NSA document details foreign intel databases

NSA headquarters

The National Security Agency says it is not targeting people inside the United States for surveillance through its efforts to collect foreign intelligence, according to an unclassified report explaining how NSA implements its authorities under Section 702 of the Foreign Intelligence Surveillance Act.

However, information on citizens and residents becomes part of NSA's collections under Section 702, leading to questions about whether the agency uses its foreign intelligence authority to conduct warrantless, "backdoor" surveillance on U.S citizens.

The new document tracks closely with the testimony by top intelligence community lawyers at a March meeting of the Privacy and Civil Liberties Oversight Board, at whose request the unclassified NSA report was prepared. But it leaves many key questions unanswered, and the language is vague at times.

In the document, NSA delves into some details about how it collects, stores and accesses data collected under two of the programs revealed by former intelligence contractor Edward Snowden. It offers a look at how NSA analysts access data on the agency's systems, how analysts are trained to use the systems and the procedures in place to comply with privacy restrictions in the FISA statute.

Communications supplied to NSA by Internet companies are stored across "multiple NSA systems and data repositories." Although there isn't much in the way of specifics, the report indicates that one system might contain the content of communications -- such as text, audio and video -- while another system might store only the metadata associated with those communications -- such as the header information on an email message with to, from, subject and date information.

Under the program known as Prism, the FBI makes requests on behalf of NSA using "selectors" for individuals, such as phone number, email address and other identifiers. Companies are required to turn over communications to or from such selectors to NSA. The Upstream program, which intercepts communications from the Internet backbone rather than individual companies, can target selectors sending and receiving communications, as well as communications that reference or are about targeted selectors.

Under certain circumstances, NSA analysts are permitted to query databases using the email addresses, phone numbers and other identifiers of U.S. citizens and legal residents. That practice has been especially controversial because the section of intelligence law on domestic surveillance requires the order of a secret court to spy on U.S. citizens and those legally residing in the United States.

NSA claims that such queries must either be "reasonably likely to return foreign intelligence information" or be linked to an "imminent threat to life." As a practical matter, NSA analysts have more often queried metadata than the contents of communications. To go after content requires additional layers of approval. Furthermore, NSA may not query data collected under the broad Upstream program for citizen or resident identifiers. It's not clear from the document whether other agencies with domestic authorities could access information on citizens or residents under certain circumstances.

Finally, the report offers a look at what happens to "unevaluated" communications that are stored in NSA systems.

Upstream collections are retained for a maximum of two years, while the Prism collections are stored for up to five years. The report explains that information on U.S. citizens and residents may be destroyed if it's not relevant to NSA's purpose and includes no evidence of a crime. There are also provisions for destroying communications collected on selectors when they are determined to be inside the United States.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Thu, Apr 24, 2014 AmericanPrivacy United States

Americans shouldn’t have to choose between new technology and keeping their personal information private. Protections for online privacy are justified and necessary, and the government must help draw boundaries to ensure that Americans’ privacy stays intact in the Digital Age. DOES NOT collect your personal information. Regarding online privacy, we have heard people say they have nothing to hide and don't care if their privacy is violated. Sadly, they are missing the point. As Americans, it is about standing up for our privacy rights as a law abiding citizen per the Constitution. Our Fourth Amendment protects us against unreasonable searches and seizures which is being violated everyday by many Email providers, hackers and Government agencies through unwarranted searches Americans Right to Privacy has solutions and I am anxious to share them with you. We offer secure, encrypted email, a Virtual Private Network (VPN) which secures your computer's internet connection, to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. Also a "Swiss Bank Account for your Data" Digital Safe! And we have rolled out Secure Swiss Web Hosting! Why secure your data in Switzerland? Because Switzerland is known for its strict data privacy laws, has no back door access to encryption for any government agency, not even Switzerland itself We offer a professional global email service solution for both personal and business use. PrivacyAbroad email service is free of advertising, SPAM and provides private communication with your emails saved and backed up in Switzerland, renowned for its strong data privacy protection laws. Email comes with 1 GB of expandable storage space. If governments and "free" email providers can peek through your webcam, read your emails and look inside your computer, so can the criminals. There is data security, and then there is Swiss data security.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group