N.S.A. Said to Search Content of Messages to and From U.S.

N.S.A. Said to Search Content of Messages to and From U.S.

By CHARLIE SAVAGE

The National Security Agency is hunting for Americans’ messages that mention foreigners under surveillance, not just communications with the targeted individuals themselves, officials said.

By CHARLIE SAVAGE

Published: August 8, 2013 

WASHINGTON — The National Security Agency is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials.

The N.S.A. is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, a practice that government officials have openly acknowledged. It is also casting a far wider net for people who cite information linked to those foreigners, like a little used e-mail address, according to a senior intelligence official.

While it has long been known that the agency conducts extensive computer searches of data it vacuums up overseas, that it is systematically searching — without warrants — through the contents of Americans’ communications that cross the border reveals more about the scale of its secret operations.

It also adds another element to the unfolding debate, provoked by the disclosures of Edward J. Snowden, the former N.S.A. contractor, about whether the agency has infringed on Americans’ privacy as it scoops up e-mails and phone data in its quest to ferret out foreign intelligence.

Government officials say the cross-border surveillance was authorized by a 2008 law, the FISA Amendments Act, in which Congress approved eavesdropping on domestic soil without warrants as long as the “target” was a noncitizen abroad. Voice communications are not included in that surveillance, the senior official said.

Asked to comment, Judith A. Emmel, an N.S.A. spokeswoman, did not directly address surveillance of cross-border communications. But she said the agency’s activities were lawful and intended to gather intelligence not about Americans but about “foreign powers and their agents, foreign organizations, foreign persons or international terrorists.”

“In carrying out its signals intelligence mission, N.S.A. collects only what it is explicitly authorized to collect,” she said. “Moreover, the agency’s activities are deployed only in response to requirements for information to protect the country and its interests.”

Hints of the surveillance appeared in a set of rules, leaked by Mr. Snowden, for how the N.S.A. may carry out the 2008 FISA law. One paragraph mentions that the agency “seeks to acquire communications about the target that are not to or from the target.” The pages were posted online by the newspaper The Guardian on June 20, but the telltale paragraph, the only rule marked “Top Secret” amid 18 pages of restrictions, went largely overlooked amid other disclosures.

To conduct the surveillance, the N.S.A. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border. The senior intelligence official, who, like other former and current government officials, spoke on condition of anonymity because of the sensitivity of the topic, said the N.S.A. makes a “clone of selected communication links” to gather the communications, but declined to specify details, like the volume of the data that passes through them.

Computer scientists said that it would be difficult to systematically search the contents of the communications without first gathering nearly all cross-border text-based data; fiber-optic networks work by breaking messages into tiny packets that flow at the speed of light over different pathways to their shared destination, so they would need to be captured and reassembled.

The official said that a computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them. The remaining communications, the official said, are deleted; the entire process takes “a small number of seconds,” and the system has no ability to perform “retrospective searching.”

The official said the keyword and other terms were “very precise” to minimize the number of innocent American communications that were flagged by the program. At the same time, the official acknowledged that there had been times when changes by telecommunications providers or in the technology had led to inadvertent overcollection. The N.S.A. monitors for these problems, fixes them and reports such incidents to its overseers in the government, the official said.

The disclosure sheds additional light on statements intelligence officials have made recently, reassuring the public that they do not “target” Americans for surveillance without warrants. 

  At a House Intelligence Committee oversight hearing in June, for example, a lawmaker pressed the deputy director of the N.S.A., John Inglis, to say whether the agency listened to the phone calls or read the e-mails and text messages of American citizens. Mr. Inglis replied, “We do not target the content of U.S. person communications without a specific warrant anywhere on the earth.”

Timothy Edgar, a former intelligence official in the Bush and Obama administrations, said that the rule concerning collection “about” a person targeted for surveillance rather than directed at that person had provoked significant internal discussion.

“There is an ambiguity in the law about what it means to ‘target’ someone,” Mr. Edgar, now a visiting professor at Brown, said. “You can never intentionally target someone inside the United States. Those are the words we were looking at. We were most concerned about making sure the procedures only target communications that have one party outside the United States.”

The rule they ended up writing, which was secretly approved by the Foreign Intelligence Surveillance Court, says that the N.S.A. must ensure that one of the participants in any conversation that is acquired when it is searching for conversations about a targeted foreigner must be outside the United States, so that the surveillance is technically directed at the foreign end.

Americans’ communications singled out for further analysis are handled in accordance with “minimization” rules to protect privacy approved by the surveillance court. If private information is not relevant to understanding foreign intelligence, it is deleted; if it is relevant, the agency can retain it and disseminate it to other agencies, the rules show.

While the paragraph hinting at the surveillance has attracted little attention, the American Civil Liberties Union did take note of the “about the target” language in a June 21 post analyzing the larger set of rules, arguing that the language could be interpreted as allowing “bulk” collection of international communications, including of those of Americans.

Jameel Jaffer, a senior lawyer at the A.C.L.U., said Wednesday that such “dragnet surveillance will be poisonous to the freedoms of inquiry and association” because people who know that their communications will be searched will change their behavior.

“They’ll hesitate before visiting controversial Web sites, discussing controversial topics or investigating politically sensitive questions,” Mr. Jaffer said. “Individually, these hesitations might appear to be inconsequential, but the accumulation of them over time will change citizens’ relationship to one another and to the government.”

The senior intelligence official argued, however, that it would be inaccurate to portray the N.S.A. as engaging in “bulk collection” of the contents of communications. “ ‘Bulk collection’ is when we collect and retain for some period of time that lets us do retrospective analysis,” the official said. “In this case, we do not do that, so we do not consider this ‘bulk collection.’ ”

Stewart Baker, a former general counsel for the N.S.A., said that such surveillance could be valuable in identifying previously unknown terrorists or spies inside the United States who unwittingly reveal themselves to the agency by discussing a foreign-intelligence “indicator.” He cited a situation in which officials learn that Al Qaeda was planning to use a particular phone number on the day of an attack.

“If someone is sending that number out, chances are they are on the inside of the plot, and I want to find the people who are on the inside of the plot,” he said.

The senior intelligence official said that the “about the target” surveillance had been valuable, but said it was difficult to point to any particular terrorist plot that would have been carried out if the surveillance had not taken place. He said it was one tool among many used to assemble a “mosaic” of information in such investigations. The surveillance was used for other types of foreign-intelligence collection, not just terrorism investigations, the official said.

There has been no public disclosure of any ruling by the Foreign Intelligence Surveillance Court explaining its legal analysis of the 2008 FISA law and the Fourth Amendment as allowing “about the target” searches of Americans’ cross-border communications. But in 2009, the Justice Department’s Office of Legal Counsel signed off on a similar process for searching federal employees’ communications without a warrant to make sure none contain malicious computer code.

That opinion, by Steven G. Bradbury, who led the office in the Bush administration, may echo the still-secret legal analysis. He wrote that because that system, called EINSTEIN 2.0, scanned communications traffic “only for particular malicious computer code” and there was no authorization to acquire the content for unrelated purposes, it “imposes, at worst, a minimal burden upon legitimate privacy rights.” 

copy  http://www.nytimes.com/