Confirmed: NSA Does Search Section 702 Data for Particular US Person Data

Update: To help Joshua Foust understand this topic, I did a second, really basic version of this post here. So if you’re fairly new to all this stuff, you might start there and then come back.

Update: Alexander’s office has conceded Udall and Wyden’s point about the classified inaccuracy. It also notes:

With respect to the second point raised in your 24 June 2013 letter, the fact sheet did not imply nor was it intended to imply “that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.”

He then cites two letters from James Clapper’s office which I don’t believe have been published.

I’ve seen some people complaining that Ron Wyden and Mark Udall didn’t explicitly describe what Keith Alexander’s lies were in the NSA handout on Section 702 collection (note, as of 1PM, NSA has taken down their handout from their server). I’m okay with them leaving big breadcrumbs instead, not least because until we fix intelligence oversight, we’re going to need people like them who manage to stay on the committees but lay these signposts.

That said, I think people are underestimating how big of a signpost they did leave. Consider this, from their letter:

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. [my emphasis]

Last year’s SSCI report on extending the FISA Amendments Act strongly implied that the government interpreted the law to mean it could search for records of particular Americans.

During the Committee’s consideration of this legislation, several Senators expressed a desire to quantify the extent of incidental collection under Section 702. I share this desire. However, the Committee has been repeatedly advised by the ODNI that due to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority. Senators Ron Wyden and Mark Udall have requested a review by the Inspector General of the NSA and the Inspector General of the Intelligence Community to determine whether it is feasible to estimate this number. The Inspectors General are conducting that review now, thus making an amendment on this subject unnecessary.

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession. [my emphasis]

This passage made it clear that the Intelligence Community had demanded the ability to search on US person data already collected. Wyden and Udall’s letter makes that even more clear.

And the minimization procedures leaked last week support this (though note, these date to 2009 and might have been ruled to violate the Fourth Amendment since, though I suspect they haven’t).

They make it clear that US person communications will be retained if they contain foreign intelligence information (a term not defined in the procedures), including those they collected because (they claim) they’re unable to filter it out.

3(b)

(1) Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroyed inadvertently acquired communications of or concerning a United States person at the earliest practicable point in the processing cycle at which such communication can be identified either: as clearly not relevant to the authorized purpose of the acquisition (e.g., the communication does not contain foreign intelligence information)

[snip]

The communications that may be retained include electronic communications acquired because of limitations on NSA’s ability to filter communications.

(2) Communications of or concerning United States persons that may be related to the authorized purpose of the acquisition may be forwarded to analytic personnel responsible for producing intelligence information from the collected data.

The procedures make it clear that, with authorization from the NSA Director, even communications entirely between US persons may be retained (see section 5) if they are of significant intelligence value. Communications showing a communications security vulnerability may also be retained (this permission, related to cybersecurity, was not made public in the NSA handout).

And here’s perhaps the most interesting way of keeping US person data.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures …

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures …

This is a kind of collection that Pat Leahy seems to believe escapes review by current Inspector General reviews of the program, as he tried to mandate such reviews in last year’s reauthorization.

The minimization procedures also appear to support Julian Sanchez’ guesstimate of how they could pull up US person contacts, since a phone number or unique name are not explicitly included among the identifiers that would constitute IDing a US person.

Now, all that doesn’t specifically address the other lie Wyden and Udall invoked, which they describe “portrays protections for Americans’ privacy as being significantly stronger than they actually are.” But I think the points I’ve laid out above — particularly the cybersecurity collection that is entirely unmentioned in the 702 sheet — probably lays out the gist of Alexander’s lies.

The government has spent the entire time since these documents were revealed trying to lie to Americans about whether their contacts with foreigners can be retained and read. And those lies keep getting exposed.

Tweet about this on Twitter103Share on Reddit1Share on Facebook22Google+1Email to someone

18 Responses to Confirmed: NSA Does Search Section 702 Data for Particular US Person Data

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

Emptywheel Twitterverse
bmaz My question at the outset was why GM concealment was not bankruptcy fraud; now that will be litigated. Good. http://t.co/CCL3wm2HYE
4hreplyretweetfavorite
bmaz @trevortimm Be terrified. Very terrified. Cause what you saw is, I think, all you get.
5hreplyretweetfavorite
bmaz @johnson_carrie According to my wife, "impossible jerk" characterizes lawyers in many locales @npratc
5hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT The constitutional framing is amazingly resilient, but resets are slow.
6hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT I represent far too many of the former and lament the latter. Things change though
6hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT Frankly, US can exert such influence, will not be effective foreign prosec either
6hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT Yes, in these considerations, that is exactly right. Not happening.
6hreplyretweetfavorite
bmaz @HoltenMark @mucha_carlos @ColMorrisDavis @KenDilanianLAT I wasn't being a smart ass, just honest as to situation.
6hreplyretweetfavorite
bmaz @mucha_carlos @ColMorrisDavis @KenDilanianLAT @HoltenMark Safe enough bet; no administration will want to open that can of worms.
7hreplyretweetfavorite
bmaz @mucha_carlos @ColMorrisDavis @KenDilanianLAT @HoltenMark ...ought to give pause in above regards too. If DOJ ever cared about these crimes.
7hreplyretweetfavorite
bmaz @mucha_carlos @ColMorrisDavis @KenDilanianLAT @HoltenMark Well, yes, and the wild expansion of extraterritorial jurisdiction in other cases
7hreplyretweetfavorite
bmaz @ColMorrisDavis @KenDilanianLAT @HoltenMark Granted, what Im saying applies to execution of US nationals as opposed to foreign nationals.
7hreplyretweetfavorite
June 2013
S M T W T F S
« May   Jul »
 1
2345678
9101112131415
16171819202122
23242526272829
30