Documents show NSA overreach in data collection

The Obama administration, under pressure from continued NSA leaks, declassified documents Wednesday showing the agency scooped up tens of thousands of emails and other online communications from Americans beginning in 2008 that it wasn’t allowed to target, and was told to stop by the secret court that oversees the program.

Officials briefed reporters on the documents before releasing them as the Obama administration struggles to defend NSA domestic snooping in the face of growing national opposition and especially on Capitol Hill, where lawmakers argue the administration has misled them about the extent of the programs and the scope of abuses.

The documents, described on condition of anonymity by senior officials in the Office of the Director of National Intelligence, relate to a “compliance violation,” which officials characterized as a technicality that ought not to provoke any privacy concerns.

“It was a technological issue that could not be avoided, rather than overreach by the NSA,” said one official on a conference call organized by the office’s public affairs director.

Nonetheless, some lawmakers and privacy advocates responded angrily, saying the declassification was too little, too late.

The documents declassified Wednesday include:

• Three opinions from the secret Foreign Intelligence Surveillance Court which oversees the programs.

• Procedures used by the NSA to protect the privacy of Americans when reporting foreign intelligence communications involving them.

• A white paper about the program, prepared for Congress in 2011.

• A semi-annual compliance report to Congress from the Department of Justice and the Office of the Director of National Intelligence identifying the violation.

The compliance violation involved the mass collection of “upstream” Internet communications — the vacuuming and copying of vast swaths of data directly from the fiber optic cables through which it traverses the Internet.

The data, once copied, can then be queried by NSA analysts looking for email “from, to or about,” the foreign target of a counterterrorism or foreign intelligence surveillance operation overseas, the officials said. Because the targets are foreigners outside of the United States, neither U.S. law nor the Constitution offers them any protection and NSA, like all other intelligence agencies, has broad authorities to spy on them.

But the searches often pull in messages from, to or about U.S. citizens as well — an email mentioning or copied to the foreign target of any surveillance can lawfully be pulled out of the data and examined, although special rules apply to its handling. This is known as incidental collection and is allowed by the law that authorizes the upstream collection program.

The special rules are called “minimization procedures” and are designed to protect, as far as possible, the privacy of Americans whose communications are swept up in warrantless surveillance of foreign targets. Their names may not be included in intelligence reports, for example, unless necessary to understand the information being reported.

But, the officials said, because of the way email moves across the Internet from the provider’s servers to the user’s computer, it was not technically possible to separate the communications that could lawfully be incidentally collected because they involved a legitimate foreign target overseas. As a result, some of the gathered email “might prove to be wholly domestic,” said one official, and therefore not subject to collection without a warrant. This is known as inadvertent collection.

“The NSA has knowingly acquired tens of thousands of wholly domestic communications under section 702 even though this law was specifically written to prohibit the warrantless acquisition of wholly domestic communications,” said Sen. Ron Wyden, Oregon Democrat and member of the intelligence committee.

For their part, officials insist that Congress was kept fully apprised of the program that scooped up the email and has since renewed the law that authorized it.