NSA procedures allow the government to use data 'inadvertently' collected without a warrant
Two things of note in this exclusive by the Guardian newspaper on the procedures followed by the NSA in collecting data from "non-US persons" as well as the accidental collection of communications from US citizens.
First, as leaker Snowden observed, what's in these documents is "policy" not necessarily "practice." In other words, there are technical work arounds that analysts can use to examine your communications without a warrant. Snowden says it happens all the time despite the safeguards.
Secondly, it is frightening to see the court charged with protecting American's privacy, accede to NSA requests to use data despite it being "inadvertently" collected.
The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.
However, alongside those provisions, the Fisa court-approved policies allow the NSA to:
• Keep data that could potentially contain details of US persons for up to five years;
• Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
• Preserve "foreign intelligence information" contained within attorney-client communications;
• Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.
The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans' call or email information without warrants.
The documents also show that discretion as to who is actually targeted under the NSA's foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors - though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.
Since the Guardian first revealed the extent of the NSA's collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance.
The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would "increase the transparency of the Fisa Court and the state of the law in this area," Schiff told the Guardian. "It would give the public a better understanding of the safeguards, as well as the scope of these programs."
Obviously, these procedures are inadequate and unacceptable. I doubt whether those internal "audits" by the NSA are thorough enough to ferret out even most of the violations. There is no word on any penalties for analysts who violate the rules either. Until we see otherwise, we should assume that the NSA isn't very serious about following its policy procedures and may give a wink and a nod to analysts who work outside those rules.