N.S.A. Tracks Social Network Activities of U.S. Citizens
By JAMES RISEN and LAURA POITRAS
The analysis of phone call and e-mail logs for foreign intelligence
purposes adds to the growing body of knowledge about the agency’s access
to private information, prompting concern from lawmakers.
By JAMES RISEN and LAURA POITRAS
Published: September 28, 2013
WASHINGTON — Since 2010, the National Security Agency
has been exploiting its huge collections of data to create
sophisticated graphs of some Americans’ social connections that can
identify their associates, their locations at certain times, their
traveling companions and other personal information, according to newly
disclosed documents and interviews with officials.
Carolyn Kaster/Associated Press
Related
-
Senators Push to Preserve N.S.A. Phone Surveillance (September 27, 2013)
The spy agency began allowing the analysis of phone call and e-mail logs
in November 2010 to examine Americans’ networks of associations for
foreign intelligence purposes after N.S.A. officials lifted restrictions
on the practice, according to documents provided by Edward J. Snowden,
the former N.S.A. contractor.
The policy shift was intended to help the agency “discover and track”
connections between intelligence targets overseas and people in the
United States, according to an N.S.A. memorandum from January 2011. The
agency was authorized to conduct “large-scale graph analysis on very
large sets of communications metadata without having to check
foreignness” of every e-mail address, phone number or other identifier,
the document said. Because of concerns about infringing on the privacy
of American citizens, the computer analysis of such data had previously
been permitted only for foreigners.
The agency can augment the communications data with material from
public, commercial and other sources, including bank codes, insurance
information, Facebook profiles, passenger manifests, voter registration
rolls and GPS location information, as well as property records and
unspecified tax data, according to the documents. They do not indicate
any restrictions on the use of such “enrichment” data, and several
former senior Obama administration officials said the agency drew on it
for both Americans and foreigners.
N.S.A. officials declined to say how many Americans have been caught up
in the effort, including people involved in no wrongdoing. The documents
do not describe what has resulted from the scrutiny, which links phone
numbers and e-mails in a “contact chain” tied directly or indirectly to a
person or organization overseas that is of foreign intelligence
interest.
The new disclosures add to the growing body of knowledge in recent
months about the N.S.A.’s access to and use of private information
concerning Americans, prompting lawmakers in Washington to call for
reining in the agency and President Obama to order an examination of its
surveillance policies. Almost everything about the agency’s operations
is hidden, and the decision to revise the limits concerning Americans
was made in secret, without review by the nation’s intelligence court or
any public debate. As far back as 2006, a Justice Department memo
warned of the potential for the “misuse” of such information without
adequate safeguards.
An agency spokeswoman, asked about the analyses of Americans’ data,
said, “All data queries must include a foreign intelligence
justification, period.”
“All of N.S.A.’s work has a foreign intelligence purpose,” the
spokeswoman added. “Our activities are centered on counterterrorism,
counterproliferation and cybersecurity.”
The legal underpinning of the policy change, she said, was a 1979
Supreme Court ruling that Americans could have no expectation of privacy
about what numbers they had called. Based on that ruling, the Justice
Department and the Pentagon decided that it was permissible to create
contact chains using Americans’ “metadata,” which includes the timing,
location and other details of calls and e-mails, but not their content.
The agency is not required to seek warrants for the analyses from the
Foreign Intelligence Surveillance Court.
N.S.A. officials declined to identify which phone and e-mail databases
are used to create the social network diagrams, and the documents
provided by Mr. Snowden do not specify them. The agency did say that the
large database of Americans’ domestic phone call records, which was
revealed by Mr. Snowden in June and caused bipartisan alarm in
Washington, was excluded. (N.S.A. officials have previously acknowledged
that the agency has done limited analysis in that database, collected
under provisions of the Patriot Act, exclusively for people who might be linked to terrorism suspects.)
But the agency has multiple collection programs and databases, the
former officials said, adding that the social networking analyses relied
on both domestic and international metadata. They spoke only on the
condition of anonymity because the information was classified.
The concerns in the United States since Mr. Snowden’s revelations have
largely focused on the scope of the agency’s collection of the private
data of Americans and the potential for abuse. But the new documents
provide a rare window into what the N.S.A. actually does with the
information it gathers.
A series of agency PowerPoint presentations and memos describe how the
N.S.A. has been able to develop software and other tools — one document
cited a new generation of programs that “revolutionize” data collection
and analysis — to unlock as many secrets about individuals as possible.
The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate
for more weapons in the hunt for information about the nation’s
adversaries, clearly views its collections of metadata as one of its
most powerful resources. N.S.A. analysts can exploit that information to
develop a portrait of an individual, one that is perhaps more complete
and predictive of behavior than could be obtained by listening to phone
conversations or reading e-mails, experts say.
Phone and e-mail logs, for example, allow analysts to identify people’s
friends and associates, detect where they were at a certain time,
acquire clues to religious or political affiliations, and pick up
sensitive information like regular calls to a psychiatrist’s office,
late-night messages to an extramarital partner or exchanges with a
fellow plotter.
“Metadata can be very revealing,” said Orin S. Kerr, a law professor at
George Washington University. “Knowing things like the number someone
just dialed or the location of the person’s cellphone is going to allow
to assemble a picture of what someone is up to. It’s the digital
equivalent of tailing a suspect.”
The N.S.A. had been pushing for more than a decade to obtain the rule
change allowing the analysis of Americans’ phone and e-mail data.
Intelligence officials had been frustrated that they had to stop when a
contact chain hit a telephone number or e-mail address believed to be
used by an American, even though it might yield valuable intelligence
primarily concerning a foreigner who was overseas, according to
documents previously disclosed by Mr. Snowden. N.S.A. officials also
wanted to employ the agency’s advanced computer analysis tools to sift
through its huge databases with much greater efficiency.
The agency had asked for the new power as early as 1999, the documents
show, but had been initially rebuffed because it was not permitted under
rules of the Foreign Intelligence Surveillance Court that were intended
to protect the privacy of Americans.
A 2009 draft of an N.S.A. inspector general’s report suggests that
contact chaining and analysis may have been done on Americans’
communications data under the Bush administration’s program of
wiretapping without warrants, which began after the Sept. 11 attacks to
detect terrorist activities and skirted the existing laws governing
electronic surveillance.
In 2006, months after the wiretapping program was disclosed by The New York Times,
the N.S.A.’s acting general counsel wrote a letter to a senior Justice
Department official, which was also leaked by Mr. Snowden, formally
asking for permission to perform the analysis on American phone and
e-mail data. A Justice Department memo to the attorney general noted
that the “misuse” of such information “could raise serious concerns,”
and said the N.S.A. promised to impose safeguards, including regular
audits, on the metadata program. In 2008, the Bush administration gave
its approval.
A new policy that year, detailed in “Defense Supplemental Procedures
Governing Communications Metadata Analysis,” authorized by Defense
Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said
that since the Supreme Court had ruled that metadata was not
constitutionally protected, N.S.A. analysts could use such information
“without regard to the nationality or location of the communicants,”
according to an internal N.S.A. description of the policy.
After that decision, which was previously reported by The Guardian, the
N.S.A. performed the social network graphing in a pilot project for 1 ½
years “to great benefit,” according to the 2011 memo. It was put in
place in November 2010 in “Sigint Management Directive 424” (sigint
refers to signals intelligence).
In the 2011 memo explaining the shift, N.S.A. analysts were told that
they could trace the contacts of Americans as long as they cited a
foreign intelligence justification. That could include anything from
ties to terrorism, weapons proliferation, international drug smuggling
or espionage to conversations with a foreign diplomat or a political
figure.
Analysts were warned to follow existing “minimization rules,” which
prohibit the N.S.A. from sharing with other agencies names and other
details of Americans whose communications are collected, unless they are
necessary to understand foreign intelligence reports or there is
evidence of a crime. The agency is required to obtain a warrant from the
intelligence court to target a “U.S. person” — a citizen or legal
resident — for actual eavesdropping.
The N.S.A. documents show that one of the main tools used for chaining
phone numbers and e-mail addresses has the code name Mainway. It is a
repository into which vast amounts of data flow daily from the agency’s
fiber-optic cables, corporate partners and foreign computer networks
that have been hacked.
The documents show that significant amounts of information from the
United States go into Mainway. An internal N.S.A. bulletin, for example,
noted that in 2011 Mainway was taking in 700 million phone records per
day. In August 2011, it began receiving an additional 1.1 billion
cellphone records daily from an unnamed American service provider under
Section 702 of the 2008 FISA Amendments Act, which allows for the
collection of the data of Americans if at least one end of the
communication is believed to be foreign.
The overall volume of metadata collected by the N.S.A. is reflected in
the agency’s secret 2013 budget request to Congress. The budget
document, disclosed by Mr. Snowden, shows that the agency is pouring
money and manpower into creating a metadata repository capable of taking
in 20 billion “record events” daily and making them available to N.S.A.
analysts within 60 minutes.
The spending includes support for the “Enterprise Knowledge System,”
which has a $394 million multiyear budget and is designed to “rapidly
discover and correlate complex relationships and patterns across diverse
data sources on a massive scale,” according to a 2008 document. The
data is automatically computed to speed queries and discover new targets
for surveillance.
A top-secret document titled “Better Person Centric Analysis” describes
how the agency looks for 94 “entity types,” including phone numbers,
e-mail addresses and IP addresses. In addition, the N.S.A. correlates
164 “relationship types” to build social networks and what the agency
calls “community of interest” profiles, using queries like “travelsWith,
hasFather, sentForumMessage, employs.”
A 2009 PowerPoint presentation provided more examples of data sources
available in the “enrichment” process, including location-based services
like GPS and TomTom, online social networks, billing records and bank
codes for transactions in the United States and overseas.
At a Senate Intelligence Committee hearing on Thursday, General
Alexander was asked if the agency ever collected or planned to collect
bulk records about Americans’ locations based on cellphone tower data.
He replied that it was not doing so as part of the call log program
authorized by the Patriot Act, but said a fuller response would be
classified.
If the N.S.A. does not immediately use the phone and e-mail logging data
of an American, it can be stored for later use, at least under certain
circumstances, according to several documents.
One 2011 memo, for example, said that after a court ruling narrowed the
scope of the agency’s collection, the data in question was “being
buffered for possible ingest” later. A year earlier, an internal
briefing paper from the N.S.A. Office of Legal Counsel showed that the
agency was allowed to collect and store raw traffic, which includes both
metadata and content, about “U.S. persons” for up to five years online
and for an additional 10 years offline for “historical searches.”
copy lobal.nytimes.com
Nenhum comentário:
Postar um comentário