nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

US Congress to NSA: How many Americans do you illegally spy on?

NSA: It's hard to tell. Now could you reauthorize our authority to keep doing it?

By Kieren McCarthy, 2 Mar 2017

If there is one piece of information that would fatally undermine the NSA's argument that it doesn't abuse Section 702 of the Foreign Intelligence Surveillance Act (FISA), it would be the number of American citizens whose personal information it has "incidentally" hoovered up.

And that is why it refuses to provide the figure.

There were two House Judiciary Committee meetings in Congress yesterday over the reauthorization of Section 702 in December. The first was held in secret with members of the security services; the second in public with panelists.

We don't know what happened in the first but in the second, a number of Congressmen made it plain that the NSA had failed to provide an estimate for the number of American citizens it has data on – despite the committee asking for it 11 months ago in a formal letter.

John Conyers (D-MI), the lead Democrat on the committee, noted that the lawmakers had repeatedly asked for the estimate but "the intelligence community has not so much as responded to our December letter" – a letter that asked for no more than an update on how long it would take to arrive at an estimate.

The intelligence community continues to argue it is difficult to tell the nationality of someone making a call or sending an email without a huge amount of effort or without violating their privacy.

That claim "seems like baloney to me," said Jim Jordan (R-OH), adding: "It's the greatest intelligence service on the planet. You'd think they'd be able to know that."

The truth is that the NSA cannot disclose the true figure if it wishes to retain its extraordinarily broad surveillance powers – powers that it has interpreted to include tapping the internet's backbone and big tech companies' server farms.

Section 702 repeatedly and explicitly notes that it only provides authority to gather information on non-US citizens and events occurring outside of the United States. And yet, incredibly, the security services have layered misinterpretation of the law on top of misinterpretation in order to authorize themselves to tap into US companies' systems based in the US.

The moment the scale of the domestic spying this has enabled is laid bare, the NSA's obtuse claim of "incidental" and "accidental" gathering of data on US citizens will be shown to be the façade it is. Which is why it won't release the figure.

Justifications

In a political climate where up is down and down is up, where the attorney general can answer an explicit question with a No and then claim he was asked a different question when that turns out not to be true, it is perhaps not surprising that some of the other answers asked at the hearing stretched reality to the breaking point.

One of the panelists, assistant professor at the US Naval Academy Jeff Kosseff, argued that the Fourth Amendment (no unreasonable search without a warrant) did not apply to Section 702 because it covered "foreign intelligence."

That is despite the fact that the Snowden documents showed – particularly through the PRISM system – that the security services were spying on domestic telecommunications.

Equally mind-boggling was the claim by former NSA attorney April Doss, now a partner at Saul Ewing LLP, that Section 702 was only used for "targeted surveillance." While that is certainly the intent of the law, the reality is the opposite – we know, again from the Snowden documents, that vast quantities of data are pulled into government databases, retained, and then searched.

Doss also repeated the NSA argument that trying to estimate how many Americans had been included in the broad sweep of communications would lead to a greater intrusion into their privacy.

You suspect that the argument that Congressmen shouldn't consider anything in the Snowden documents because they were leaked illegally is rolling around the back of their heads just waiting to slip out.

Snooping on 'a massive amount of Americans' communications'

Of the panelists, it fell to Elizabeth Goitein of the Brennan Center for Justice to state the uncomfortable reality that Section 702 is used to "collect a massive amount of Americans' communications," and that through a series of extravagant interpretations of the law, the end result is routine searches of that database for "ordinary criminal proceedings" in the US.

"The FBI is reading Americans' emails and listening to their phone calls without a factual basis to suspect them of wrongdoing, let alone a warrant," she noted.

When pressed on how she knew this, she pointed to explicit conclusions in a report from the Privacy and Civil Liberties Oversight Board (PCLOB) – the government's independent civil rights body that Congress has fatally undermined since it declared that the NSA's Section 215 phone surveillance program was unconstitutional in 2014. (Since that report, four of the five PCLOB board members have either resigned or not had their terms renewed, leaving it unable to legally function.)

We don't know the impact of those searches on criminal cases in the US either because the NSA refuses to provide any data on it – again because it would fatally undermine the claim that Section 702 only related to foreign intelligence.

To the House Judiciary Committee's credit, several members on both sides of the aisle simply refused to accept the fiction being presented to them by the security services.

Ted Lieu (D-CA) noted that the NSA violates the Fourth Amendment when it collects communications on Americans and then violates it again when it scans those communications. Kosseff argued that only the collection of data, and not a subsequent search of it, was a Fourth Amendment question.

Ted Poe (R-TX) said he considered it "illegal and a violation of the Constitution and an abuse of power" for the FBI to search the database without a warrant.

Raúl Labrador (R-ID) was concerned that such a system could be used to distort domestic politics. He referred to the recent resignation of National Security Advisor Michael Flynn for lying about the conversations he'd had with the Russian ambassador, noting that it had had "a chilling effect on me because I thought my political opponents could use my own personal information against me."

Pragmatics

Despite the very broad concerns against the program, Congress is still likely to reauthorize Section 702 at the end of the year, largely out of fear that ending the program could result in critical lost intelligence.

That means it is largely a game of chicken between Congress and the security services. A range of proposals has been put forward for how the law could be changed to eliminate the worst abuses.

An annual review of the program – rather than the five-year blanket renewal of the law – could help introduce greater accountability. Another idea is to introduce language that would specifically prohibit the use of Section 702 data for domestic investigations.

A letter from the "Reform Government Surveillance" group made up of large tech companies has put forward a range of broad recommendations, including:

  • Narrowing the type of information that can be collected under Section 702
  • Requiring judicial oversight for searching 702 data
  • Allowing companies to disclose data requests
  • Declassifying FISA Court orders
  • Adding more transparency around searches conducted on Section 702 data

The hearing also had a wide range of suggestions for how the NSA could calculate the number of Americans whose information is stored in its vast database. It was pointed out, for example, that US telephone numbers tend to start the prefix "+1" and internet communications typically come with an IP address – which can be pretty effectively tied to a particular country.

No doubt the NSA will get right on that. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing