A newly discovered document has revealed seven hidden variants of the National Security Agency’s Ragtime program. Though Ragtime is intended for NSA’s foreign surveillance, one of the components apparently targets Americans.

Ragtime is a NSA surveillance program that collects the contents of private communications of foreign nationals, including emails and text messages. A newly revealed component of the program, called US-P, seems to be aimed at American citizens.

The term ‘USP’ (US Persons) is used in intelligence circles to refer to American citizens. A document dated November 2011, seen by both ZDNet and UpGuard, revealed the existence of US-P and six other previously unknown Ragtime components. In addition to Ragtime US-P, the newly revealed variants are called Ragtime-BQ, F, N, PQ, S, and T, according to ZDNet.

The document was found among the contents of a highly sensitive hard drive left unprotected and publicly available on an Amazon server. Containing more than 100 gigabytes, the drive belonged to the US Army's Intelligence and Security Command, a subdivision of the Army and NSA.

UpGuard discovered the trove in September and informed the Pentagon. The California-based cybersecurity startup revealed the existence of the vulnerability to the public earlier this month.

Read more

Ragtime collects data from as many as 50 service providers. The program is divided into components, four of which were previously known to exist. Ragtime-A collects foreign-to-foreign counterterrorism data, Ragtime-B focuses on data traveling through the US from foreign governments, and Ragtime-C collects information on the nuclear counterproliferation effort. Ragtime-P is said to stand for the Patriot Act, a broad surveillance program that allows authorities to collect bulk metadata on calls and emails sent through telecom provider networks.

The program’s existence was revealed in the 2013 book ‘Deep State: Inside the Government Secrecy Industry,’ authored by Marc Ambinder and D.B. Grady. Developed in the George W. Bush era following the September 11th attacks, Ragtime is part of a broader collections of systems under the STELLARWIND program of warrantless surveillance programs. The highly secretive program is accessible by only a few NSA staffers.

Congress restricted the Ragtime program following a series of leaks in 2008. The NSA was no longer allowed to collect information under the Ragtime-P variant, however the NSA retained the data and authorized analysts were permitted to use the data previously collected. Of the 30,000 NSA employees, only a few dozen have access to Ragtime data, according to Slate. However, more than 1,000 people “outside the NSA are privy to the full details of the program” according to the revelations in ‘Deep State.’

Though citizens are largely protected from government surveillance by the fourth amendment, there are exceptions, The Foreign Intelligence Surveillance Court can authorize government officials based on probable cause to spy on American citizens suspected of working for a foreign power.

Lawmakers are due to pass a bill to ensure the continuity of the Foreign Intelligence Surveillance Act. If the bill does not pass before the end of the year, the NSA could lose the authorities the program provides. The PRISM program, which was revealed by whistleblower Edward Snowden in 2013, derives authorization from the same act.