Edward Snowden is holding a live Q&A at the Guardian. Here’s one exchange:
Anthony De Rosa:
1) Define in as much detail as you can what “direct access” means.
2) Can analysts listen to content of domestic calls without a warrant?
1) More detail on how direct NSA’s accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on — it’s all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.
2) NSA likes to use “domestic” as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as “incidental” collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of “warranted” intercept, it’s important to understand the intelligence community doesn’t always deal with what you would consider a “real” warrant like a Police department would have to, the “warrant” is more of a templated form they fill out and send to a reliable judge with a rubber stamp.
Snowden’s reply about direct access is weirdly nonresponsive. He’s talking here about analysts’ access to NSA databases, not to corporate servers, and he seems to be talking about metadata, not content. What’s more, even if he is talking about content, he’s talking about content that’s already been collected by NSA, not content “direct” from Google’s servers. He’s right that access to this stuff is policy-based, but then again, I’m not sure what else it could be. In the end, access to everything is policy-based.
His reply to the warrant question is a little clearer, but doesn’t really say anything new. Section 702 warrants are indeed very broad, and once issued can cover communications from a lot of targets. When this stuff is swept up, some of it inevitably turns out to be domestic communications, which NSA is required to either discard or segregate away from the view of analysts according to court-mandated minimization procedures.
Now, does NSA really do this? How do we know? Those are good questions, but Snowden sheds no light on that. He’s just telling us that 702 warrants are very broad, something we already knew.
I really wish Snowden were more forthcoming and less evasive in his answers to questions like this. It’s been over a week now, and if he really has more detail about what “direct access” means, it’s long past time to share it with us. Ditto for any evidence that NSA is abusing its minimization protocols.