The Intelligence Community’s Willful Ignorance about Americans Caught in 702 Surveillance

Given the Intelligence Community’s reluctant and partial disclosures on the Section 702 (PRISM/FAA) collection, I want to return to a squabble from last fall, before Congress reauthorized FAA.

As you’ll recall, Ron Wyden tried to get the IC to disclose the number of Americans whose communication had been reviewed under Section 702. The IC dicked around long enough to ensure Wyden didn’t get an answer in time to make a political stink about it. When they finally gave him an answer, they said providing such a number would violate the privacy of Americans.

I defer to [the NSA Inspector General’s] conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Ultimately, this statement seemed to be as much about resource allocation as anything else — the NSA and IC IGs would need more staff to accomplish the tast. (I must say, I do find it interesting the ICIG has time to investigate 375 leaks but not enough time to find out how many Americans are being spied on.)

But look at how closely the government is purportedly tracking US person data.

These procedures require that the acquisition of information is conducted, to the greatest extent reasonably feasible, to minimize the acquisition of information not relevant to the authorized foreign intelligence purpose.

Any inadvertently acquired communication of or concerning a U.S. person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.


Any information collected after a foreign target enters the U.S. –or prior to a discovery that any target erroneously believed to be foreign was in fact a U.S. person– must be promptly destroyed unless that information meets specific, limited criteria approved by the Foreign Intelligence Surveillance Court.

The dissemination of any information about U.S. persons is expressly prohibited unless it is necessary to understand foreign intelligence or assess its importance; is evidence of a crime; or indicates a threat of death or serious bodily harm.

Now, these passages ought to make people more worried about privacy than not. Stated clearly, it says the government believes it can collect and keep US person content if it deems that content “relevant” to the reason they collected the information.

Remember two things: this collection is not limited to use with terrorism; it can be used for espionage investigations, hacking, or any foreign intelligence purpose. And the government has already deemed every single one of our phone records to be “relevant” to an umbrella terror investigation, so the definition of relevance the government has developed in secret is unbelievably broad and persmissive.

That collection — the people whose content is reviewed and deemed relevant and kept — is the universe of people Wyden wanted to count. And the government is making decisions about the relevance of them in secret, but not tracking the process by which they do so.

Note too that the government can disseminate US person communications if “it is necessary to understand foreign intelligence.” This is not news (which is why it is so appalling that people were fighting over whether the government could listen to US person calls or read their emails). It is part of traditional FISA, too. (It was using that excuse that John Bolton was learning about what his rivals were negotiating with the North Koreans.) But given how much more information an analyst can access both because she is accessing all Internet activity and not just phone, but also because more associated communications are sucked up with a target, it means many more US persons’ communications might be disseminated. It’s not clear, by the way, such dissemination would exclude privileged conversations between lawyers and clients, or discussions between journalists and sources.

And this second group of people — the ones whose communications are being circulated — are counted.

Though we’re not allowed to know what those numbers are.

Here’s what the DOJ Inspector General Michael Horowitz had to say about a statutorily required review of the 702 collection he recently completed (I think, but it’s not entirely clear, that Horowitz didn’t finish this review until after FAA was renewed last year — I know he didn’t finish it before the Judiciary and Intelligence Committees passed it out).

Inspector General Michael E. Horowitz of the United States Department of Justice Office of the Inspector General (OIG) recently issued a report examining the activities of the Federal Bureau of Investigation (FBI) under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act of 2008 (Act). Section 702 authorizes the targeting of non-U.S. persons reasonably believed to be outside the United States for the purpose of acquiring foreign intelligence information. The Act required that the Inspector General conduct a review of the Department’s role in this process and, in conjunction with this review, the OIG reviewed the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity, the number of U.S. person identities subsequently disseminated in response to requests for identities not referred to by name or title in the original reporting, the number of targets later determined to be located in the United States, and whether communications of such targets were reviewed. See 50 U.S.C. 1881a(l)(2)(B) and (C). The OIG also reviewed the FBI’s compliance with the targeting and minimization procedures required under the Act.

The final report has been issued and delivered to the relevant Congressional oversight and intelligence committees, as well as leadership offices. Because the report is classified, its contents cannot be disclosed to the public.

In other words, the DOJ IG counted — because the law required him to — the following:

  • The number of US person-related communication that got disseminated in a first dissemination of intelligence 
  • The number of US persons whose identity identified in a follow-up on an original dissemination
  • The number of targets originally believed to be foreign who end up being US persons (note, the NSA conveniently doesn’t explain what the specific criteria are that would allow the government to keep these communications … I wonder why?)

But it did not count how many US persons’ communications were reviewed but not disseminated, many of which may be retained under the relevance standard.

In general, when the government chooses not to count things, there’s a reason it doesn’t want to.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

12 replies
  1. What Constitution? says:

    Sounds like a good contest: “Guess the Government’s Reason”. How ’bout:
    — “If we did that, the Terraists would win”
    — “We could tell you, but then we’d have to kill you.”
    — “The very fabric of American society would be torn asunder by such knowledge”.
    — “Look, a bunny rabbit!”
    — “It’s such a low number, nobody would care, trust us on that.”
    — “Snowden is a traitor”. Indeed, “Snowden is like Hitler”.
    — “The Israeli government doesn’t want us to”.
    — “Somebody might stop us from doing it”.

  2. edge says:

    The dissemination of any information about U.S. persons is expressly prohibited unless it is …is evidence of a crime…

    Ever give a false birthdate to a website? Your internet activity is evidence of a crime (see the CFAA) and can be tracked.

  3. JohnT says:

    He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

    No disrespect to the lawyers we all know and love, but this Orwellian thought process is exactly why lawyers in general are hated

  4. Jessica says:

    It’s adorable how they apply concerns over privacy: unlawfully spying on citizens, no problem; *quanitifying* how often they unlawfully spy of citizens, they care too much about privacy.

    I have a question about this:

    “The dissemination of any information about U.S. persons is expressly prohibited unless it [ ]; is evidence of a crime; or indicates a threat of death or serious bodily harm.”

    If they inadvertently capture communication that is clearly not related in anyway to a terror case (or hacking, etc – “terror-ish” cases, but stumble across another crime, like let’s say they read that someone broke into their neighbors house or something like that, are they allowed to go after you for that? Or do they have to be specifically investigating that crime before they can gather evidence and so forth?

    I know, I know. I’m talking about investigating crimes that have already been committed, not trying to prevent them with their super powers. It’s a crazy, old-fashion idea.

    • bmaz says:

      AZMatt!! Have not seen you in a long time, welcome home! Hope all has been well. How are things up in the northeaster part of the state these days? (I assume you are still there).

  5. AZMatt says:

    Hi bmaz!

    I am doing OK. It is hot and windy though not as hot as Phoenix. Just been busy with life. I read that Chris Simcox got busted by Phoenix PD today. Good Riddance!

    It is good to see that you and marcy are still doing your best to inform people.

  6. Jessica says:

    Thanks, Snoopdido. Reminds me of Trevor Aaronson’s book, The Terror Factory, which I happened to have finished the week before these leaks hit the press. It discusses how the gov can use any little to press people into being informants, if that’s what they think they need to make a case. It’s another reason that people who aren’t “doing anything wrong” need to be concerned with all this surveillance.

  7. greengiant says:

    Makes one wonder whether the messing with emails is just ISP stupidity trying to reduce spam or some more nefarious program. Over time I have seen emails from *.edu, and foreign web domains go into a black hole. With luck the sender gets a failure notice, but not always. There are forums for such problems. Hard to figure how many outgoing emails are deleted in transit.

    The nefarious scenario still follows the rule of blaming stupidity rather than conspiracy in that it is really really stupid.

  8. bz says:

    I’m failing to comprehend the logic of the NSA rules, even giving the government the benefit of the doubt.

    If information on American citizens “inadvertently acquired” is supposed to be immediately destroyed, unless it is relevant to the “authorized purpose” or evidence of a crime, how do they determine it is relevant or constitutes evidence without having first undertaken an evaluation – a search by any other words – of the information after having acquired it?

    That seems to suggest that absolutely all “authorized” purposes, by definition, serves to define whatever alleged “evidence” might be needed, even before the information is actually acquired, otherwise the obligation to destroy it would preclude doing an evidentiary evaluation.

    So any rule dictating destruction of “inadvertently acquired” information is bogus on its face, because there can be no inadvertency, since the determination of relevance was built into the search by terms of the authorization in the first place.

Comments are closed.