Last week, President Obama claimed in an interview that the National Security Agency could not listen to Americans’ phone calls or read their emails. But newly revealed secret government documents—the latest in the series of high-profile leaks about classified surveillance—outline how the NSA can sweep up and store Americans’ communications.
The documents, published by the Guardian late Thursday, are signed by Attorney General Eric Holder and stamped with the date July 29, 2009. They were submitted to the secret Foreign Intelligence Surveillance Court and outline the so-called “minimization procedures” the NSA is supposed to follow to limit any “incidental” spying it does on the communications of Americans or permanent U.S. residents. The disclosure sheds light on highly significant surveillance procedures the government has until now managed to keep beyond public scrutiny.
The documents confirm beyond all doubt that the NSA can and does incidentally sweep up domestic communications while targeting foreigners, and it has the authority to retain such communications for up to five years. The NSA has to destroy communications concerning “U.S. persons,” except for cases in which the communication intercepted is deemed to contain “foreign intelligence information”; shows evidence of a crime; relates to a security vulnerability; or contains information pertaining to harm of life or property. In some cases, the NSA can incidentally grab Americans’ communications—without any specific search warrant under the broad authority it has under the Foreign Intelligence Surveillance Act—and pass them on to the FBI or other agencies.
The agency’s justification for gobbling up Americans’ emails and other electronic communications is that it has a limited ability to “filter communications” that it gathers from networks. The procedures show that the NSA can, under a controversial 2008 amendment to FISA, inadvertently gather information about Americans and store it on the vague grounds that the communications “are, or are reasonably believed likely to become, relevant to a current or future foreign intelligence requirement.” The NSA also has authority to automatically store all encrypted communications or communications believed to contain "secret meaning.”
Interestingly, the documents reveal the fairly rigorous processes the NSA apparently goes through in order to identify whether a person is based in the U.S. or overseas. The agency’s analysts can use a filter to scan IP addresses for location. This could mean that foreigners using U.S. proxy services to conceal their real IP address may manage to dupe the NSA’s system. However, the agency appears to have a method for catching what it calls “false positives” by honing in on specific “machine identifiers” attached to a given computer, which it can use to verify location. In addition, one document suggests the NSA has access to the so-called “home location registers” of foreign cellphone users. These registers are databases stored by carriers that maintain records on each customer, including location data. The procedures say the NSA can use this information as “a primary indicator of a foreign user of a mobile telephone entering the United States.”
The disclosure of the documents compounds earlier scoops by the Guardian about secret NSA surveillance programs involving the monitoring of phone records and surveillance of Internet communications. The release will put pressure on the NSA to reveal the true scale of its “incidental” surveillance of Americans, which it has previously claimed it can’t disclose. Perhaps most importantly, the publication of the documents pulls back the curtain of excessive secrecy shrouding the legal processes underpinning the spying, and hammers home the crucial point that Americans’ communications can indeed be intercepted and retained by the NSA without a specific search warrant—contradicting a series of misleading statements made by government officials, including the president, in recent days.