Latest Leak: NSA Collects Bulk Email Metadata On Americans

from the so-there's-that... dept

According to a top-secret draft report by the NSA's inspector general – published for the first time today by the Guardian – the agency began "collection of bulk internet metadata" involving "communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States".



Eventually, the NSA gained authority to "analyze communications metadata associated with United States persons and persons believed to be in the United States", according to a 2007 Justice Department memo, which is marked secret.

The internet metadata of the sort NSA collected for at least a decade details the accounts to which Americans sent emails and from which they received emails. It also details the internet protocol addresses (IP) used by people inside the United States when sending emails – information which can reflect their physical location. It did not include the content of emails.

"The internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted," Shawn Turner, the Obama administration's director of communications for National Intelligence, said in a statement to the Guardian.



"The program was discontinued by the executive branch as the result of an interagency review," Turner continued. He would not elaborate further.

In December 2012, for example, the NSA launched one new program allowing it to analyze communications with one end inside the US, leading to a doubling of the amount of data passing through its filters.

Wainstein told Mukasey that giving NSA broader leeway to study Americans' online habits would give the surveillance agency, ironically, greater visibility into the online habits of foreigners – NSA's original mandate.



"NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person," Wainstein wrote, "will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The NSA leaks just keep on coming, and the latest one is a big one. It's concerning the NSA is about the Stellar Wind program -- which had been revealed before, and which former NSA whistleblower Bill Binney has discussed in the past -- but Binney left the NSA in 2001. The latest document is a report from the Inspector General that confirms some of the claims Binney has made in the past, showing that the NSA collected "bulk metadata" on emails of US persons. The program started as only being about non-US persons, but was later expanded by the DOJ in 2007 to cover US persons as well.So, remember all that stuff the NSA and the President and various elected officials were saying about how they're not collecting internet data on Americans? And how they have minimization procedures and all of that? Yeah. So, that was -- yet again -- less than 100% accurate. Or, as Director of National Intelligence James Clapper likes to say, it was, perhaps, the "least untruthful" version of the events, meaning that it wasn't truthful.Of course, the defenders of the program will say that this is okay because it was "just metadata," rather than the contents of email, but that's a huge cop out, since metadata can tell you an awful lot:On top of that, defenders of the metadata collection of phone records claimed that there was no privacy in the phone numbers you called and the duration of calls, because that information was clearly on your phone bill that the company sent to you each month. But that'sthe case with email metadata.For what it's worth, the administration shutdown this particular program in 2011, but that was after it had gone on for 10 years, with the last four involving collecting bulk metadata on Americans.However, as Glenn Greenwald and Spencer Ackerman at the Guardian (who broke this story as well) have noted, they have evidence that at least a similar program continues today:Some of the report actually helps to confirm a Washington Post story from last week about how this bulk metadata collection was initially done under no authority, but when various DOJ officials threatened to resign, they quickly got the FISA court to pull out its trusty giant rubber stamp to allow bulk data collection on emails.The expansion of metadata collection and analysis to cover Americans came about as the NSA insisted this would help them better find foreign threats:Basically this pretty much confirms my earlier post about how the NSA (and the DOJ) are carefully defining "target" in their mandate. Most people believe that since the NSA can only target persons outside the US that they cannot collect data on US persons. However, if (as may be the case) they claim thatis "targeting" non-US persons, it appears they believe they can collect and analyze data on US persons, meaning that they've effectively justified bulk spying on Americans if it might possibly bring to light a foreign threat.One thing that isclearly described is exactly how the NSA is getting access to this data, but from previous leaks, it appears that the data almost certainly comes from working with telcos to install systems that scoop up all data going through major ISPs/backbones. Either way, it seems abundantly clear, yet again, that the NSA surveillance, contrary to statements from the NSA and its defenders, included a ton of information on Americans.

Filed Under: doj, email, metadata, nsa, nsa surveillance, stellar wind