NSA document details foreign intel databases

NSA headquarters

The National Security Agency says it is not targeting people inside the United States for surveillance through its efforts to collect foreign intelligence, according to an unclassified report explaining how NSA implements its authorities under Section 702 of the Foreign Intelligence Surveillance Act.

However, information on citizens and residents becomes part of NSA's collections under Section 702, leading to questions about whether the agency uses its foreign intelligence authority to conduct warrantless, "backdoor" surveillance on U.S citizens.

The new document tracks closely with the testimony by top intelligence community lawyers at a March meeting of the Privacy and Civil Liberties Oversight Board, at whose request the unclassified NSA report was prepared. But it leaves many key questions unanswered, and the language is vague at times.

In the document, NSA delves into some details about how it collects, stores and accesses data collected under two of the programs revealed by former intelligence contractor Edward Snowden. It offers a look at how NSA analysts access data on the agency's systems, how analysts are trained to use the systems and the procedures in place to comply with privacy restrictions in the FISA statute.

Communications supplied to NSA by Internet companies are stored across "multiple NSA systems and data repositories." Although there isn't much in the way of specifics, the report indicates that one system might contain the content of communications -- such as text, audio and video -- while another system might store only the metadata associated with those communications -- such as the header information on an email message with to, from, subject and date information.

Under the program known as Prism, the FBI makes requests on behalf of NSA using "selectors" for individuals, such as phone number, email address and other identifiers. Companies are required to turn over communications to or from such selectors to NSA. The Upstream program, which intercepts communications from the Internet backbone rather than individual companies, can target selectors sending and receiving communications, as well as communications that reference or are about targeted selectors.

Under certain circumstances, NSA analysts are permitted to query databases using the email addresses, phone numbers and other identifiers of U.S. citizens and legal residents. That practice has been especially controversial because the section of intelligence law on domestic surveillance requires the order of a secret court to spy on U.S. citizens and those legally residing in the United States.

NSA claims that such queries must either be "reasonably likely to return foreign intelligence information" or be linked to an "imminent threat to life." As a practical matter, NSA analysts have more often queried metadata than the contents of communications. To go after content requires additional layers of approval. Furthermore, NSA may not query data collected under the broad Upstream program for citizen or resident identifiers. It's not clear from the document whether other agencies with domestic authorities could access information on citizens or residents under certain circumstances.

Finally, the report offers a look at what happens to "unevaluated" communications that are stored in NSA systems.

Upstream collections are retained for a maximum of two years, while the Prism collections are stored for up to five years. The report explains that information on U.S. citizens and residents may be destroyed if it's not relevant to NSA's purpose and includes no evidence of a crime. There are also provisions for destroying communications collected on selectors when they are determined to be inside the United States.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Apr 24, 2014 AmericanPrivacy United States

Americans shouldn’t have to choose between new technology and keeping their personal information private. Protections for online privacy are justified and necessary, and the government must help draw boundaries to ensure that Americans’ privacy stays intact in the Digital Age. DOES NOT collect your personal information. Regarding online privacy, we have heard people say they have nothing to hide and don't care if their privacy is violated. Sadly, they are missing the point. As Americans, it is about standing up for our privacy rights as a law abiding citizen per the Constitution. Our Fourth Amendment protects us against unreasonable searches and seizures which is being violated everyday by many Email providers, hackers and Government agencies through unwarranted searches Americans Right to Privacy has solutions and I am anxious to share them with you. We offer secure, encrypted email, a Virtual Private Network (VPN) which secures your computer's internet connection, to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. Also a "Swiss Bank Account for your Data" Digital Safe! And we have rolled out Secure Swiss Web Hosting! Why secure your data in Switzerland? Because Switzerland is known for its strict data privacy laws, has no back door access to encryption for any government agency, not even Switzerland itself We offer a professional global email service solution for both personal and business use. PrivacyAbroad email service is free of advertising, SPAM and provides private communication with your emails saved and backed up in Switzerland, renowned for its strong data privacy protection laws. Email comes with 1 GB of expandable storage space. If governments and "free" email providers can peek through your webcam, read your emails and look inside your computer, so can the criminals. There is data security, and then there is Swiss data security.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group