June 20, 2013

Guidelines of NSA's surveillance program revealed

Documents show the steps taken to protect privacy, but critics say the agency has too much latitude.

By ELLEN NAKASHIMA, GREG MILLER and BARTON GELLMAN The Washington Post

WASHINGTON – The National Security Agency may keep the e-mails and telephone calls of citizens and legal residents if the communications contain "significant foreign intelligence" or evidence of a crime, according to classified documents that lay out procedures for targeting foreigners and for guarding Americans' privacy.

click image to enlarge

This Sept. 19, 2007, file photo, shows the National Security Agency building at Fort Meade, Md. The National Security Agency may keep the e-mails and telephone calls of citizens and legal residents if the communications contain "significant foreign intelligence" or evidence of a crime, according to classified documents that lay out procedures for targeting foreigners and for guarding Americans' privacy.

The Associated Press

Related headlines

Newly disclosed documents describe a series of steps that the world's largest spy agency is supposed to take to keep Americans from being caught in its massive surveillance net. They suggest that the NSA has latitude to keep and use citizens' communications under certain conditions.

The papers, leaked to The Washington Post and Britain's Guardian newspaper, are the first public written documentation of procedures governing a far-reaching NSA surveillance program authorized by Congress in 2008 to gather the e-mails and phone calls of targets who are supposed to be foreigners located overseas.

In recent days, the Obama administration has defended the program as critical to national security, saying it has helped foil more than 50 terrorist plots in the United States and abroad. NSA Director Keith Alexander described it as "limited, focused and subject to rigorous oversight."

Testifying before Congress, Alexander said "the disciplined operation" of this and a related surveillance program "protects the privacy and civil liberties of the American people."

A spokesman for the Office of the Director of National Intelligence declined to comment on the documents Thursday.

Privacy advocates expressed concern about what they viewed as rules that leave much wiggle room for NSA analysts to monitor Americans' communications.

"These documents confirm what we have feared all along, that the NSA believes it can collect Americans' international communications with little, if any, restriction," said Alex Abdo, a staff lawyer with the American Civil Liberties Union. "Its procedures allow it to target for surveillance essentially any foreigner located abroad -- whether or not they're suspected of any wrongdoing, let alone terrorism."

Administration officials say the surveillance program does not target Americans anywhere without a warrant. Still, said Gregory Nojeim, senior counsel for the Center for Democracy and Technology, "there's a lot of leeway to use 'inadvertently' acquired domestic communications," for instance, in criminal prosecutions if they contain evidence of a crime.

Congress authorized the collection program amid a great debate about the degree to which the government was expanding its surveillance authority without sufficient protection for Americans' privacy.

Authorized by Section 702 of the amended Foreign Intelligence Surveillance Act, known as FISA, the program did away with the traditional individual warrant for each foreign suspect whose communications would be collected in the United States. In its place, the FISA court, which oversees domestic surveillance for foreign intelligence purposes and whose proceedings are secret, would certify the government's procedures to target people overseas and ensure citizens' privacy.

It issues a certificate, good for one year, that allows the NSA to order a U.S. Internet or phone company to turn over over e-mails, phone calls and other communications related to a series of foreign targets, none of which the court approved individually.

"What's most striking about the targeting procedures is the discretion they confer on the NSA," said Elizabeth Goitein, co-director of the Brennan Center for Justice's Liberty and National Security program.

In figuring out whether a target is "reasonably believed" to be located overseas, for example, the agency looks at the "totality of the circumstances" relating to a person's location. In the absence of that specific information, "a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person," according to rules on the targeting of suspects.

Nonetheless, the documents contain a series of steps that the NSA may take to determine a foreigner's location. Agency analysts examine leads that may come from other agencies, including from human sources. They conduct research in NSA databases, scrutinize Internet protocol addresses and target "Internet links that terminate in a foreign country."

"When NSA proposes to direct surveillance at a target, it does so because NSA has already learned something about the target," according to the targeting rules. Often, that lead comes from the CIA or a law enforcement agency.

The NSA uses whatever details are contained in that lead to make an initial assessment of whether it is being asked to eavesdrop on an overseas target. But the agency then takes other steps depending on the circumstances, such as scanning databases "to which NSA has access but did not originate" for clues about location.

To prevent U.S. citizens and legal residents from being targeted, NSA keeps a database of phone numbers and e-mail addresses associated with people thought to be living in the United States. New requests are compared to the records on that list. Matches are considered signals to put the surveillance on hold.

The NSA then goes through a sequence of potential additional checks, according to the targeting document. It may look at area codes and the ordinary data packets that accompany e-mails as they cross the Internet. And it may check contact lists associated with e-mail accounts, as well as massive "knowledge databases" that contain CIA intelligence reports.

After it begins intercepting calls or e-mails, the NSA is supposed to continue to look for signs that the individual it is monitoring has entered the United States, which would prompt a halt in surveillance and possibly a notification to the FBI.

The document on "minimization" spells out rules for protecting privacy, some of which have been described publicly. The rules protect not just citizens, but foreigners in the United States.

If domestic communications lack significant foreign intelligence information, they must be promptly destroyed. Communications concerning Americans may not be kept more than five years.

If a target who was outside the U.S. enters the country, the monitoring must stop immediately.

Communications between a person under criminal indictment in the United States and his or her attorney may be preserved if they contain foreign intelligence information. The portions that do not may not be reviewed or used in any criminal prosecution. And any proposed sharing of the communications must be reviewed by the NSA general counsel first.

Were you interviewed for this story? If so, please fill out our accuracy form

Send question/comment to the editors




Further Discussion

Here at PressHerald.com we value our readers and are committed to growing our community by encouraging you to add to the discussion. To ensure conscientious dialogue we have implemented a strict no-bullying policy. To participate, you must follow our Terms of Use.

Questions about the article? Add them below and we’ll try to answer them or do a follow-up post as soon as we can. Technical problems? Email them to us with an exact description of the problem. Make sure to include:
  • Type of computer or mobile device your are using
  • Exact operating system and browser you are viewing the site on (TIP: You can easily determine your operating system here.)