No domestic spying? How NSA collects Americans' cross-border emails
An NSA source has admitted the agency’s data collection technology makes it impossible to intercept communication with foreigners without gathering data on US citizens. This counters Obama’s claim that US surveillance only concerns ‘terrorist threats.’
A senior official at the National Security Agency anonymously
explained the process to The New York Times, broadly confirming
the revelations about US spying mechanisms leaked by Edward
Snowden in previous weeks.
According to Foreign Intelligence Surveillance Act (FISA) regulations from 2008, the NSA is only allowed to track communication between foreign suspects, or a foreigner and an American, without a warrant. Collecting data exchanged between US citizens that way is illegal.
But it appears to be impossible to filter out data relevant to a particular suspect in real-time without capturing a much larger flow of information passing through the world’s communication cables, as data parcels are fractured and need to be copied whole before being pieced together.
This data includes communication between non-suspect US citizens, although accessing such correspondence is illegal.
The needed information concerning legitimate foreign suspects is
picked out from the mass with what the source called a “very
precise” ‘selector’ - an email address, name or some other
form of identifier pertinent to a suspect. Then, a “clone of
selected communication links” such as emails or internet
browsing histories is made. It is then stored and distributed to
other agencies for further investigation.
The rest of the information is discarded, according to the source. He added that since the overall amount of data gathered is so huge, it can only be stored for a limited time – so “retrospective searches” are not possible. Snowden’s records indicated the storage period to be up to three days.
But the NSA insider admitted that illegal American data is gathered not only at the initial stage, but is sometimes “inadvertently collected” after the filter is applied (picture it as a very precise Google search that nevertheless produces accidental results). After presumably being illegally examined by an NSA agent, this data is removed within “a small number of seconds.”
The NSA employee claimed that such “overcollection” of US data occurs routinely, but is regularly reported to overseers, and the ‘selector’ search mechanisms are modified to produce results more relevant to catching actual terror suspects.
In response to the revelations, NSA spokesperson Judith A. Emmel
told The Times that the agency “collects only what it is
explicitly authorized to collect,” and that its targets are
“foreign powers and their agents, foreign organizations,
foreign persons or international terrorists.”
Earlier this week, Obama also staunchly defended the NSA.
“We don't have a domestic spying program. What we do have are some mechanisms where we can track a phone number or an email address that we know is connected to some sort of terrorist threat,” the President said on the Tonight Show.
The validity of those statements seems to hinge on a somewhat narrow and self-defined meaning of what it is to “collect” data and to “target.”
Assuming that NSA agents work exclusively in good faith and never break regulations, it is plausible that they “collect” only information from suspects, and that US individuals are never “targeted.” That is, their names are never typed in as ‘selectors.’
But in a more general way, it is also clear that even the most honest-minded NSA staff will possess information relating to millions of innocent Americans, which they are not legally allowed to read, and that this information will be accessed on a routine basis - without any legal or practical supervision.