On October 3, 2011, the FISA Court deemed some of the NSA’s collections to violate the Fourth Amendment. Since Ron Wyden first declassified vague outlines of that ruling a year ago, we’ve been trying to sort through precisely what practice that decision curtailed.
A new WSJ story not only expands on previous descriptions of the practice.
The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data.
These requests don’t ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. “It’s still a large amount of data, but not everything in the world,” this person says.
The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls “strong selectors”—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data.
But it reveals the illegal program continued for 3 years, during which the telecoms and NSA simply policed (or did not police) themselves.
For example, a recent Snowden document showed that the surveillance court ruled that the NSA had set up an unconstitutional collection effort. Officials say it was an unintentional mistake made in 2008 when it set filters on programs like these that monitor Internet traffic; NSA uncovered the inappropriate filtering in 2011 and reported it.
Paul Kouroupas, a former executive at Global Crossing Ltd. and other telecom companies responsible for security and government affairs, says the checks and balances in the NSA programs depend on telecommunications companies and the government policing the system themselves. “There’s technically and physically nothing preventing a much broader surveillance,” he says.
The entire WSJ article (and an accompanying explainer) is actually quite polite to the NSA, suggesting that minimization protects Americans better than the plain letter of the procedures do, remaining silent about NSA’s refusal to count how many Americans get sucked up in this, and focusing on terrorism more than the other applications of this. That’s not meant as a criticism; they got the story out, after all!
Most of all, though, it doesn’t question the claim that NSA set the filters too broadly in 2008 unintentionally.
Remember, those filters got set in the wake of the FISA Amendments Act. The telecoms doing the initial pass had just gotten immunity. While I think it possible that one of the telecoms got cold feet and that led to the FISA Court’s discovery of a practice that had been going on 3 years, I’m highly skeptical that the timing of the immunity and the overly broad filters was randomly coincidental.
I think we’re getting closer and closer to the iceberg Ron Wyden and Mark Udall warned us about.