WASHINGTON — Since the disclosure of National Security Agency surveillance documents by the British newspaper The Guardian began this month, President Barack Obama, top intelligence officials and members of Congress have repeatedly assured Americans that they are not the target of the NSA’s sweeping electronic collection system.
“Nobody is listening to your telephone calls,” Obama said when the story broke.
But as experts on American intelligence knew, that was not the whole story. It left out what NSA officials have long called “incidental” collection of Americans’ calls and emails — the routine capture of Americans’ communications in the process of targeting foreign communications.
On Thursday, in the latest release of documents supplied by Edward Snowden, the former NSA contractor now believed to be hiding in Hong Kong, The Guardian published two documents setting out the detailed rules governing the NSA’s intercepts. Dated 2009 and signed by Attorney General Eric Holder, they advise NSA eavesdroppers on how to judge whether a target is a foreigner overseas, and therefore fair game, and what to do when they pick up Americans at home or abroad.
They show, for example, that NSA officers who intercept an American online or on the phone — say, while monitoring the phone or email of a foreign diplomat or a suspected terrorist — can preserve the recording or transcript if they believe the contents include “foreign intelligence information” or evidence of a possible crime. They can likewise preserve the intercept if it contains information on a “threat of serious harm to life or property” or sheds light on technical issues like encryption or vulnerability to cyberattacks.
And while NSA analysts usually have to delete Americans’ names from the reports they write, there are numerous exceptions, including cases where there is evidence that the American in the intercept is working for a terrorist group, foreign country or foreign corporation.
The documents, classified “Secret,” describe the procedures for eavesdropping under Section 702 of the FISA Amendments Act, including an NSA program called Prism that mines Internet communications using services including Gmail and Facebook. They are likely to add fuel for both sides of the debate over the proper limits of the government’s surveillance programs.
They offer a glimpse of a rule-bound intelligence bureaucracy that is highly sensitive to the distinction between foreigners and “U.S. persons,” which technically include not only American citizens and legal residents but American companies and nonprofit organizations as well. The two sets of rules, each nine pages long, belie the image of a rogue intelligence agency recklessly violating Americans’ privacy.
But the very existence of the rules suggests that Americans routinely fall into the NSA’s global net, even if they are not the intended target of the eavesdropping. And since a major focus of American intelligence since 2001 has been the terrorist threat to the United States, calls and emails in and out of the country draw particular attention.
In addition, current and former NSA officials acknowledge that “incidental” collection of Americans’ communications occurs more often today than in the past because of the proliferation of cellphones and email, which can make it harder to determine a person’s identity and location.
A senior U.S. intelligence official said that while the possibility of incidental collection of Americans’ calls and emails has always been acknowledged, NSA’s goal is to target foreigners. “The point we’ve been making is this is not a tool for listening to Americans,” the official said.
Another U.S. official noted that the default procedure when an American is incidentally picked up is to stop listening and destroy the record, and that exceptions are made mostly for threats to security.
“If there’s a terrorist attack planned or a threat of a cyberattack, I think Americans want us to pay attention to it,” the official said. Both officials agreed to discuss the classified rules on condition of anonymity.
But Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said the detailed rules only underscored the intrusion on privacy from NSA’s eavesdropping.
“From the beginning the concern was that the government would sweep up Americans’ communications in the course of surveillance directed at people outside the country,” Jaffer said. “These documents suggest that it’s even worse than we thought.”
He noted a clause about restrictions on the intercept of attorney-client communications but said it allowed wide latitude for sharing such communications inside the government.
“The exceptions swallow the rule,” Jaffer said.
William Banks, an expert on national security law at Syracuse law school, said that many of the issues raised by the leaked documents were thoroughly discussed when the FISA Amendments Act was passed in 2008 and renewed last year. But he said there appeared to be little reason for the rules to be secret.
“I can’t imagine there’s great harm to national security from these rules being out,” Banks said. “If this helps us learn more about what the government’s doing, that’s probably a good thing.”
Snowden, who turns 30 today, is believed to be hiding in Hong Kong as FBI agents and U.S. prosecutors build a criminal case against him for disclosure of classified documents. Officials in Iceland say Snowden’s representatives have contacted them to explore the possibility that he might be granted asylum there.