NSA document details foreign intel databases

NSA headquarters

The National Security Agency says it is not targeting people inside the United States for surveillance through its efforts to collect foreign intelligence, according to an unclassified report explaining how NSA implements its authorities under Section 702 of the Foreign Intelligence Surveillance Act.

However, information on citizens and residents becomes part of NSA's collections under Section 702, leading to questions about whether the agency uses its foreign intelligence authority to conduct warrantless, "backdoor" surveillance on U.S citizens.

The new document tracks closely with the testimony by top intelligence community lawyers at a March meeting of the Privacy and Civil Liberties Oversight Board, at whose request the unclassified NSA report was prepared. But it leaves many key questions unanswered, and the language is vague at times.

In the document, NSA delves into some details about how it collects, stores and accesses data collected under two of the programs revealed by former intelligence contractor Edward Snowden. It offers a look at how NSA analysts access data on the agency's systems, how analysts are trained to use the systems and the procedures in place to comply with privacy restrictions in the FISA statute.

Communications supplied to NSA by Internet companies are stored across "multiple NSA systems and data repositories." Although there isn't much in the way of specifics, the report indicates that one system might contain the content of communications -- such as text, audio and video -- while another system might store only the metadata associated with those communications -- such as the header information on an email message with to, from, subject and date information.

Under the program known as Prism, the FBI makes requests on behalf of NSA using "selectors" for individuals, such as phone number, email address and other identifiers. Companies are required to turn over communications to or from such selectors to NSA. The Upstream program, which intercepts communications from the Internet backbone rather than individual companies, can target selectors sending and receiving communications, as well as communications that reference or are about targeted selectors.

Under certain circumstances, NSA analysts are permitted to query databases using the email addresses, phone numbers and other identifiers of U.S. citizens and legal residents. That practice has been especially controversial because the section of intelligence law on domestic surveillance requires the order of a secret court to spy on U.S. citizens and those legally residing in the United States.

NSA claims that such queries must either be "reasonably likely to return foreign intelligence information" or be linked to an "imminent threat to life." As a practical matter, NSA analysts have more often queried metadata than the contents of communications. To go after content requires additional layers of approval. Furthermore, NSA may not query data collected under the broad Upstream program for citizen or resident identifiers. It's not clear from the document whether other agencies with domestic authorities could access information on citizens or residents under certain circumstances.

Finally, the report offers a look at what happens to "unevaluated" communications that are stored in NSA systems.

Upstream collections are retained for a maximum of two years, while the Prism collections are stored for up to five years. The report explains that information on U.S. citizens and residents may be destroyed if it's not relevant to NSA's purpose and includes no evidence of a crime. There are also provisions for destroying communications collected on selectors when they are determined to be inside the United States.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.