An important New York Times investigation from today reported that the NSA "is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country" without warrants or any particularized court order. This new report, coupled with leaked documents published by the Guardian, call into question the accuracy of statements made by government officials about NSA surveillance under Section 702 of the FISA Amendments Act.

The government has previously tried to reassure the public about its Section 702 surveillance, emphasizing that, under Section 702, the government may not “intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States." Indeed, the chair of the Senate Intelligence Committee Senator Feinstein, in a letter to constituents who wrote to her expressing concern about the NSA's spying program, said this: "[T]he government cannot listen to an American’s telephone calls or read their emails without a court warrant issued upon a showing of probable cause."

But the recent disclosures show these reassurances aren't entirely accurate. We’ve written before about the word games the government plays in describing its surveillance practices: “acquire,” “collect,” and “content” are all old government favorites. But the New York Times report shows Feinstein's statement is false, the government's reassurances are misleading, and it’s time to add “target” to the list of word games as well.

When “Target” Means Searching a Specific Person’s Communications

First, at least this much is clear: a “target” under the FAA must be (a) a non-US person and (b) not physically located within the United States. A “person,” for purposes of the FAA, includes individuals as well as “any group, entity, association, corporation, or foreign power.” Under the FAA, the government can thus "target" a single individual (e.g., Vladimir Putin), a small group of people (e.g., Pussy Riot), or a formal corporation or entity (e.g., Gazprom).

So, when the NSA decides to “target” someone (or something), it turns its specific surveillance vacuum at them. The NSA then believes it can intercept and analyze all electronic communications of the target (telephone conversations, email conversations, chat, web browsing, etc) so long as the “target” is overseas and remains overseas. As others have noted, this includes conversations the “target” has with Americans, which would then be “incidentally” collected. Keep in mind this does not require a warrant or even the approval of a court, which is only one way Senator Feinstein's reassurance was demonstrably false. But there's still more.

When “Target” Means Searching Everyone’s Communications

Once a target is established, the NSA believes it can expand the sweep of its interception far more broadly than the communications of the particular, identified target. Notably, the NSA’s procedures state (emphasis added):

[I]n those cases where NSA seeks to acquire communications about the target that are not to or from the target, NSA will either employ an Internet Protocol filter to ensure that the person from whom it seeks to obtain foreign intelligence information is located overseas, or it will target Internet links that terminate in a foreign country.

In plain English: the NSA believes it not only can (1) intercept the communications of the target, but also (2) intercept communications about a target, even if the target isn’t a party to the communication. The most likely way to assess if a communication is “about” a target is to conduct a content analysis of communications, probably based on specific search terms or selectors.

And that, folks, is what we call a content dragnet.

Importantly, under the NSA’s rules, when the agency intercepts communications about a target, the author or speaker of those communications does not, thereby, become a target: the target remains the original, non-US person. But, because the target remains a non-US person, the most robust protection for Americans’ communications under the FISA Amendments Act (and, indeed, the primary reassurance the government has given about the surveillance) flies out the window. If you communicate about a target of NSA surveillance, your citizenship is irrelevant: the only thing standing between you and NSA surveillance is your IP address or the fiber optic path through which your communications flow.

Privacy Protections Must Be Stronger than an IP Address or the Path our Communications Happen to Take

The NSA only limits this type of broad content dragnet in two ways: a filter based on IP addresses or directing its surveillance at “Internet links that terminate in a foreign country.”

Presumably, the IP filter is used in circumstances where the NSA’s surveillance is being conducted on U.S. soil. The agency simply filters out known U.S. IP addresses and scans the content of the rest. But there are a host of reasons that an American’s IP address might not be representative of their location. First, there are a variety of privacy-enhancing technologies – like Tor or VPNs – that could easily make wholly domestic communications appear as though they were occurring overseas. Second, IP addresses, in general, are imperfect measures of a person’s location: if a large ISP (like, for example, AT&T) is assigned a block of IP addresses, an IP address assigned to someone in Canada one day could be assigned to an American the next, and vice versa. And all this, of course, says nothing about nationality or legal status: a given IP address says nothing about the citizenship of the person using the device.

The only other limitation on this type of content dragnet is targeting Internet links in foreign countries. Again, like IP filtering, this is not an effective way to ensure that Americans’ communications are not intercepted and analyzed. In particular, because third-party providers (like Google, Yahoo, or Microsoft) tend to have redundant and distributed operations around the world, there’s a very real chance that your wholly domestic email, sent between two U.S. citizens might travel and be "stored" on data centers around the world. Targeting an “Internet link” that terminates abroad would inevitably carry large amounts of purely "domestic" communications.

An Example: Targeting Vladimir Putin (and Everyone Else)

At this point, it might be useful to provide an example. Say the NSA wants to target Vladimir Putin, the President of Russia, under Section 702. Putin is (a) a non-US-person, (b) (usually) located outside the United States, and (c) would clearly be expected to communicate foreign intelligence information. He is thus eligible for targeting under Section 702. The NSA would then intercept Putin’s calls, emails, chats, and other communications (including those directed at the United States and involving United States citizens).

Under the NSA’s rules, though, the agency can also intercept all communications about Putin. To accomplish this, NSA presumably performs a content analysis -- probably occurring both within the United States and overseas -- of large swaths of communications, using deep packet inspection to root out electronic communications about Putin.

In this example, under the NSA’s procedures, a U.S. citizen sending an email about Putin’s frequent, shirtless poses to another U.S. citizen could have their communications intercepted and analyzed by NSA under a variety of conditions:

if they're outside the U.S.;

if they're inside the U.S., using Tor, and their IP address looks like it's outside the U.S.;

if they're inside the U.S., using a VPN, and their IP address looks like it's outside the U.S.;

if they're inside the U.S. and their IP address doesn't accurately reflect their location for any host of reasons;

if they're inside the U.S. and their communications are backed up or stored abroad.

In each of these examples, the NSA believes it has the authority to intercept your communications, even though in most examples the person doing the communicating is (1) a US person, (2) located within the United States, (3) communicating with someone within the United States, and (4) not communicating with the "target" of an investigation. While the NSA may not intercept every email about Putin’s shirtless poses, based on its procedures, it believes it has the authority. Such an interpretation of the government’s authority under the FAA violates the spirit, if not the letter, of the law. Not to mention the Constitution.

After a Full and Public Investigation, We Need to Rein in the NSA's Use of Section 702



Lately, the focus of the NSA debate has shifted to the NSA’s domestic associational tracking program — the collection and storage of millions of Americans call record information. And rightly so: the program is unconstitutional, and EFF has filed suit to stop it immediately. But Section 702 should not be forgotten: it needs attention ­— and reform —as well.

As the debate continues, when Senator Feinstein tells you that “the government cannot listen to an American's telephone calls or read their emails without a court warrant issued upon a showing of probable cause,” she’s not telling you the truth: the government can read your emails without ever even asking a judge and without even attempting to demonstrate that probable cause exists, just so long as your emails have a “foreign” IP address or your communications happen to leave the country.

Our constitutional right to communicate without our government listening in has been fundamentally reinterpreted and diminished in secret: the NSA's procedures show that all that stands between government surveillance of our communication is an IP address. But the constitution demands more. Join us, and over 500,000 others, in calling on Congress to establish a special committee to investigate the NSA’s domestic spying operation, to rein in the laws the government uses to conduct this type of spying, and to hold elected officials accountable for misleading the American public.