N.S.A. Gets Less Web Data Than Beli...
N.S.A. Gets Less Web Data Than Believed, Report Suggests
WASHINGTON — A newly declassified report by the National Security Agency's inspector general suggests that the government is receiving far less data from Americans' international Internet communications than privacy advocates have long suspected.
The report indicates that when the N.S.A. conducts Internet surveillance under the FISA Amendments Act, companies that operate the Internet are probably turning over just emails to, from or about the N.S.A.'s foreign targets — not all the data crossing their switches, as the critics had presumed.
The theory that the government is rooting through vast amounts of data for its targets' messages has been at the heart of several lawsuits challenging such surveillance as violating the Fourth Amendment.
The report, obtained by The New York Times through a Freedom of Information Act lawsuit, was classified when completed in 2015, and it still contains many redactions. But several uncensored sentences appear to indicate how the system works: They suggest that the government supplies its foreign targets' "selectors" — like email addresses — to the network companies that operate the Internet, and they sift through the raw data for any messages containing them, turning over only those.
The distinction is important for evaluating crucial constitutional issues raised by how to apply Fourth Amendment privacy rights to new communications and surveillance technologies. Government secrecy about Internet wiretapping has prevented judges from adjudicating the issues in open court.
Still, Patrick Toomey, an American Civil Liberties Union lawyer who is helping lead one of several lawsuits challenging the N.S.A.'s Internet surveillance, argued that even if the companies were sifting the data themselves, the constitutional issues were the same if the companies were doing something they would not otherwise do at the government's direction.
"The equivalent would be if AT&T were compelled to put every phone call through a voice transcription and then give to the government" copies of only those calls that were linked to a suspect, Mr. Toomey said. "We would find that disturbing, not just because it could be abused, but because it involves the phone company listening to every phone call."
The network companies that operate the Internet, like AT&T and Verizon, do not publicly discuss how the surveillance system works, and the government declined to comment about the newly disclosed report.
Congress commissioned the inspector general report after the leaks about surveillance by the former intelligence contractor Edward J. Snowden. A central focus was the FISA Amendments Act program, which permits warrantless collection of communications on domestic soil so long as the target is a noncitizen abroad — even if the target is communicating with an American.
One part of the program is called Upstream. It involves the collection of emails and other Internet messages as they cross network switches. The report discusses how network providers are legally compelled to give the N.S.A. communications "related to tasked selectors." A little later, after a redacted paragraph, it says, "The providers should deliver only communications meeting these criteria to N.S.A."
And the report said that "for each source of collection, N.S.A. employs processes to determine whether" — the middle of the sentence is redacted, before it picks up with, "are sending communications only for selectors currently tasked and authorized for collection."
A senior administration official, speaking on the condition of anonymity to discuss internal deliberations, said there had been no official policy decision, as part of disclosing the inspector general report, to say more about how Upstream collection works than what the government had said previously.
Still, in previous reports and court documents about the Upstream system, the government has tended to use language that leaves it ambiguous whether the telecommunications companies or the government is filtering and scanning the raw Internet data.
(The inspector general report does not address how the N.S.A. collects foreign-to-foreign Internet messages passing through the American network. Such messages are not protected by domestic law, and the government does collect them in bulk, just as it could do if it intercepted them abroad, according to leaked documents and officials familiar with that system.)
The new report's discussion of how the Upstream collection system works under the FISA Amendments Act dovetails with an article by The Times and ProPublica in August, which was largely based on "top-secret" documents provided by Mr. Snowden. But those documents remain classified. And in public, the government has been vague about the system's details, including in its responses to lawsuits.
The cases are important because Internet technology works differentlyfrom the telephone technology for which wiretapping rules were developed and tested in court. A suspect's phone call can be intercepted without touching any other people's calls. But on the Internet, data from different messages are broken up and intermingled, so collecting a suspect's email requires temporarily copying and sifting data from many people's messages.Privacy advocates want a court to address whether that violates the Fourth Amendment. So far, they have not succeeded.