(updated below [Wed.])

Since we began began publishing stories about the NSA's massive domestic spying apparatus, various NSA defenders – beginning with President Obama - have sought to assure the public that this is all done under robust judicial oversight. "When it comes to telephone calls, nobody is listening to your telephone calls," he proclaimed on June 7 when responding to our story about the bulk collection of telephone records, adding that the program is "fully overseen" by "the Fisa court, a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them". Obama told Charlie Rose last night:

"What I can say unequivocally is that if you are a US person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause, the same way it's always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause."

The GOP chairman of the House Intelligence Committee, Mike Rogers, told CNN that the NSA "is not listening to Americans' phone calls. If it did, it is illegal. It is breaking the law." Talking points issued by the House GOP in defense of the NSA claimed that surveillance law only "allows the Government to acquire foreign intelligence information concerning non-U.S.-persons (foreign, non-Americans) located outside the United States."

The NSA's media defenders have similarly stressed that the NSA's eavesdropping and internet snooping requires warrants when it involves Americans. The Washington Post's Charles Lane told his readers: "the government needs a court-issued warrant, based on probable cause, to listen in on phone calls." The Post's David Ignatius told Post readers that NSA internet surveillance "is overseen by judges who sit on the Foreign Intelligence Surveillance Court" and is "lawful and controlled". Tom Friedman told New York Times readers that before NSA analysts can invade the content of calls and emails, they "have to go to a judge to get a warrant to actually look at the content under guidelines set by Congress."

This has become the most common theme for those defending NSA surveillance. But these claim are highly misleading, and in some cases outright false.

Top secret documents obtained by the Guardian illustrate what the Fisa court actually does – and does not do – when purporting to engage in "oversight" over the NSA's domestic spying. That process lacks many of the safeguards that Obama, the House GOP, and various media defenders of the NSA are trying to lead the public to believe exist.

No individualized warrants required under 2008 Fisa law

Many of the reasons these claims are so misleading is demonstrated by the law itself. When the original Fisa law was enacted in 1978, its primary purpose was to ensure that the US government would be barred from ever monitoring the electronic communications of Americans without first obtaining an individualized warrant from the Fisa court, which required evidence showing "probable cause" that the person to be surveilled was an agent of a foreign power or terrorist organization.

That was the law which George Bush, in late 2001, violated, when he secretly authorized eavesdropping on the international calls of Americans without any warrants from that court. Rather than act to punish Bush for those actions, the Congress, on a bipartisan basis in 2008, enacted a new, highly diluted Fisa law – the Fisa Amendments Act of 2008 (FAA) – that legalized much of the Bush warrantless NSA program.

Under the FAA, which was just renewed last December for another five years, no warrants are needed for the NSA to eavesdrop on a wide array of calls, emails and online chats involving US citizens. Individualized warrants are required only when the target of the surveillance is a US person or the call is entirely domestic. But even under the law, no individualized warrant is needed to listen in on the calls or read the emails of Americans when they communicate with a foreign national whom the NSA has targeted for surveillance.

As a result, under the FAA, the NSA frequently eavesdrops on Americans' calls and reads their emails without any individualized warrants – exactly that which NSA defenders, including Obama, are trying to make Americans believe does not take place. As Yale Law professor Jack Balkin explained back in 2009:



"The Fisa Amendments Act of 2008, effectively gives the President - now President Obama - the authority to run surveillance programs similar in effect to the warrantless surveillance program [secretly implemented by George Bush in late 2001]. That is because New Fisa no longer requires individualized targets in all surveillance programs. Some programs may be 'vacuum cleaner' programs that listen to a great many different calls (and read a great many e-mails) without any requirement of a warrant directed at a particular person as long as no US person is directly targeted as the object of the program. . . . "New Fisa authorizes the creation of surveillance programs directed against foreign persons (or rather, against persons believed to be outside the United States) – which require no individualized suspicion of anyone being a terrorist, or engaging in any criminal activity. These programs may inevitably include many phone calls involving Americans, who may have absolutely no connection to terrorism or to Al Qaeda."

As the FAA was being enacted in mid-2008, Professor Balkin explained that "Congress is now giving the President the authority to do much of what he was probably doing (illegally) before".

The ACLU's Deputy Legal Director, Jameel Jaffer, told me this week by email:

"On its face, the 2008 law gives the government authority to engage in surveillance directed at people outside the United States. In the course of conducting that surveillance, though, the government inevitably sweeps up the communications of many Americans. The government often says that this surveillance of Americans' communications is 'incidental', which makes it sound like the NSA's surveillance of Americans' phone calls and emails is inadvertent and, even from the government's perspective, regrettable. "But when Bush administration officials asked Congress for this new surveillance power, they said quite explicitly that Americans' communications were the communications of most interest to them. See, for example, Fisa for the 21st Century, Hearing Before the S. Comm. on the Judiciary, 109th Cong. (2006) (statement of Michael Hayden) (stating, in debate preceding passage of FAA's predecessor statute, that certain communications 'with one end in the United States" are the ones "that are most important to us'). The principal purpose of the 2008 law was to make it possible for the government to collect Americans' international communications - and to collect those communications without reference to whether any party to those communications was doing anything illegal. And a lot of the government's advocacy is meant to obscure this fact, but it's a crucial one: The government doesn't need to 'target' Americans in order to collect huge volumes of their communications."

That's why Democratic senators such as Ron Wyden and Mark Udall spent years asking the NSA: how many Americans are having their telephone calls listened to and emails read by you without individualized warrants? Unlike the current attempts to convince Americans that the answer is "none", the NSA repeatedly refused to provide any answers, claiming that providing an accurate number was beyond their current technological capabilities. Obviously, the answer is far from "none".

Contrary to the claims by NSA defenders that the surveillance being conducted is legal, the Obama DOJ has repeatedly thwarted any efforts to obtain judicial rulings on whether this law is consistent with the Fourth Amendment or otherwise legal. Every time a lawsuit is brought contesting the legality of intercepting Americans' communications without warrants, the Obama DOJ raises claims of secrecy, standing and immunity to prevent any such determination from being made.

The emptiness of 'oversight' from the secret Fisa court

The supposed safeguard under the FAA is that the NSA annually submits a document setting forth its general procedures for how it decides on whom it can eavesdrop without a warrant. The Fisa court then approves those general procedures. And then the NSA is empowered to issue "directives" to telephone and internet companies to obtain the communications for whomever the NSA decides – with no external (i.e. outside the executive branch) oversight – complies with the guidelines it submitted to the court.

In his interview with the president last night, Charlie Rose asked Obama about the oversight he claims exists: "Should this be transparent in some way?" Obama's answer: "It is transparent. That's why we set up the Fisa Court." But as Politico's Josh Gerstein noted about that exchange: Obama was "referring to the Foreign Intelligence Surveillance Court – which carries out its work almost entirely in secret." Indeed, that court's orders are among the most closely held secrets in the US government. That Obama, when asked about transparency, has to cite a court that operates in complete secrecy demonstrates how little actual transparency there is to any this.

The way to bring actual transparency to this process it to examine the relevant Top Secret Fisa court documents. Those documents demonstrate that this entire process is a fig leaf, "oversight" in name only. It offers no real safeguards. That's because no court monitors what the NSA is actually doing when it claims to comply with the court-approved procedures. Once the Fisa court puts its approval stamp on the NSA's procedures, there is no external judicial check on which targets end up being selected by the NSA analysts for eavesdropping. The only time individualized warrants are required is when the NSA is specifically targeting a US citizen or the communications are purely domestic.

When it is time for the NSA to obtain Fisa court approval, the agency does not tell the court whose calls and emails it intends to intercept. It instead merely provides the general guidelines which it claims are used by its analysts to determine which individuals they can target, and the Fisa court judge then issues a simple order approving those guidelines. The court endorses a one-paragraph form order stating that the NSA's process "'contains all the required elements' and that the revised NSA, FBI and CIA minimization procedures submitted with the amendment 'are consistent with the requirements of [50 U.S.C. §1881a(e)] and with the fourth amendment to the Constitution of the United States'". As but one typical example, the Guardian has obtained an August 19, 2010, Fisa court approval from Judge John Bates which does nothing more than recite the statutory language in approving the NSA's guidelines.

Once the NSA has this court approval, it can then target anyone chosen by their analysts, and can even order telecoms and internet companies to turn over to them the emails, chats and calls of those they target. The Fisa court plays no role whatsoever in reviewing whether the procedures it approved are actually complied with when the NSA starts eavesdropping on calls and reading people's emails.

The guidelines submitted by the NSA to the Fisa court demonstrate how much discretion the agency has in choosing who will be targeted. Those guidelines also make clear that, contrary to the repeated assurances from government officials and media figures, the communications of American citizens are – without any individualized warrant – included in what is surveilled.

The specific guidelines submitted by the NSA to the Fisa court in July 2009 – marked Top Secret and signed by Attorney General Eric Holder – state that "NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person." It includes information that the NSA analyst uses to make this determination – including IP addresses, statements made by the potential target, and other information in the NSA databases.

The decision to begin listening to someone's phone calls or read their emails is made exclusively by NSA analysts and their "line supervisors". There is no outside scrutiny, and certainly no Fisa court involvement. As the NSA itself explained in its guidelines submitted to the Fisa court:

"Analysts who request tasking will document in the tasking database a citation or citations to the information that led them to reasonably believe that a targeted person is located outside the United States. Before tasking is approved, the database entry for that tasking will be reviewed in order to verify that the database entry contains the necessary citations."

The only oversight for monitoring whether there is abuse comes from the executive branch itself: from the DOJ and Director of National Intelligence, which conduct "periodic reviews … to evaluate the implementation of the procedure." At a hearing before the House Intelligence Committee Tuesday afternoon, deputy attorney general James Cole testified that every 30 days, the Fisa court is merely given an "aggregate number" of database searches on US domestic phone records.

Warrantless interception of Americans' communications

Obama and other NSA defenders have repeatedly claimed that "nobody" is listening to Americans' telephone calls without first obtaining warrants. This is simply false. There is no doubt that some of the communications intercepted by the NSA under this warrantless scheme set forth in FAA's section 702 include those of US citizens. Indeed, as part of the Fisa court approval process, the NSA submits a separate document, also signed by Holder, which describes how communications of US persons are collected and what is done with them.

One typical example is a document submitted by the NSA in July 2009. In its first paragraph, it purports to set forth "minimization procedures" that "apply to the acquisition, retention, use, and dissemination of non-publicly available information concerning unconsenting United States persons that is acquired by targeting non-United States persons reasonably believed to be located outside the United States in accordance with section 702 of the Foreign Intelligence Surveillance Act of 1978, as amended."

That document provides that "communications of or concerning United States persons that may be related to the authorized purpose of the acquisition may be forwarded to analytic personnel responsible for producing intelligence information from the collected data." It also states that "such communications or information" - those from US citizens - "may be retained and disseminated" if it meets the guidelines set forth in the NSA's procedures.

Those guidelines specifically address what the NSA does with what it calls "domestic communications", defined as "communications in which the sender and all intended recipients are reasonably believed to be located in the United States at the time of acquisition". The NSA expressly claims the right to store and even disseminate such domestic communication if: (1) "it is reasonably believed to contain significant foreign intelligence information"; (2) "the communication does not contain foreign intelligence information but is reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed"; or (3) "the communication is reasonably believed to contain technical data base information, as defined in Section 2(i), or information necessary to understand or assess a communications security vulnerability."

Although it refuses to say how many Americans have their communications intercepted without warrants, there can be no question that the NSA does this. That's precisely why they have created elaborate procedures for what they do when they end up collecting Americans' communications without warrants.

Vast discretion vested in NSA analysts

The vast amount of discretion vested in NSA analysts is also demonstrated by the training and briefings given to them by the agency. In one such briefing from an official with the NSA's general counsel's office - a top secret transcript of which was obtained by the Guardian, dated 2008 and then updated for 2013 - NSA analysts are told how much the new Fisa law diluted the prior standards and how much discretion they now have in deciding whose communications to intercept:



"The court gets to look at procedures for saying that there is a reasonable belief for saying that a target is outside of the United States. Once again - a major change from the targeting under Fisa. Under Fisa you had to have probable cause to believe that the target was a foreign power or agent of a foreign power. Here all you need is a reasonable belief that the target is outside of the United States ... "Now, all kinds of information can be used to this end. There's a list in the targeting procedures: phone directories, finished foreign intelligence, NSA technical analysis of selectors, lead information. Now, you don't have to check a box in every one of those categories. But you have to look at everything you've got and make a judgment. Looking at everything, do you have a reasonable belief that your target is outside the United States? So, cast your search wide. But don't feel as though you have to have something in every category. In the end, what matters is, 'Does all that add up to a reasonable belief that your target is outside the United States?'"

So vast is this discretion that NSA analysts even have the authority to surveil communications between their targets and their lawyers, and that information can be not just stored but also disseminated. NSA procedures do not ban such interception, but rather set forth procedures to be followed in the event that the NSA analyst believes they should be "disseminated".

The decisions about who has their emails and telephone calls intercepted by the NSA is made by the NSA itself, not by the Fisa court, except where the NSA itself concludes the person is a US citizen and/or the communication is exclusively domestic. But even in such cases, the NSA often ends up intercepting those communications of Americans without individualized warrants, and all of this is left to the discretion of the NSA analysts with no real judicial oversight.

Legal constraints v technical capabilities

What is vital to recognize is that the NSA is collecting and storing staggering sums of communications every day. Back in 2010, the Washington Post reported that "every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications." Documents published by the Guardian last week detail that, in March 2013, the NSA collected three billions of pieces of intelligence just from US communications networks alone.

In sum, the NSA is vacuuming up enormous amounts of communications involving ordinary Americans and people around the world who are guilty of nothing. There are some legal constraints governing their power to examine the content of those communications, but there are no technical limits on the ability either of the agency or its analysts to do so. The fact that there is so little external oversight is what makes this sweeping, suspicion-less surveillance system so dangerous. It's also what makes the assurances from government officials and their media allies so dubious.

A senior US intelligence official told the Guardian: "Under section 702, the Fisa court has to approve targeting and minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence."

"The targeting procedures ensure that the targets of surveillance are reasonably believed to be non-US persons outside of the US", the official added.

"Moreover, decisions about targeting are memorialized, reviewed on a regular basis and audited. Moreover, Congress clearly understood that even when the government is targeting foreign persons for collection, communications of US persons may be acquired if those persons are in communication with the foreign targets, for example as was testified to in today's hearing when Najibullah Zazi communicated with a foreign terrorist whose communications were being targeted under Section 702.

"That," the official continued, "is why the statute requires that there be minimization procedures to ensure that when communications of, or concerning, US persons are acquired in the course of lawful collection under Section 702, that information is minimized and is retained and disseminated only when appropriate. These procedures are approved on an annual basis by the Fisa court.

"Compliance with them is extensively overseen by the intelligence community, the DOJ, the ODNI and Inspectors General," the official said. "Both the Fisa court and Congress receive regular reports on compliance."

UPDATE [Wed.]

The classified documents referenced here that were submitted by the NSA to the FISA court are now published here.

• The story was amended on 21 June to correct a quote attributed to Yale law professor Jack Balkin. Balkin has corrected the original statement on his blog, which now reads: programs can "listen to a great many different calls (and read a great many e-mails) without any requirement of a warrant".