Senator Ron Wyden (D-Ore.) grappled with a sinister catch-22. As a member of the Senate Intelligence Committee, he knew the government was systematically spying on its own citizens. But the Oregon Democrat also knew discussing classified programs put him on uncertain ground. So for two years, he could only drop hints that the truth would leave Americans shocked.
Then, during a rare public hearing of the committee this March with Director of National Intelligence James Clapper, Wyden rolled the dice. The senator wanted a yes or no answer: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”
Avoiding eye contact, the agitated Clapper immediately replied, “No, sir.”
Wyden looked surprised. “It does not?” he asked.
“Not wittingly,” Clapper said, clarifying that some Americans’ records might, hypothetically, be collected.
Then in early June, the story broke wide open. Glenn Greenwald and the Guardian published a secret court order mandating that Verizon share its customers’ telephony metadata. It soon emerged that all major American telecoms have been in similar arrangements since 2006.
Clapper lied. Wyden knew it. But the senator was unable to challenge him.
The legal interpretations that justify the telephone metadata program under Section 215 of the PATRIOT Act remain secret. So do those that justify the PRISM Internet surveillance program under Section 702 of the Foreign Intelligence Surveillance Act (FISA). But one thing is clear: Intelligence officials have repeatedly lied under oath about domestic surveillance. Documents leaked by former NSA contractor Edward Snowden have consistently contradicted the bureaucratic line, forcing revisions that reliably conflict with subsequent revelations.
And these are lies, as surely as the sky is blue. No amount of tortured rhetoric or blatant falsehood can change the fact that, on a daily basis, the NSA archives the location of every domestic person who uses a phone, or that it reads innumerable citizens’ private Internet communications without intervening judicial review. The documents that reveal this were published weeks ago, but intelligence leaders are essentially betting the public will not fully grasp them.
Six days after the Verizon leak, NSA Director Keith Alexander offered opaque explanations of domestic surveillance in a previously scheduled Senate hearing. He claimed the FBI, not the NSA, accesses telephony metadata under Section 215. He said his agency merely passes along entries relevant to specific investigations.
Alexander added that officials must acquire a court order — presumably from the secret FISA Court — to access further information, as through a wiretap. He cast his agency as part of a cooperative framework and pointed to judicial oversight.
That effort continued in a special open session of the House Intelligence Committee. Theoretically convened to provide oversight, the hearing featured carefully prepared statements by the intelligence officials and seemingly scripted exchanges with the two committee leaders. Intelligence officials boasted that the two leaked surveillance programs had prevented more than 50 terrorist attacks. The four plots they specified grabbed headlines. But the claim was subsequently challenged by Senator Wyden and his Intelligence Committee colleague Mark Udall (D-Colo.), as well as various journalists.
The real story was the programs themselves. FBI Deputy Director Sean Joyce stated that usually his agency, not the NSA, directly analyzes telephony metadata, requesting it from the NSA with a specific, personalized court order. Alexander agreed, saying his agency analyzes metadata in few cases. Yet he previously stated it never does. Did he confuse basic procedure? The NSA director seemed to know precisely what he was saying. He repeatedly, explicitly asserted one claim at one hearing, the other at another.
Furthermore, Alexander and others pronounced unequivocally that the program collects no location data. Yet the Verizon order demands each domestic call’s “trunk identifier.” In this context, the trunk is a network node routing all phone traffic in an area. That means if someone in the United States has a telephone conversation, the NSA archives each party’s general location. (A writer at the New Yorker suggests that “This single piece of data can locate a phone within approximately a square kilometer.”)
PRISM, the program that gathers online communications from American Internet companies, including Google and Facebook, is justified under Section 702 of the Foreign Intelligence Surveillance Act, which only allows surveillance of non-Americans on foreign soil. Officials argued that excruciating care is taken to avoid broader surveillance: Any inadvertently collected data are immediately thrown out, and monitoring is immediately terminated if a target enters the United States.
Yet two NSA documents detailing Section 702 surveillance procedures under Bush and Obama tell a very different story. They discuss collection of telephone and Internet data well beyond PRISM, including many loopholes for retaining Americans’ communications. The first, “Exhibit A,” outlines targeting procedures to determine nationality and location. Illustrating its breadth, only one subsection of the document discusses communication platforms based in the United States (e.g. “Hotmail”), which PRISM is restricted to. Analysts, not judges, evaluate whether a target is foreign, i.e. surveillable. Procedural lapses must be reported, but everything depends on bureaucratic discretion.
If the NSA has no “specific information” about nationality or location, and absent a “reasonable belief” of U.S. citizenship, it assumes the target is foreign. If there is conflicting information about whether a target under surveillance has entered the United States, the agency assumes so and “terminates acquisition.” Analysts can view the content of the communications (perhaps yours) as a last resort to make these determinations.
“Exhibit B” outlines procedures to minimize inadvertent collection beyond the authority of Section 702. Many such “electronic communications” are “acquired because of limitations on NSA’s ability to filter communications.” However, significant loopholes permit Americans’ “inadvertently collected communications” to be kept six months or longer. The NSA may also archive a communication for five years without verifying the identity of its participants.
If it perceives “an immediate threat to human life,” the NSA may circumvent minimization procedures, so long as it subsequently notifies oversight authorities. But it is unclear how an “immediate” threat is defined, and the national security state is adept at stretching such terms. The White House argued that Anwar Al-Awlaki, an American citizen, perpetually posed an “immanent” threat to the U.S. in order to justify killing him with a drone.
Intelligence can be used whether or not it is collected in accordance with federal law. A “communication…reasonably believed to contain significant foreign intelligence information…may be provided to the [FBI] for possible dissemination,” rendering substanceless the pledge that such inadvertently collected data are expunged. Even a communication devoid of intelligence value may be retained if it “is reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed.” The attorney general must provide a written extension for such retention after six months.
Inadvertently collected communications that reveal security vulnerabilities may be retained. So can communications between someone under criminal indictment and his or her attorney -- containing foreign intelligence, though prosecutors are not allowed to access it. And encrypted or coded messages may be kept until they can be cracked. The House committee witnesses noted that “reverse targeting,” whereby an American or domestic person is caught up in the targeting of a foreigner, is strictly forbidden. Yet neither document mentions or ostensibly precludes this.
More recently, the Guardian disclosed online surveillance designed to amass domestic metadata, which could reveal personal details, such as email and browsing history. These programs’ names — EvilOlive, ShellTrumpet, MoonLightPath, Spinneret — add to a growing list that includes Marina, Mainway, Prism, Nucleon, and four flavors of Ragtime: A, B, C, and P (as in PATRIOT). They are part of an integrated system. Understanding them in the macro is crucial to understanding their collective objective: What Uncle Sam wants to know about whom.
That basic question looms over this story. Why does the government hesitate to answer? Would understanding how our basic rights are protected endanger us? How is national security served by specious denials? According to the Guardian's U.S. editor-in-chief, the government never raised a specific national security concern about anything it published.
Questions continue to pile up. The public deserves answers, not lies.