Latest Leak: NSA Collects Bulk Email Metadata On Americans
from the so-there's-that... dept
The NSA leaks just keep on coming, and the latest one is a big one. It’s concerning the NSA is about the Stellar Wind program — which had been revealed before, and which former NSA whistleblower Bill Binney has discussed in the past — but Binney left the NSA in 2001. The latest document is a report from the Inspector General that confirms some of the claims Binney has made in the past, showing that the NSA collected “bulk metadata” on emails of US persons. The program started as only being about non-US persons, but was later expanded by the DOJ in 2007 to cover US persons as well.
According to a top-secret draft report by the NSA’s inspector general – published for the first time today by the Guardian – the agency began “collection of bulk internet metadata” involving “communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States”.
Eventually, the NSA gained authority to “analyze communications metadata associated with United States persons and persons believed to be in the United States”, according to a 2007 Justice Department memo, which is marked secret.
So, remember all that stuff the NSA and the President and various elected officials were saying about how they’re not collecting internet data on Americans? And how they have minimization procedures and all of that? Yeah. So, that was — yet again — less than 100% accurate. Or, as Director of National Intelligence James Clapper likes to say, it was, perhaps, the “least untruthful” version of the events, meaning that it wasn’t truthful.
Of course, the defenders of the program will say that this is okay because it was “just metadata,” rather than the contents of email, but that’s a huge cop out, since metadata can tell you an awful lot:
The internet metadata of the sort NSA collected for at least a decade details the accounts to which Americans sent emails and from which they received emails. It also details the internet protocol addresses (IP) used by people inside the United States when sending emails – information which can reflect their physical location. It did not include the content of emails.
On top of that, defenders of the metadata collection of phone records claimed that there was no privacy in the phone numbers you called and the duration of calls, because that information was clearly on your phone bill that the company sent to you each month. But that’s not the case with email metadata.
For what it’s worth, the administration shutdown this particular program in 2011, but that was after it had gone on for 10 years, with the last four involving collecting bulk metadata on Americans.
“The internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted,” Shawn Turner, the Obama administration’s director of communications for National Intelligence, said in a statement to the Guardian.
“The program was discontinued by the executive branch as the result of an interagency review,” Turner continued. He would not elaborate further.
However, as Glenn Greenwald and Spencer Ackerman at the Guardian (who broke this story as well) have noted, they have evidence that at least a similar program continues today:
In December 2012, for example, the NSA launched one new program allowing it to analyze communications with one end inside the US, leading to a doubling of the amount of data passing through its filters.
Some of the report actually helps to confirm a Washington Post story from last week about how this bulk metadata collection was initially done under no authority, but when various DOJ officials threatened to resign, they quickly got the FISA court to pull out its trusty giant rubber stamp to allow bulk data collection on emails.
The expansion of metadata collection and analysis to cover Americans came about as the NSA insisted this would help them better find foreign threats:
Wainstein told Mukasey that giving NSA broader leeway to study Americans’ online habits would give the surveillance agency, ironically, greater visibility into the online habits of foreigners – NSA’s original mandate.
“NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person,” Wainstein wrote, “will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States.”
Basically this pretty much confirms my earlier post about how the NSA (and the DOJ) are carefully defining “target” in their mandate. Most people believe that since the NSA can only target persons outside the US that they cannot collect data on US persons. However, if (as may be the case) they claim that the overall investigation is “targeting” non-US persons, it appears they believe they can collect and analyze data on US persons, meaning that they’ve effectively justified bulk spying on Americans if it might possibly bring to light a foreign threat.
One thing that is not clearly described is exactly how the NSA is getting access to this data, but from previous leaks, it appears that the data almost certainly comes from working with telcos to install systems that scoop up all data going through major ISPs/backbones. Either way, it seems abundantly clear, yet again, that the NSA surveillance, contrary to statements from the NSA and its defenders, included a ton of information on Americans.