Debs
No comments:
Post a Comment