NSA to Sidestep Privacy Protections in Sharing Americans’ Intercepted Data with U.S. Spy Agencies

Friday, February 26, 2016
(graphic: Balefire9/iStock/Getty Images)

By Charlie Savage, New York Times


WASHINGTON — The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other U.S. intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.


The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.


The idea is to let more experts across U.S. intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages — not only foreigners’ phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the NSA’s foreign intelligence programs swept in incidentally.


Civil liberties advocates criticized the change, arguing that it will weaken privacy protections. They said the government should disclose how much U.S. content the NSA collects incidentally — which agency officials have said is hard to measure — and let the public debate what the rules should be for handling that information.


“Before we allow them to spread that information further in the government, we need to have a serious conversation about how to protect Americans’ information,” said Alexander Abdo, an American Civil Liberties Union lawyer.


Robert S. Litt, the general counsel in the office of the Director of National Intelligence, said that the administration had developed and was fine-tuning what is now a 21-page draft set of procedures to permit the sharing.


The goal for the final rules, Brian P. Hale, a spokesman for the office, said in a statement, is “to ensure that they protect privacy, civil liberties and constitutional rights while enabling the sharing of information that is important to protect national security.”


Until now, security agency analysts have filtered the surveillance information for the rest of the government. They search and evaluate the raw information and pass only the portions of phone calls or email that they decide is pertinent on to colleagues at the CIA, the FBI and other agencies. And before doing so, the NSA takes steps to mask the names and any irrelevant information about innocent Americans.


The new system would permit analysts at other intelligence agencies to obtain direct access to raw information from the NSA’s surveillance to evaluate for themselves. If they pull out phone calls or email to use for their own agency’s work, they would apply the privacy protections masking innocent Americans’ information — a process known as “minimization” — at that stage, Litt said.


Executive branch officials have been developing the new framework and system for years. President George W. Bush set the change in motion through a little-noticed line in a 2008 executive order, and the Obama administration has been quietly developing a framework for how to carry it out since taking office in 2009.


The executive branch can change its own rules without going to Congress or a judge for permission because the data comes from surveillance methods that lawmakers did not include in the main law that governs national security wiretapping, the Foreign Intelligence Surveillance Act, or FISA.


FISA covers a narrow band of surveillance: the collection of domestic or international communications from a wire on U.S. soil, leaving most of what the NSA does uncovered. In the absence of statutory regulation, the agency’s other surveillance programs are governed by rules the White House sets under a Reagan-era directive called Executive Order 12333.


Litt declined to make available a copy of the current draft of the proposed procedures.


“Once these procedures are final and approved, they will be made public to the extent consistent with national security,” Hale said. “It would be premature to draw conclusions about what the procedures will provide or authorize until they are finalized.”


Among the things they would not address is what the draft rules say about searching the raw data using names or keywords intended to bring up Americans’ phone calls or email that the security agency gathered “incidentally” under the 12333 surveillance programs — including whether FBI agents may do so when working on ordinary criminal investigations.


Under current rules for data gathered under a parallel program — the no-warrant surveillance program governed by the FISA Amendments Act — NSA and CIA officials may search for Americans’ information only if their purpose is to find foreign intelligence, but FBI agents may conduct such a search for either intelligence or law enforcement purposes. Some lawmakers have proposed requiring the government to obtain a warrant before conducting such a search.


In 2013, The Washington Post reported, based on documents leaked by the former intelligence contractor Edward J. Snowden, that the NSA and its British counterpart, Government Communications Headquarters, had tapped into links connecting Google’s and Yahoo’s data centers overseas and that the U.S. spy agency had collected millions of records a day from them. The companies have since taken steps to encrypt those links.


That collection occurred under 12333 rules, which had long prohibited the NSA from sharing raw information gathered from the surveillance it governed with other members of the intelligence community before minimization. The same rule had also long applied to sharing information gathered with FISA wiretaps.


After the attacks of Sept. 11, 2001, the Bush administration began an effort to tear down barriers that impeded different parts of the government from working closely and sharing information, especially about terrorism.


In 2002, for example, it won permission, then secret, from the intelligence court permitting the CIA, the FBI and the NSA to share raw FISA wiretap information. The government did not disclose that change, which was first reported in a 2014 New York Times article based on documents disclosed by Snowden.


In August 2008, Bush changed 12333 to permit the NSA to share unevaluated surveillance information with other intelligence agencies once procedures were developed.


Intelligence officials began working in 2009 on how the technical system and rules would work, Litt said, eventually consulting the departments of Defense and Justice. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input.


Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ash Carter, the defense secretary.


“We would like it to be completed sooner rather than later,” Litt said. “Our expectation is months rather than weeks or years.”


To Learn More:

Privacy Advocates Wary of NSA Claim of Privacy Safeguards in New Phone Spying Program (by Dustin Volz, Reuters)

NSA Swept up Phone Data of Millions of Americans, but only used it to Investigate 248 (by Noel Brinkerhoff, AllGov)

NSA Has Capability to Access All Your Smart Phone Data (by Noel Brinkerhoff, AllGov)

NSA Violated U.S. Privacy Laws at Least 2,776 Times…In One Year (by Matt Bewig, AllGov)

NSA and FBI Secretly Mining Data from Internet Service Providers (by Noel Brinkerhoff, AllGov)


Leave a comment