Leaked NSA Memos Reveal More on Data Collection Procedures
By Katie Mullen – Edited by Michelle Sohn
Last weekend, the Guardian leaked two more National Security Agency (“NSA”) documents regarding the NSA’s recently uncovered surveillance program. The first document details procedures used to target “non-U.S. persons” believed to be located outside the United States. The second document describes minimization procedures the NSA uses in collecting data under Section 702 of the amended Foreign Intelligence Surveillance Act (“FISA”), 50 U.S.C. 1881 (2012).
The first memo explains that in the absence of information indicating that an individual is a U.S. person, the NSA may presume that someone reasonably believed to be abroad or whose location is unknown is a lawful target. The NSA examines three criteria to determine whether a target is a non-U.S. person overseas: (1) lead information that provides data about the target’s identity and the location of the facilities they use for communications, (2) information in the NSA’s databases indicating whether the person’s location is already known, and (3) technical analysis of the facility from which it intends to collect the information (e.g., IP addresses).
The second memo details the requirements for minimizing the retention of material that does not concern foreign intelligence. It dictates that the NSA must “destroy inadvertently acquired communications of or concerning a United States person at the earliest practical point” if they contain no foreign intelligence information or criminal evidence. The agency must destroy all materials of this kind within five years. Both memos, however, allow for temporary deviations from these procedures in the event of an immediate national security threat.
In a post on Gizmodo, Tim Kurt Opsahl and Trevor Timm of the Electronic Frontier Foundation criticized the NSA procedures as “describ[ing] a process more intent on making sure it was not ‘intentional’ than ensuring Americans were not actually spied upon.” They also noted that using email encryption or Tor, a program that anonymizes users’ locations, could be grounds for surveillance under the NSA’s procedures, since individuals whose locations are unknown are presumed to be lawful targets. Further, they argued that the surveillance could cut through attorney-client privilege “like a hot knife through butter.” However, Mashable reported that “the NSA will immediately stop monitoring the communication between a person known to be under criminal indictment in the United States and their attorney representing them in that case.”
The Guardian also criticized the memos: “The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans’ call or email information without warrants.” The article also decried that the “discretion as to who is actually targeted under the NSA’s foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors — though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.” In addition, the Electronic Frontier Foundation reported that unless the procedures in the memos (which are dated July 28, 2009) are different from those that were in place by October 2011, the Foreign International Surveillance Court (“FISC”) has already in fact held the procedures as unconstitutional surveillance. Though the opinion of the court remains classified, the Office of the Director of National Intelligence conceded that FISC had once held that data collection conducted under these procedures violated the Fourth Amendment.