The NSA isn't allowed to spy on Americans, but the nature of modern communication doesn't always make it obvious whether a phone call or email is foreign or domestic. This means that in the course of its normal business of spying on foreigners, NSA will inevitably collect information it shouldn't have. Certain rules, called "minimization procedures," define what NSA is required to do when it discovers that it has inadvertently captured a U.S. person in its surveillance dragnet.
Today, in the latest release of classified NSA documents from Glenn Greenwald, we finally got a look at these minimization procedures. Here's the nickel summary:
The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.
I have a feeling it must have killed Glenn to write that paragraph. But on paper, anyway, the minimization procedures really are pretty strict. If NSA discovers that it's mistakenly collected domestic content, it's required to cease the surveillance immediately and destroy the information it's already collected. However, there are exceptions. They can:
Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity.
The Guardian has posted two classified documents online. The first one describes the procedure for determining whether a surveillance target is legitimate (i.e., a non-U.S. person located outside the country). The second one describes the minimization procedures in case of inadvertent targeting of a U.S. person. There are a few obvious things to say about them:
- The determination document repeatedly emphasizes that NSA bases its decisions on the "totality of the circumstances." There are quite a few safeguards listed to make sure that only foreigners are targeted, but in the end these are often judgment calls from analysts.
- The minimization procedures are fairly strict, but they do allow retention and dissemination of domestic data—without a warrant—under quite a few circumstances. "Threat of harm" is pretty broad, as is "criminal activity." The latter, in fact, seems like a loophole the size of a Mack truck. It suggests that NSA could have a significant incentive to "inadvertently" hoover up as much domestic information as possible so it can search for evidence of criminal activity to hand over to the FBI.
- The oversight procedures are pretty thin. Analysts have quite a bit of discretion here.
It's genuinely unclear how big a problem this stuff is. It's plainly true that determining whether someone is a U.S. person is sometimes a judgment call, and it's possible that mistakes are rare. What's more, if collection of domestic content genuinely is inadvertent, and is only occasionally turned over to other agencies when there's evidence of serious crime, we should all feel better about this. But we really have no way of knowing. That would require, say, an inspector general to gather this kind of information, and the IG has specifically declined to do this.
Also, note that the documents posted by the Guardian are from 2009. It's quite possible that procedures have changed since then.