The Wall Street Journal reports: The National Security Agency—which possesses only limited legal authority to spy on U.S. citizens—has built a surveillance network that covers more Americans’ Internet communications than officials have publicly disclosed, current and former officials say.
The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.
The NSA’s filtering, carried out with telecom companies, is designed to look for communications that either originate or end abroad, or are entirely foreign but happen to be passing through the U.S. But officials say the system’s broad reach makes it more likely that purely domestic communications will be incidentally intercepted and collected in the hunt for foreign ones.
The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc., T +0.24% former officials say. AT&T declined to comment.
This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country.
Details of these surveillance programs were gathered from interviews with current and former intelligence and government officials and people from companies that help build or operate the systems, or provide data. Most have direct knowledge of the work.
The NSA defends its practices as legal and respectful of Americans’ privacy. According to NSA spokeswoman Vanee Vines, if American communications are “incidentally collected during NSA’s lawful signals intelligence activities,” the agency follows “minimization procedures that are approved by the U.S. attorney general and designed to protect the privacy of United States persons.”
As another U.S. official puts it, the NSA is “not wallowing willy-nilly” through Americans’ idle online chatter. “We want high-grade ore.”
To achieve that, the programs use complex algorithms that, in effect, operate like filters placed over a stream with holes designed to let certain pieces of information flow through. After the 2001 terrorist attacks, NSA widened the holes to capture more information when the government broadened its definition of what constitutes “reasonable” collection, according to a former top intelligence official.
The NSA’s U.S. programs have been described in narrower terms in the documents released by former NSA contractor Edward Snowden. One, for instance, acquires Americans’ phone records; another, called Prism, makes requests for stored data to Internet companies. By contrast, this set of programs shows the NSA has the capability to track almost anything that happens online, so long as it is covered by a broad court order.
The NSA programs are approved and overseen by the secret Foreign Intelligence Surveillance Court. NSA is required to destroy information on Americans that doesn’t fall under exceptions to the rule, including information that is relevant to foreign intelligence, encrypted, or evidence of a crime.
The NSA is focused on collecting foreign intelligence, but the streams of data it monitors include both foreign and domestic communications. Inevitably, officials say, some U.S. Internet communications are scanned and intercepted, including both “metadata” about communications, such as the “to” and “from” lines in an email, and the contents of the communications themselves.
Much, but not all, of the data is discarded, meaning some communications between Americans are stored in the NSA’s databases, officials say. Some lawmakers and civil libertarians say that, given the volumes of data NSA is examining, privacy protections are insufficient.
Sen. Ron Wyden, an Oregon Democrat, in 2012 sought but failed to prohibit the agency from searching its databases for information on Americans without a warrant. He has also pushed intelligence agencies to detail how many Americans’ communications have been collected and to explain whether purely domestic communications are retained in NSA’s databanks. They have declined.
“Technology is moving us swiftly into a world where the only barriers to this kind of dragnet surveillance are the protections enshrined into law,” Mr. Wyden says.
This month President Barack Obama proposed changes to NSA surveillance to improve oversight. Those proposed changes wouldn’t alter the systems in the U.S. that NSA relies upon for some of its most sensitive surveillance.
The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data.
These requests don’t ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. “It’s still a large amount of data, but not everything in the world,” this person says.
The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls “strong selectors”—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data.
One U.S. official says the agency doesn’t itself “access” all the traffic within the surveillance system. The agency defines access as “things we actually touch,” this person says, pointing out that the telecom companies do the first stage of filtering.
The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA’s criteria, current and former officials say.
Verizon Communications Inc., for example, has placed intercepts in the largest U.S. metropolitan areas, according to one person familiar with the technology. It isn’t clear how much information these intercepts send to the NSA. A Verizon spokesman declined to comment. [Continue reading…]
