Latest Leak: NSA Collects Bulk Email Metadata On Americans

from the so-there's-that... dept

The NSA leaks just keep on coming, and the latest one is a big one. It's concerning the NSA is about the Stellar Wind program -- which had been revealed before, and which former NSA whistleblower Bill Binney has discussed in the past -- but Binney left the NSA in 2001. The latest document is a report from the Inspector General that confirms some of the claims Binney has made in the past, showing that the NSA collected "bulk metadata" on emails of US persons. The program started as only being about non-US persons, but was later expanded by the DOJ in 2007 to cover US persons as well.
According to a top-secret draft report by the NSA's inspector general – published for the first time today by the Guardian – the agency began "collection of bulk internet metadata" involving "communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States".

Eventually, the NSA gained authority to "analyze communications metadata associated with United States persons and persons believed to be in the United States", according to a 2007 Justice Department memo, which is marked secret.
So, remember all that stuff the NSA and the President and various elected officials were saying about how they're not collecting internet data on Americans? And how they have minimization procedures and all of that? Yeah. So, that was -- yet again -- less than 100% accurate. Or, as Director of National Intelligence James Clapper likes to say, it was, perhaps, the "least untruthful" version of the events, meaning that it wasn't truthful.

Of course, the defenders of the program will say that this is okay because it was "just metadata," rather than the contents of email, but that's a huge cop out, since metadata can tell you an awful lot:
The internet metadata of the sort NSA collected for at least a decade details the accounts to which Americans sent emails and from which they received emails. It also details the internet protocol addresses (IP) used by people inside the United States when sending emails – information which can reflect their physical location. It did not include the content of emails.
On top of that, defenders of the metadata collection of phone records claimed that there was no privacy in the phone numbers you called and the duration of calls, because that information was clearly on your phone bill that the company sent to you each month. But that's not the case with email metadata.

For what it's worth, the administration shutdown this particular program in 2011, but that was after it had gone on for 10 years, with the last four involving collecting bulk metadata on Americans.
"The internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted," Shawn Turner, the Obama administration's director of communications for National Intelligence, said in a statement to the Guardian.

"The program was discontinued by the executive branch as the result of an interagency review," Turner continued. He would not elaborate further.
However, as Glenn Greenwald and Spencer Ackerman at the Guardian (who broke this story as well) have noted, they have evidence that at least a similar program continues today:
In December 2012, for example, the NSA launched one new program allowing it to analyze communications with one end inside the US, leading to a doubling of the amount of data passing through its filters.
Some of the report actually helps to confirm a Washington Post story from last week about how this bulk metadata collection was initially done under no authority, but when various DOJ officials threatened to resign, they quickly got the FISA court to pull out its trusty giant rubber stamp to allow bulk data collection on emails.

The expansion of metadata collection and analysis to cover Americans came about as the NSA insisted this would help them better find foreign threats:
Wainstein told Mukasey that giving NSA broader leeway to study Americans' online habits would give the surveillance agency, ironically, greater visibility into the online habits of foreigners – NSA's original mandate.

"NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person," Wainstein wrote, "will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States."
Basically this pretty much confirms my earlier post about how the NSA (and the DOJ) are carefully defining "target" in their mandate. Most people believe that since the NSA can only target persons outside the US that they cannot collect data on US persons. However, if (as may be the case) they claim that the overall investigation is "targeting" non-US persons, it appears they believe they can collect and analyze data on US persons, meaning that they've effectively justified bulk spying on Americans if it might possibly bring to light a foreign threat.

One thing that is not clearly described is exactly how the NSA is getting access to this data, but from previous leaks, it appears that the data almost certainly comes from working with telcos to install systems that scoop up all data going through major ISPs/backbones. Either way, it seems abundantly clear, yet again, that the NSA surveillance, contrary to statements from the NSA and its defenders, included a ton of information on Americans.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Watchit, Jun 27th, 2013 @ 10:09am

    Hahaha what doesn't the NSA collect?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 27th, 2013 @ 10:24am

    Is there any longer any creditability to the executive branch, the legislature branch, or FISA?

    I notice that all has been quiet on the denial front for the last few days as they try various methods of damage control through character assassination.

    What I am not hearing is anything involving any sort of public apology, any sort of rectifying of the laws with serious intent to fix this mess, nor any sort of address to the public over the massacring of The Declaration of Independence or the Constitution in the process and what will be done to fix it. Not change the process, not moving things so they are again hidden, but address this run-a-way Stazi police state mentality. All seems quiet on that front, indicating that damage control is still deemed the way forward.

    This government in my opinion is rapidly loosing it's consent to govern.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Jun 27th, 2013 @ 11:31am

      Re:

      I think the damage has already became critical and impossible to control. I think that much like politicians are struggling to understand wtf is happening here in Brazil the US Govt is still assessing the extension of the damage, unable to take proper action.

      The image of the US is greatly damaged and the leaks originated much more cracks where bad smell is coming out as some sort of fetid pestilence.

      The question is: how much more will the Americans need to burst out in protests? When are they going to move their asses?

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 27th, 2013 @ 11:45am

      Re:

      The American government has absolutely no intention of relinquishing its ill gotten gains. None, whatsoever, at all.

      Force of movement from the populace might stand a chance but surely you can see that the idiots feel safer. Much the way a dog feels safer when crated.

      Empire.

       

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jun 27th, 2013 @ 10:26am

    "Latest leak ... which had been revealed before"...

    Notice any pattern here, Mike? Not least in your repetition of what everyone else already has, plus self-puffery: "Basically this pretty much confirms my earlier post".

    We already KNOW the problem. Some may not yet be ready to admit the full extent of the spying, of which Google is a giant part, but everyone KNOWS the basics and that it's WRONG. At least try to take another slant on it, college boy, such as asking what the next step is. -- I'll help you out: So far, this limited hangout has only served the NSA. Now they're ready to move to a higher level of tyranny.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 27th, 2013 @ 11:46am

      Re: "Latest leak ... which had been revealed before"...

      It's not that we didn't know that they were doing it before. It's that we didn't have evidence to prove it so they were able to just deny it. So what is happening now is they are methodically releasing the documentation a little at a time that proves all of the denials were lies and all of the previously stated concerns were valid. They are slowly building a rock solid case against them all for the entire public to consider. A case from whence they have no possibility of weaseling out of. That is what is happening.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 27th, 2013 @ 10:36am

    Gosh a vast overreach of government powers being expanded to encompass the citizenry as well?

    Who would have seen this coming?!?

    Except me, I remember being called a tinfoiler using the slippery slope fallacy way back when I was arguing that the only difference between using this on "terrorists" and US citizens is a single press of a button.

    I think we need to stop classifying slippery slope as a fallacy.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 27th, 2013 @ 10:40am

    Changing its name != shutting it down

    For what it's worth, the administration shutdown this particular program in 2011...However, as Glenn Greenwald and Spencer Ackerman at the Guardian (who broke this story as well) have noted, they have evidence that at least a similar program continues today


    This reminds me of the whole TIA fiasco. When TIA got explicitly unfunded, they just changed it's name and carried on.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 27th, 2013 @ 10:50am

    Public shaming is not enough

    No matter how many lies are exposed, and no matter how many people or media agencies speak out about this, nothing will change.

    The only things that matter are if a court says stop it, or if congress passes a law to stop it (and they'll probably need 2/3 to overcome a veto).

    And even, then it only matters if there is an independent group that has full access to monitor compliance. All the FISA courts, and intelligence committees in the world are no good if all they have to go on is the least untruthful answers fed to them.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 27th, 2013 @ 11:04am

    Glenn Greenwald once changed his metadata to say the cake is not a lie, it was.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Atkray (profile), Jun 27th, 2013 @ 11:12am

    I can't help but wonder,

    If it was shut down in 2011 what replaced it?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Anonymous Coward, Jun 27th, 2013 @ 11:20am

    Spam

    This leaves one to wonder how they (NSA) handles spam. There is at least the possibility that any spam might originate overseas (Nigeria maybe?). There are sufficient fools in the world that actually click on the spam that creates some sort of reverse connection. This would satisfy their 'communication' overseas (ahem) 'requirement', but without the content, how do they know it's spam?

    Wouldn't it be satisfying if the next 'release' of NSA data confirms that the NSA's servers are 3/4's full of spam. Yeah, we got you terrorists.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    rasz, Jun 27th, 2013 @ 11:24am

    sure its metadata, remember Petraeus gmail? People suspected it was a special case because he was military - it was not, it was some contractor just browsing his email looking for dirt.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 27th, 2013 @ 11:29am

    but isn't the metadeta and content on the same file?

    so its fairly unlikely theybother to strip out the content? surely they want to know what my xmas shopping list is not just that i sent it to my wife.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jun 27th, 2013 @ 11:32am

      Re: but isn't the metadeta and content on the same file?

      It's been pretty well established for years that the content of all emails are, at a minimum, scanned for keywords and interesting ones are flagged for review.

      They'd probably argue that it's not really spying because it's done by a computer.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Vidiot (profile), Jun 27th, 2013 @ 11:53am

        Re: Re: but isn't the metadeta and content on the same file?

        So... if lots and lots of us used cute little keyword-generator scripts and appended inflammatory scan-bait to the ends of all our e-mails... would it annoy our captors? I mean, uh... those who insure our security? Would it make their scanning computers emit smoke and then explode, like in the movies?

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Jun 27th, 2013 @ 12:35pm

          Re: Re: Re: but isn't the metadeta and content on the same file?

          Back in the Good Old Days on the internet, before the web was a thing, there was a widespread tradition of doing exactly that. It was called "spook food".

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Davey, Jun 27th, 2013 @ 12:33pm

    As long as they're doing all that collecting,

    maybe they could enforce the lost and forgotten Don't Call List? The government's total failure to get such a simple thing working makes me wonder if their more massive date snooping produces anything they even look at.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    DCX2, Jun 27th, 2013 @ 1:08pm

    Define "rubber stamp"

    Please compare the approval rate of "standard warrants" to "FISA warrants". I think the approval rate of standard warrants is pretty high, too. If they are comparable, I think calling FISC a rubber stamp would be a hard sell without calling every Federal court that approves wiretaps a rubber stamp.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jun 27th, 2013 @ 1:19pm

      Re: Define "rubber stamp"

      The rates are comparable. I found the wiretap report issued to Congress for 2007, and it showed:

      In 2007, according to the report, 2,208 applications for wiretap orders were submitted to state and federal courts. 457 were in federal cases, the rest state. The courts granted every application, and of the 2,208 authorized wiretaps, 2,119 of them were installed.


      Note that most wiretaps are not reported ("roving" and FISA wiretaps are specifically excluded).

      I think calling FISC a rubber stamp would be a hard sell without calling every Federal court that approves wiretaps a rubber stamp.


      Yes. The courts have long been accused of rubberstamping wiretap requests, even before FISA existed, so this wouldn't be a new accusation at all.

      Personally, although the approval rate can be an indicator, it isn't proof of rubberstamping. The only way to be able to determine whether or not the whole thing is a joke is to actually review the court's actions, which is impossible (at least for the FISC).

      I lean toward thinking such requests are rubberstamped on the theory that there's little reason to think that the FISC would behave substantially different than the other courts have in the past.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    The Real Michael, Jun 27th, 2013 @ 1:25pm

    "So, remember all that stuff the NSA and the President and various elected officials were saying about how they're not collecting internet data on Americans? And how they have minimization procedures and all of that? Yeah. So, that was -- yet again -- less than 100% accurate. Or, as Director of National Intelligence James Clapper likes to say, it was, perhaps, the 'least untruthful' version of the events, meaning that it wasn't truthful."

    Meaning that they were caught lying for the umpteenth time.

    As for the NSA collecting metadata, uh, sure thing. So they created a massive facility in Utah just to store IP addresses and NOT the contents of people's e-mails and other communications? I've got a bridge to sell you...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 28th, 2013 @ 9:26am

    As a person who deals with metadata and data models every day, I wish the government and the press would get the language right here. It isn't metadata, it's data.

    Emails have a header that includes the email addresses of the sender, receiver, reply-to and possibly other parties. It includes timestamps, subject lines, and other information. There are all part of the data content of an email message just as much as the actual words the sender typed in the body of the message.

    Metadata would be data about the data--data element names, descriptions of what each data element means, data types and sizes, that kind of thing.

    Put another way, would you say that the date and to/from addresses at the top of a business letter were not part of the letter? No.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    QuietgyInTheCorner (profile), Jun 28th, 2013 @ 1:42pm

    Expectation of privacy

    "...because that information was clearly on your phone bill that the company sent to you each month..."
    I wasn't aware that my phone bill was sent to anyone OTHER than me. Since, I believe, it's illegal for the postal service to knowingly deliver MY mail to anyone else and also for anyone to delibrately intercept my mail (except with a warrent, or course), why would I NOT have an expectation of privacy?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mrs.Olayemi Mary Julianah, Feb 8th, 2014 @ 8:19am

    please

    Hello dear,
    My name is Mrs Olayemi Mary Julianah, A United Kingdom citizen and I reside for almost 22 years now in Benin Republic for purely Gold Business. My company name is: (Berossy Gold Sarl).
    Dearest, I am sharing this message to explain what I currently lives as tragedy and also the decision that I took presently.I have been a few months victim of an incurable disease that eats away at my health.
    I am suffering because of a throat cancer. Everything inside of my throat has become a big wound that continues to rot and deteriorate more. The disease prevents me now to talk and even eat properly.today, I have no one because I am an orphan since I was born and grew up in an orphanage. Also, I lost my husband seven years ago, unfortunately, we could not have children because he was diagnose of low sperm count and we where on the treatment before he died. To top it all, all our friends and contacts have forsaken me since the death of my late husband, it was just''profiteers''.Today,
    I am left to myself and am master of all I want to take but unfortunately my health prevents me from taking care of something arbitrary.
    After several results and analysis in various European and American clinics and presently at London where i am now, The doctors, told me that my days are now numbered, that i am living the last moments of my life.I am therefore sentenced to 65years dying from this terrible disease because my doctor has just informed me there were only one month to live on this earth and that men can not do anything for me.
    That is why I contacted you to ask you a great service as it would not be possible for me to do it myself because of my health.I deposited in September 2006 in financial institute, a large sum of money Four million euros ( 4,000,000 ).
    I will want to hand over this money to you as to enable you establish a charitable foundation in my memory so that God's grace be with me until my last home and I can enjoy an honorable place with the Lord our father.If you will be willing to assist me on this project, kindly reply (olayemimary101@yahoo.com) me and i will send you details with financial institute where I deposited the fund and I will also sworn an affidavit for change of ownership status that will officially and legally makes you the beneficiary to my funds, so that even if i die you will not have any confrontation from any body in receiving the funds. Please do reply me on my private email above because I don't always be on here.

    I will wait your reply.
    Please accept my best regards and God bless you.
    Mrs. Olayemi Mary Julianah

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This