Documents: The Domestic Email Collection Program The NSA 'Killed' In 2011 Was Actually Just Offshored
from the the-underwater-dragnet dept
New documents obtained by Charlie Savage of the New York Times (as the result of a FOIA lawsuit) show that the NSA may have killed off its bulk collection of US persons' emails back in 2011, but it quickly found another way to obtain these -- a way that circumvented restrictions on domestic collections.
While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.The new document is an Inspector General's report detailing the NSA's failure to follow the restrictions laid down by FISC Judge John Bates in his October 3, 2011 opinion. Bates felt the collection of US persons' email content in this fashion amounted to an illegal wiretap. This would be the same collection the NSA defended (before it was given more power to collect domestic data without a warrant by the 2008 FISA Amendments Act) in the FISA court by claiming an email address was the same thing as a "facility," because email addresses "facilitate" communications.
So, the reassurances -- offered in response to the Snowden leaks -- that the program had been shut down are essentially meaningless. The NSA halted a particular collection method, but did not halt the collection of domestic emails.
The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.As Marcy Wheeler points out, the killing of one domestic email collection and initiation of another meant some NSA personnel were very busy during the 2011 holiday season.
Given the length of the redacted date (it is one character longer than “9 December 2011”), we can say with some confidence that Keith Alexander approved the end and destruction of the dragnet between November 10 and 30 — during the same period the government was considering appealing Bates’ ruling, close to the day — November 22 — NSA submitted a motion arguing that Section 1809(a)(2)’s wiretapping rules don’t apply to it, and the day, a week later, it told John Bates it could not segregate the pre-October 31 dragnet data from post October 31 dragnet data.
Think how busy a time this already was for the legal and tech people, given the scramble to keep upstream 702 approved! And yet, at precisely the same time, they decided they should nuke the dragnet, and nuke it immediately, before the existing dragnet order expired, creating another headache for the legal and tech people. My apologies to the people who missed Thanksgiving dinner in 2011 dealing with both these headaches at once.As she goes on to detail, the program the Inspector General was looking for was indeed gone. But the collection itself wasn't. As far as the IG could tell, the NSA was mostly in compliance. The IG's report, however, notes its powers to assess the collection, storage and access to email data and content are very limited. As Wheeler puts it, the NSA "ate" its homework before the IG had a chance to assess its compliance.
Not only did NSA nuke the dragnet, but they did it quickly. As I said, it appears Alexander approved nuking it November 10 or later. By December 9, it was gone.
As to the the intake side,those folks started destroying the dragnet before the IG could come by and check their before status:The Inspector General's office appears to have been steered to its conclusion by the NSA, which dumped the data from the places it expected the IG to look ("disclosed repositories") and utilized a new collection method that wasn't subject to FISA court restrictions or nearly as much IG oversight.
"However, S3 had completed its purge before we had the opportunity to observe. As a result we were able to review the [data acquisition database] purge procedures only for reasonableness; we were not able to do the before and after comparisons that we did for the TD systems and databases disclosed to us."
Poof! All gone, before the IG can even come over and take a look at what they actually had.
Importantly, the IG stresses that his team doesn’t have a way of proving the dragnet isn’t hidden somewhere in NSA’s servers.
"It is important to note that we lack the necessary system accesses and technical resources to search NSA’s networks to independently verify that only the disclosed repositories stored PR/TT metadata."
So, the NSA's statements about shutting down the email program in 2011 are technically correct. It was shut down. The NSA, however, simply chose to siphon as much domestic data from its overseas collections as possible to ensure it never really had to end its warrantless collection of US persons' emails.