What You Need to Know About the NSA’s Surveillance Programs

This story was orig­i­nally pub­lished on June 27, 2013. There have been a lot of news sto­ries about NSA sur­veil­lance pro­grams fol­low­ing the leaks of secret doc­u­ments by Edward Snow­den. But it seems the more we read, the less clear things are. We’ve put together a detailed snap­shot of what’s known and what’s been reported where.

What infor­ma­tion does the NSA col­lect and how?

We don’t know all of the dif­fer­ent types of infor­ma­tion the NSA col­lects, but sev­eral secret col­lec­tion pro­grams have been revealed: A record of most calls made in the U.S., includ­ing the tele­phone num­ber of the phones mak­ing and receiv­ing the call, and how long the call lasted. This infor­ma­tion is known as “meta­data” and doesn’t include a record­ing of the actual call (see below). This pro­gram was revealed through a leaked secret court order instruct­ing Ver­i­zon to turn over all such infor­ma­tion on a daily basis. Other phone com­pa­nies, includ­ing AT&T and Sprint, also report­edly give their records to the NSA on a con­tin­ual basis. All together, this is sev­eral bil­lion calls per day. Email, Face­book posts and instant mes­sages for an unknown num­ber of peo­ple, via PRISM (a sur­veil­lance program) are also included, which involves the coop­er­a­tion of at least nine dif­fer­ent tech­nol­ogy com­pa­nies. Google, Face­book, Yahoo and oth­ers have denied that the NSA has “direct access” to their servers, say­ing they only release user infor­ma­tion in response to a court order. Face­book has revealed that, in the last six months of 2012, they handed over the pri­vate data of between 18,000 and 19,000 users to law enforce­ment of all types — includ­ing local police and fed­eral agen­cies, such as the FBI, Fed­eral Mar­shals and the NSA.

Mas­sive amounts of raw Inter­net traffic

The NSA inter­cepts huge amounts of raw data, and stores bil­lions of com­mu­ni­ca­tion records per day in its data­bases. Using the NSA’s XKEYSCORE soft­ware, ana­lysts can see “nearly every­thing a user does on the Inter­net” includ­ing emails, social media posts, web sites you visit, addresses typed into Google Maps, files sent, and more. Cur­rently the NSA is only autho­rized to inter­cept Inter­net com­mu­ni­ca­tions with at least one end out­side the U.S., though the domes­tic col­lec­tion pro­gram used to be broader. But because there is no fully reli­able auto­matic way to sep­a­rate domes­tic from inter­na­tional com­mu­ni­ca­tions, this pro­gram also cap­tures some amount of U.S. cit­i­zens’ purely domes­tic Inter­net activ­ity, such as emails, social media posts, instant mes­sages, the sites you visit and online pur­chases you make.

The con­tents of an unknown num­ber of phone calls

There have been sev­eral reports that the NSA records the audio con­tents of some phone calls and a leaked doc­u­ment con­firms this. This report­edly hap­pens “on a much smaller scale” than the pro­grams above, after ana­lysts select spe­cific peo­ple as “tar­gets.” Calls to or from U.S. phone num­bers can be recorded, as long as the other end is out­side the U.S. or one of the callers is involved in “inter­na­tional ter­ror­ism”. There does not seem to be any pub­lic infor­ma­tion about the col­lec­tion of text mes­sages, which would be much more prac­ti­cal to col­lect in bulk because of their smaller size. The NSA has been pro­hib­ited from record­ing domes­tic com­mu­ni­ca­tions since the pas­sage of the For­eign Intel­li­gence Sur­veil­lance Act but at least two of these pro­grams — phone records col­lec­tion and Inter­net cable taps — involve huge vol­umes of Amer­i­cans’ data.

Does the NSA record every­thing about every­one, all the time?

The NSA records as much infor­ma­tion as it can, sub­ject to tech­ni­cal lim­i­ta­tions (there’s a lot of data) and legal con­straints. This cur­rently includes the meta­data for nearly all tele­phone calls made in the U.S. (but not their con­tent) and mas­sive amounts of Inter­net traf­fic with at least one end out­side the U.S. It’s not clear exactly how many cables have been tapped, though we know of at least one inside the U.S., a secret report about the pro­gram by the NSA’s Inspec­tor Gen­eral men­tions mul­ti­ple cables, and the vol­ume of inter­cepted infor­ma­tion is so large that it was processed at 150 sites around the world as of 2008. We also know that Britain’s GCHQ, which shares some intel­li­gence with the NSA, had tapped over 200 cables as of 2012, belong­ing to seven dif­fer­ent telecom­mu­ni­ca­tions com­pa­nies. Until 2011 the NSA also oper­ated a domes­tic Inter­net meta­data pro­gram which col­lected mass records of who emailed who even if both par­ties were inside the U.S. Because it is not always pos­si­ble to sep­a­rate domes­tic from for­eign com­mu­ni­ca­tions by auto­matic means, the NSA still cap­tures some amount of purely domes­tic infor­ma­tion, and it is allowed to do so by the For­eign Intel­li­gence Sur­veil­lance Court. The col­lected infor­ma­tion cov­ers “nearly every­thing a user does on the Inter­net,” accord­ing to a pre­sen­ta­tion on the XKEYSCORE sys­tem. The slides specif­i­cally men­tion emails, Face­book chats, web­sites vis­ited, Google Maps searches, trans­mit­ted files, pho­tographs, and doc­u­ments of dif­fer­ent kinds. It’s also pos­si­ble to search for peo­ple based on where they are con­nect­ing from, the lan­guage they use, or their use of pri­vacy tech­nolo­gies such as VPNs and encryp­tion, accord­ing to the slides. This is a mas­sive amount of data. The full con­tents of inter­cepted Inter­net traf­fic can only be stored for up to a few days, depend­ing on the col­lec­tion site, while the asso­ci­ated “meta­data” (who com­mu­ni­cated with whom online) is stored up to 30 days. Tele­phone meta­data is smaller and is stored for five years. NSA ana­lysts can move spe­cific data to more per­ma­nent data­bases when they become rel­e­vant to an inves­ti­ga­tion. The NSA also col­lects nar­rower and more detailed infor­ma­tion on spe­cific peo­ple, such as the actual audio of phone calls and the entire con­tent of email accounts. NSA ana­lysts can sub­mit a request to obtain these types of more detailed infor­ma­tion about spe­cific peo­ple. Watch­ing a spe­cific per­son like this is called “tar­get­ing” by the For­eign Intel­li­gence Sur­veil­lance Act, the law which autho­rizes this type of indi­vid­ual sur­veil­lance. The NSA is allowed to record the con­ver­sa­tions of non-Americans with­out a spe­cific war­rant for each per­son mon­i­tored, if at least one end of the con­ver­sa­tion is out­side of the U.S. It is also allowed to record the com­mu­ni­ca­tions of Amer­i­cans if they are out­side the U.S. and the NSA first gets a war­rant for each case. It’s not known exactly how many peo­ple the NSA is cur­rently tar­get­ing, but accord­ing to a leaked report the NSA inter­cepted con­tent from 37,664 tele­phone num­bers and email addresses from Octo­ber 2001 to Jan­u­ary 2007. Of these, 8% were domes­tic: 2,612 U.S. phone num­bers and 406 U.S. email addresses. How the NSA actu­ally gets the data depends on the type of infor­ma­tion requested. If the ana­lyst wants someone’s pri­vate emails or social media posts, the NSA must request that spe­cific data from com­pa­nies such as Google and Face­book. Some tech­nol­ogy com­pa­nies (we don’t know which ones) have FBI mon­i­tor­ing equip­ment installed “on the premises” and the NSA gets the infor­ma­tion via the FBI’s Data Inter­cept Tech­nol­ogy Unit. The NSA also has the capa­bil­ity to mon­i­tor calls made over the Inter­net (such as Skype calls) and instant mes­sag­ing chats as they hap­pen. For infor­ma­tion that is already flow­ing through Inter­net cables that the NSA is mon­i­tor­ing, or the audio of phone calls, a tar­get­ing request instructs auto­matic sys­tems to watch for the com­mu­ni­ca­tions of a spe­cific per­son and save them. It’s impor­tant to note that the NSA prob­a­bly has infor­ma­tion about you even if you aren’t on this tar­get list. If you have pre­vi­ously com­mu­ni­cated with some­one who has been tar­geted, then the NSA already has the con­tent of any emails, instant mes­sages, phone calls, etc. you exchanged with the tar­geted per­son. Also, your data is likely in bulk records such as phone meta­data and Inter­net traf­fic record­ings. This is what makes these pro­grams “mass sur­veil­lance,” as opposed to tra­di­tional wire­taps, which are autho­rized by indi­vid­ual, spe­cific court orders.

What does phone call meta­data infor­ma­tion reveal, if it doesn’t include the con­tent of the calls?

Even with­out the con­tent of all your con­ver­sa­tions and text mes­sages, so-called “meta­data” can reveal a tremen­dous amount about you. If they have your meta­data, the NSA would have a record of your entire address book, or at least every per­son you’ve called in the last sev­eral years. They can guess who you are close to by how often you call some­one, and when. By cor­re­lat­ing the infor­ma­tion from mul­ti­ple peo­ple, they can do sophis­ti­cated “net­work analy­sis” of com­mu­ni­ties of many dif­fer­ent kinds, per­sonal or pro­fes­sional — or crim­i­nal. Phone com­pany call records reveal where you were at the time that a call was made, because they include the iden­ti­fier of the radio tower that trans­mit­ted the call to you. The gov­ern­ment has repeat­edly denied that it col­lects this infor­ma­tion, but for­mer NSA employee Thomas Drake said they do. For a sense of just how pow­er­ful loca­tion data can be, see this visu­al­iza­tion fol­low­ing a Ger­man politi­cian every­where he goes for months, based on his cellphone’s loca­tion infor­ma­tion. Even with­out loca­tion data, records of who com­mu­ni­cated with whom can be used to dis­cover the struc­ture of groups plan­ning ter­ror­ism. Start­ing from a known “tar­get” (see above), ana­lysts typ­i­cally recon­struct the social net­work “two or three hops” out, exam­in­ing all friends-of-friends, or even friends-of-friends-of-friends, in the search for new tar­gets. This means poten­tially thou­sands or mil­lions of peo­ple might be exam­ined when inves­ti­gat­ing a sin­gle tar­get. Meta­data is a sen­si­tive topic because there is great poten­tial for abuse. While no one has claimed the NSA is doing this, it would be pos­si­ble to use meta­data to algo­rith­mi­cally iden­tify, with some accu­racy, mem­bers of other types of groups like the Tea Party or Occupy Wall Street, gun own­ers, undoc­u­mented immi­grants, etc. An expert in net­work analy­sis could start with all of the calls made from the time and place of a protest, and trace the net­works of asso­ci­a­tions out from there. Phone meta­data is also not “anony­mous” in any real sense. The NSA already main­tains a data­base of the phone num­bers of all Amer­i­cans for use in deter­min­ing whether some­one is a “U.S. per­son” (see below), and there are sev­eral com­mer­cial number-to-name ser­vices in any case. Phone records become even more pow­er­ful when they are cor­re­lated with other types of data, such as social media posts, local police records and credit card pur­chase infor­ma­tion, a process known as intel­li­gence fusion.

Does the NSA need an indi­vid­u­al­ized war­rant to lis­ten to my calls or look at my emails?

It’s com­pli­cated, but not in all cases. Leaked court orders set out the “min­i­miza­tion” pro­ce­dures that gov­ern what the NSA can do with the domes­tic infor­ma­tion it has inter­cepted. The NSA is allowed to store this domes­tic infor­ma­tion because of the tech­ni­cal dif­fi­cul­ties in sep­a­rat­ing for­eign from domes­tic com­mu­ni­ca­tions when large amounts of data are being cap­tured. Another doc­u­ment shows that indi­vid­ual intel­li­gence ana­lysts make the deci­sion to look at pre­vi­ously col­lected bulk infor­ma­tion. They must doc­u­ment their request, but only need approval from their “shift coor­di­na­tor.” If the ana­lyst later dis­cov­ers that they are look­ing at the com­mu­ni­ca­tions of a U.S. per­son, they must destroy the data. How­ever, if the inter­cepted infor­ma­tion is “rea­son­ably believed to con­tain evi­dence of a crime” then the NSA is allowed to turn it over to fed­eral law enforce­ment. Unless there are other (still secret) restric­tions on how the NSA can use this data this means the police might end up with your pri­vate com­mu­ni­ca­tions with­out ever hav­ing to get approval from a judge, effec­tively cir­cum­vent­ing the whole notion of prob­a­ble cause. This is sig­nif­i­cant because thou­sands or mil­lions of peo­ple might fall into the extended social net­work of a sin­gle known tar­get, but it is not always pos­si­ble to deter­mine whether some­one is a U.S. per­son before look­ing at their data. For exam­ple, it’s not usu­ally pos­si­ble to tell just from someone’s email address, which is why the NSA main­tains a data­base of known U.S. email addresses and phone num­bers. Inter­nal doc­u­ments state that ana­lysts need only “51% con­fi­dence” that some­one is a non-U.S. per­son before look­ing at their data, and if the NSA does not have “spe­cific infor­ma­tion” about some­one, that per­son is “pre­sumed to be a non-United States per­son.” Also, the NSA is allowed to pro­vide any of its recorded infor­ma­tion to the FBI, if the FBI specif­i­cally asks for it.

Is all of this legal?

Yes, assum­ing the NSA adheres to the restric­tions set out in recently leaked court orders. By def­i­n­i­tion, the For­eign Intel­li­gence Sur­veil­lance Court decides what it is legal for the NSA to do. But this level of domes­tic sur­veil­lance wasn’t always legal, and the NSA’s domes­tic sur­veil­lance pro­gram has been found to vio­late legal stan­dards on more than one occa­sion. The NSA was grad­u­ally granted the author­ity to col­lect domes­tic infor­ma­tion on a mas­sive scale through a series of leg­isla­tive changes and court deci­sions over the decade fol­low­ing Sep­tem­ber 11, 2001. See this time­line of loos­en­ing laws. The Direc­tor of National Intel­li­gence says that author­ity for PRISM pro­grams comes from sec­tion 702 of the For­eign Intel­li­gence Sur­veil­lance Act and the Ver­i­zon meta­data col­lec­tion order cites sec­tion 215 of the Patriot Act. The author of the Patriot Act dis­agrees that the act jus­ti­fies the Ver­i­zon meta­data col­lec­tion pro­gram. The NSA’s broad data col­lec­tion pro­grams were orig­i­nally autho­rized by Pres­i­dent Bush on Octo­ber 4, 2001. The pro­gram oper­ated that way for sev­eral years, but in March 2004 a Jus­tice Depart­ment review declared the bulk Inter­net meta­data pro­gram was ille­gal. Pres­i­dent Bush signed an order re-authorizing it any­way. In response, sev­eral top Jus­tice Depart­ment offi­cials threat­ened to resign, includ­ing act­ing Attor­ney Gen­eral James Comey and FBI direc­tor Robert Mueller. Bush backed down, and the Inter­net meta­data pro­gram was sus­pended for sev­eral months. By 2007, all aspects of the pro­gram were re-authorized by court orders from the For­eign Intel­li­gence Sur­veil­lance Court. In 2009, the Jus­tice Depart­ment acknowl­edged that the NSA had col­lected emails and phone calls of Amer­i­cans in a way that exceeded legal lim­i­ta­tions. In Octo­ber 2011, the For­eign Intel­li­gence Sur­veil­lance Court ruled that the NSA vio­lated the Fourth Amend­ment at least once. The Jus­tice Depart­ment has said that this rul­ing must remain secret, but we know it con­cerned some aspect of the “min­i­miza­tion” rules the gov­ern what the NSA can do with domes­tic com­mu­ni­ca­tions. The For­eign Intel­li­gence Sur­veil­lance Court recently decided that this rul­ing can be released, but Jus­tice Depart­ment has not yet done so. Civil lib­er­ties groups includ­ing the EFF and the ACLU dis­pute the con­sti­tu­tion­al­ity of these pro­grams and have filed law­suits to chal­lenge them.

How long can the NSA keep infor­ma­tion on Americans?

The NSA can gen­er­ally keep inter­cepted domes­tic com­mu­ni­ca­tions for up to five years. It can keep them indef­i­nitely under cer­tain cir­cum­stances, such as when the com­mu­ni­ca­tion con­tains evi­dence of a crime or when it’s “for­eign intel­li­gence infor­ma­tion,” a broad legal term that includes any­thing rel­e­vant to “the con­duct of the for­eign affairs of the United States.” The NSA can also keep encrypted com­mu­ni­ca­tions indef­i­nitely. That includes any infor­ma­tion sent to or from a secure web site, that is, a site with a URL start­ing with “https”.

Does the NSA do any­thing to pro­tect Amer­i­cans’ privacy?

Yes. First, the NSA is only allowed to inter­cept com­mu­ni­ca­tions if at least one end of the con­ver­sa­tion is out­side of the U.S. — though it doesn’t have to dis­tin­guish domes­tic from for­eign com­mu­ni­ca­tion until the “ear­li­est prac­ti­ca­ble point” which allows the NSA to record bulk infor­ma­tion from Inter­net cables and sort it out later. When the NSA dis­cov­ers that pre­vi­ously inter­cepted infor­ma­tion belongs to an Amer­i­can, it must usu­ally destroy that infor­ma­tion. Because this deter­mi­na­tion can­not always be made by com­puter, this some­times hap­pens only after a human ana­lyst has already looked at it. The NSA also must apply cer­tain safe­guards. For exam­ple, the NSA must with­hold the names of U.S. per­sons who are not rel­e­vant to ongo­ing inves­ti­ga­tions when they dis­trib­ute infor­ma­tion — unless that person’s com­mu­ni­ca­tions con­tain evi­dence of a crime or are rel­e­vant to a range of national secu­rity and for­eign intel­li­gence con­cerns. Also, ana­lysts must doc­u­ment why they believe some­one is out­side of the U.S. when they ask for addi­tion infor­ma­tion to be col­lected on that per­son. An unknown num­ber of these cases are audited inter­nally. If the NSA makes a mis­take and dis­cov­ers that it has tar­geted some­one inside the U.S., it has five days to sub­mit a report to the Depart­ment of Jus­tice and other authorities.

What if I’m not an American?

All bets are off. There do not appear to be any legal restric­tions on what the NSA can do with the com­mu­ni­ca­tions of non-U.S. per­sons. Since a sub­stan­tial frac­tion of the world’s Inter­net data passes through the United States, or its allies, the U.S. has the abil­ity to observe and record the com­mu­ni­ca­tions of much of the world’s pop­u­la­tion. The Euro­pean Union has already com­plained to the U.S. Attor­ney Gen­eral. The U.S. is hardly the only coun­try doing mass sur­veil­lance, though its pro­gram is very large. GCHQ, which is the British coun­ter­part to the NSA, has a sim­i­lar sur­veil­lance pro­gram and shares data with the NSA. Many coun­tries now have some sort of mass Inter­net sur­veil­lance now in place. Although pas­sive sur­veil­lance is often hard to detect, more aggres­sive gov­ern­ments use inter­cepted infor­ma­tion to intim­i­date or con­trol their cit­i­zens, includ­ing Syria, Iran, Egypt, Bahrain and China. Much of the required equip­ment is sold to these gov­ern­ments by Amer­i­can com­pa­nies.

Print Friendly