Group items tagged

The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.

This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:

Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight. Yikes! Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

On Friday, James Clapper finally provided Ron Wyden an unclassified response to a question he posed on January 29, admitting that the NSA conducts back door searches. (via Charlie Savage) As reflected in the August 2013 Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702, which we declassified and released on August 21, 2013, there have been queries, using U.S. person identifiers, of communications lawfully acquired to obtain foreign intelligence by targeting non U.S. persons reasonably believed to be located outside the U.S. pursuant to Section 702 of FISA. It has taken just 9 months for Clapper to admit that, contrary to months of denials, the NSA (and FBI, which he doesn’t confirm but which the Report makes clear, as well as the CIA) can get the content of Americans’ communications without a warrant. But Clapper’s admission that this fact was declassified in August should disqualify Vice Admiral Mike Rogers from confirmation as CyberComm head (I believe he started serving as DIRNSA head, which doesn’t require confirmation, yesterday). Because it means Rogers refused to answer a question the response to which was already declassified.

Udall: If I might, in looking ahead, I want to turn to the 702 program and ask a policy question about the authorities under Section 702 that’s written into the FISA Amendments Act. The Committee asked your understanding of the legal rationale for NASA [sic] to search through data acquired under Section 702 using US person identifiers without probable cause. You replied the NASA–the NSA’s court approved procedures only permit searches of this lawfully acquired data using US person identifiers for valid foreign intelligence purposes and under the oversight of the Justice Department and the DNI. The statute’s written to anticipate the incidental collection of Americans’ communications in the course of collecting the communications of foreigners reasonably believed to be located overseas. But the focus of that collection is clearly intended to be foreigners’ communications, not Americans. But declassified court documents show that in 2011 the NSA sought and obtained the authority to go through communications collected under Section 702 and conduct warrantless searches for the communications of specific Americans. Now, my question is simple. Have any of those searches been conducted?

Rogers: I apologize Sir, I’m not in a position to answer that as the nominee. Udall: You–yes. Rogers: But if you would like me to come back to you in the future if confirmed to be able to specifically address that question I will be glad to do so, Sir. Udall: Let me follow up on that. You may recall that Director Clapper was asked this question in a hearing earlier this year and he didn’t believe that an open forum was the appropriate setting in which to discuss these issues. The problem that I have, Senator Wyden’s had, and others is that we’ve tried in various ways to get an unclassified answer — simple answer, yes or no — to the question. We want to have an answer because it relates — the answer does — to Americans’ privacy. Can you commit to answering the question before the Committee votes on your nomination?

Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.

Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 

While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.

Four days before a sweeping government surveillance law was set to expire last year, Sen. Dianne Feinstein, the chairman of the chamber’s Intelligence Committee, took to the Senate floor. She touted the law’s value by listing some of the terrorist attacks it had helped thwart, including “a plot to bomb a downtown Chicago bar” that fall. “So I believe the FISA Amendments Act is important,” the California Democrat said before a vote to extend the 2008 law, “and these cases show the program has worked.”Today, however, the government is refusing to say whether that law was used to develop evidence to charge Adel Daoud, a 19-year-old Chicago man accused of the bomb plot.And Daoud’s lawyers said in a motion filed Friday that the reason is simple. The government, they said, wants to avoid a constitutional challenge to the law, which governs a National Security Agency surveillance program that has once again become the focus of national debate over its reach into Americans’ private communications.“Whenever it is good for the government to brag about its success, it speaks loudly and publicly,” lawyers Thomas Durkin and Joshua Herman wrote in their motion. “When a criminal defendant’s constitutional rights are at stake, however, it quickly and unequivocally clams up under the guise of State Secrets.”

Four days before a sweeping government surveillance law was set to expire last year, Sen. Dianne Feinstein, the chairman of the chamber’s Intelligence Committee, took to the Senate floor. She touted the law’s value by listing some of the terrorist attacks it had helped thwart, including “a plot to bomb a downtown Chicago bar” that fall. “So I believe the FISA Amendments Act is important,” the California Democrat said before a vote to extend the 2008 law, “and these cases show the program has worked.”Today, however, the government is refusing to say whether that law was used to develop evidence to charge Adel Daoud, a 19-year-old Chicago man accused of the bomb plot.And Daoud’s lawyers said in a motion filed Friday that the reason is simple. The government, they said, wants to avoid a constitutional challenge to the law, which governs a National Security Agency surveillance program that has once again become the focus of national debate over its reach into Americans’ private communications.“Whenever it is good for the government to brag about its success, it speaks loudly and publicly,” lawyers Thomas Durkin and Joshua Herman wrote in their motion. “When a criminal defendant’s constitutional rights are at stake, however, it quickly and unequivocally clams up under the guise of State Secrets.”

If the government acknowledged that it had used evidence derived from the FISA Amendments Act, Daoud would have standing to challenge the law’s constitutionality. Specifically, Daoud’s lawyers would be able to take on a provision known as Section 702. The law permits the interception of foreign targets’ ­e-mails and phone calls without an individual warrant, including when the foreigners are in communication with Americans or legal residents.The U.S. Supreme Court in February rejected a constitutional challenge to Section 702 by a group of journalists, lawyers and human rights advocates, saying they had no standing to sue because they had not proved that their communications had been intercepted.But the court also said that if the government intends to use information derived from the Section 702 surveillance in a prosecution “it must provide advance notice of its intent,” and a defendant may challenge the lawfulness of the surveillance. The government assured the court that it would give such notice to criminal defendants.In a filing this month in Chicago, U.S. Attorney Gary S. Shapiro refused to say whether the evidence was obtained under Section 702. Instead, he said, the government told Daoud the evidence was acquired pursuant to a traditional FISA court order, rather than under the expanded surveillance program authorized in 2008. A traditional order requires the government to go to a FISA judge and show probable cause that the target is an agent of a foreign power.Daoud’s attorneys say in their pleading that the government is being disingenuous. “We believe it is clear that the evidence . . . came from Section 702,” Durkin said in an interview. “Either Senator Feinstein’s information was correct in December 2012, or she was given wrong information. The government has never disputed what she said.”

The Senate Judiciary Committee held an open hearing today on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However—thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials—we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans. What do we mean by “countless”? As became increasingly clear in the hearing today, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”

Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs. None of the other panel participants—which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein—offered an estimate. Today’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary Committee are left to speculate about just how far-reaching this surveillance is. It's part of the reason why we urged the House Judiciary Committee to demand that the Intelligence Community provide the public with a number. 

The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing today, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs."  Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted. Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”  David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:

The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden. A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans." That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations. If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.

FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate. In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."

FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information." In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.

Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else. Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.

In order to allow time for analysis and outside reporting, neither Snowden nor The Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden’s reach. The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.

Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks.

Yesterday, the Guardian released two previously-classified documents describing the internal "minimization" and "targeting" procedures used by the NSA to conduct surveillance under Section 702. These procedures are approved by the Foreign Intelligence Surveillance Court (FISC) on an annual basis and are supposed to serve as the bulwark between the NSA's vast surveillance capabilities and the private communications of Americans. As we noted earlier today, the procedures, themselves, aren't reassuring: far too much discretion is retained by NSA analysts, the procedures frequently resolve doubt in favor of collection, and information is obtained that could otherwise never be obtained without a warrant. Which would be bad enough, if it were the end of the story. But it's not.

Unless the government substantially changed the procedures between August 2010 and October 2011, these are the very procedures that the FISC eventually found resulted in illegal and unconstitutional surveillance. In October 2011, the FISC issued an 86-page opinion finding that collection carried out under the NSA's classified minimization procedures was unconstitutional. The opinion remains secret, but it is very likely that yesterday's leaked NSA documents show the very minimization procedures the Director of National Intelligence admitted the FISC had found resulted in surveillance that was “unreasonable under the Fourth Amendment" and "circumvented the spirit of the law." And for good reason: the procedures are unconstitutional. They allow for the government to obtain and keep huge amounts of information it could never Constitutionally get without a warrant based on probable cause. As we explained, the procedures are designed such that the NSA will routinely fail to exclude or remove United States persons' communications, and the removal of those communications are wholly entrusted to the "reasonable discretion" of an analyst.  

Yesterday, the Guardian released two previously-classified documents describing the internal "minimization" and "targeting" procedures used by the NSA to conduct surveillance under Section 702. These procedures are approved by the Foreign Intelligence Surveillance Court (FISC) on an annual basis and are supposed to serve as the bulwark between the NSA's vast surveillance capabilities and the private communications of Americans. As we noted earlier today, the procedures, themselves, aren't reassuring: far too much discretion is retained by NSA analysts, the procedures frequently resolve doubt in favor of collection, and information is obtained that could otherwise never be obtained without a warrant. Which would be bad enough, if it were the end of the story. But it's not. The targeting and minimization documents released yesterday are dated a few months after the first publicly known scandal over the new FAA procedures: In April 2009, the New York Times reported that Section 702 surveillance had “intercepted the private e-mail messages and phone calls of Americans . . . on a scale that went beyond the broad legal limits established by Congress." In June 2009, the Times reported that members of Congress were saying NSA's "recent intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged." Rep. Rush Holt described the problems as "so flagrant that they can't be accidental."

A Senate bill promoted as a surveillance reform would codify the ability of the National Security Agency to search its troves of foreign phone and email communications for Americans’ information, and permit law enforcement agencies to search the vast databases as well. The Fisa Improvements Act, promoted by Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, would both make permanent a loophole permitting the NSA to search for Americans’ identifying information without a warrant – and, civil libertarians fear, contains an ambiguity that might allow the FBI, the DEA and other law enforcement agencies to do the same thing. “For the first time, the statute would explicitly allow the government to proactively search through the NSA data troves of information without a warrant,” said Michelle Richardson, the surveillance lobbyist for the ACLU.

“It may also expand current practices by allowing law enforcement to directly access US person information that was nominally collected for foreign intelligence purposes. This fourth amendment back door needs to be closed, not written into stone.” Feinstein’s bill passed the committee on an 11 to 4 vote on 31 October. An expanded report on its provisions released by the committee this week added details about the ability of both intelligence and law enforcement to sift through foreign communications databases that it accumulates under section 702 of the Fisa Amendments Act of 2008. Section 6 of Feinstein’s bill blesses what her committee colleague Ron Wyden, the Oregon Democrat and civil libertarian, has called the “backdoor search provision,” which the Guardian revealed thanks to a leak by Edward Snowden.  The section permits intelligence agencies to search “the contents of communications” collected primarily overseas for identifying information on US citizens, resident aliens and people inside the US, provided that the “purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.”

Section 6 bills itself as a “restriction,” but it would not stop the NSA from performing the warrantless search, merely requiring intelligence agencies to log their queries and make them “available for review” to Congress, the Fisa court, the Justice Department and inspectors general inside the executive branch. Additionally, the report on Section 6 explicitly states that the provision “does not limit the authority of law enforcement agencies to conduct queries of data acquired pursuant to Section 702 of Fisa for law enforcement purposes.” There is ambiguity surrounding whether the FBI can currently search through the NSA’s foreign communications databases, or is reliant on the NSA to pass on information from the databases relevant to the bureau. A declassified Fisa court document from 2011 refers to “FBI minimization procedures,” but it is unclear what those procedures are. A copy of the FBI minimization procedures from 2009, acquired by the ACLU under the Freedom of Information Act is almost completely redacted. So is the section in the government’s most recent report on its Section 702 collection dealing with the FBI’s role, though it contains references to how the FBI “receive[s] … unminimized Section 70 acquired communications” from the NSA. 

A member of the White House review panel on NSA surveillance said he was “absolutely” surprised when he discovered the agency’s lack of evidence that the bulk collection of telephone call records had thwarted any terrorist attacks.

“It was, ‘Huh, hello? What are we doing here?’” said Geoffrey Stone, a University of Chicago law professor, in an interview with NBC News. “The results were very thin.”While Stone said the mass collection of telephone call records was a “logical program” from the NSA’s perspective, one question the White House panel was seeking to answer was whether it had actually stopped “any [terror attacks] that might have been really big.” Advertise | AdChoices “We found none,” said Stone. Under the NSA program, first revealed by ex-contractor Edward Snowden, the agency collects in bulk the records of the time and duration of phone calls made by persons inside the United States.Stone was one of five members of the White House review panel – and the only one without any intelligence community experience – that this week produced a sweeping report recommending that the NSA’s collection of phone call records be terminated to protect Americans’ privacy rights.The panel made that recommendation after concluding that the program was “not essential in preventing attacks.”“That was stunning. That was the ballgame,” said one congressional intelligence official, who asked not to be publicly identified. “It flies in the face of everything that they have tossed at us.”

The conclusions of the panel’s reports were at direct odds with public statements by President Barack Obama and U.S. intelligence officials. “Lives have been saved,” Obama told reporters last June, referring to the bulk collection program and another program that intercepts communications overseas. “We know of at least 50 threats that have been averted because of this information.”

US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans’ communications.The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases.Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed the use of this legal authority to search for data related to “US persons”.

“There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter, which has been obtained by the Guardian.“These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.” The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a “backdoor search loophole.”Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps.

Clapper did not say how many warrantless searches had been performed by the NSA. It was not the first time the searches had been confirmed: after the Snowden leaks, the office of the director of national intelligence declassified documents that discussed the rule change. But Clapper's letter drew greater attention to the issue.Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June.“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,” Obama said. “As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.”Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans’ phone calls and emails.

The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans".The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs.

The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance.But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications.

Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data."Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said."Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."

Laura K. Donohue is a professor at Georgetown University Law Center and director of Georgetown’s Center on National Security and the Law. The National Security Agency’s recently revealed surveillance programs undermine the purpose of the Foreign Intelligence Surveillance Act, which was established to prevent this kind of overreach. They violate the Fourth Amendment’s guarantee against unreasonable search and seizure. And they underscore the dangers of growing executive power.

Another program, PRISM, disclosed by the Guardian and The Washington Post, allows the NSA and the FBI to obtain online data including e-mails, photographs, documents and connection logs. The information that can be assembledabout any one person — much less organizations, social networks and entire communities — is staggering: What we do, think and believe.The government defends the programs’ legality, saying they comply with FISA and its amendments. It may be right, but only because FISA has ceased to provide a meaningful constraint.Under the traditional FISA, if the government wants to conduct electronic surveillance, it must make a classified application to a special court, identitying or describing the target. It must demonstrate probable cause that the target is a foreign power or an agent thereof, and that the facilities to be monitored will be used by the target.In 2008, Congress added section 702 to the statute, allowing the government to use electronic surveillance to collect foreign intelligence on non-U.S. persons it reasonably believes are abroad, without a court order for each target. A U.S. citizen may not intentionally be targeted.To the extent that the FISC sanctioned PRISM, it may be consistent with the law. But it is disingenuous to suggest that millions of Americans’ e-mails, photographs and documents are “incidental” to an investigation targeting foreigners overseas.

Another program, PRISM, disclosed by the Guardian and The Washington Post, allows the NSA and the FBI to obtain online data including e-mails, photographs, documents and connection logs. The information that can be assembledabout any one person — much less organizations, social networks and entire communities — is staggering: What we do, think and believe.The government defends the programs’ legality, saying they comply with FISA and its amendments. It may be right, but only because FISA has ceased to provide a meaningful constraint.

The 29-year-old former NSA contractor and source of the Guardian's NSA files coverage will – with the help of Glenn Greenwald – take your questions today on why he revealed the NSA's top-secret surveillance of US citizens, the international storm that has ensued, and the uncertain future he now faces. Ask him anything.

I did not reveal any US operations against legitimate military targets. I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous. These nakedly, aggressively criminal acts are wrong no matter the target. Not only that, when NSA makes a technical mistake during an exploitation operation, critical systems crash. Congress hasn't declared war on the countries - the majority of them are our allies - but without asking for public permission, NSA is running network operations against them that affect millions of innocent people. And for what? So we can have secret access to a computer in a country we're not even fighting? So we can potentially reveal a potential terrorist with the potential to kill fewer Americans than our own Police? No, the public needs to know the kinds of things a government does in its name, or the "consent of the governed" is meaningless.

I was debriefed by Glenn and his peers over a number of days, and not all of those conversations were recorded. The statement I made about earnings was that $200,000 was my "career high" salary. I had to take pay cuts in the course of pursuing specific work. Booz was not the most I've been paid.

Today, the US House of Representatives passed an amendment to the Defense Appropriations bill designed to cut funding for NSA backdoors. The amendment passed overwhelmingly with strong bipartisan support: 293 ayes, 123 nays, and 1 present. Currently, the NSA collects emails, browsing and chat history under Section 702 of the FISA Amendments Act, and searches this information without a warrant for the communications of Americans—a practice known as "backdoor searches." The amendment would block the NSA from using any of its funding from this Defense Appropriations Bill to conduct such warrantless searches. In addition, the amendment would prohibit the NSA from using its budget to mandate or request that private companies and organizations add backdoors to the encryption standards that are meant to keep you safe on the web. Mark Rumold, staff attorney for the Electronic Frontier Foundation, stated:

Tonight, the House of Representatives took an important first step in reining in the NSA. The House voted overwhelmingly to cut funding for two of the NSA's invasive surveillance practices: the warrantless searching of Americans' international communications, and the practice of requiring companies to install vulnerabilities in communications products or services. We applaud the House for taking this important first step, and we look forward to other elected officials standing up for our right to privacy. Digital rights organizations, including EFF, strongly supported the amendment. We and other organizations—including Free Press, Fight for the Future, Demand Progress, and Taskforce.is—helped to organize a grassroots campaign to promote the amendment. The day before the vote, we urged friends and members to call their members of Congress through the website ShuttheBackDoor.net. Thousands responded to the call to action. We extend our heartfelt thanks to everyone who spoke out on this issue. This is a great day in the fight to rein in NSA surveillance abuses, and we hope Congress will work to ensure this amendment is in the final version of the appropriations bill that is enacted.

The High Court in Ireland has referred a review of a complaint against Facebook to Europe's top court. The complaint alleges the social network shared EU users' data with the US National Security Agency.The European Court of Justice is to assess whether EU law needs to be updated in light of the PRISM revelations, which could have a knock-on effect on tech firms from Facebook to Google. <a href="http://pubads.g.doubleclick.net/gampad/jump?iu=/6978/reg_policy/government&sz=300x250%7C300x600&tile=3&c=33U6KvJawQrMoAAAUTy6EAAAJ5&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" target="_blank"> <img src="http://pubads.g.doubleclick.net/gampad/ad?iu=/6978/reg_policy/government&sz=300x250%7C300x600&tile=3&c=33U6KvJawQrMoAAAUTy6EAAAJ5&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" alt=""></a> Austrian law student Maximillian Schrems took Facebook to court in Ireland, where the social network’s European HQ is located, over the revelations from NSA whistleblower Edward Snowden that personal data held by tech firms like Facebook was routinely being slurped by US spooks.

Schrems first asked the Irish Data Commissioner to investigate the legality of Facebook Ireland sending his info over to the States, where it could be seen by the security services, but when the commissioner refused to investigate, he sought a judicial review at the High Court.The Commissioner had ruled that Schrems didn’t have a case because he couldn’t prove that anyone had slurped his data in particular and anyway, the EU has an agreement with the US under the “Safe Harbour” principle decided way back in 2000. This principle governs data flow from Europe to United States and allows US firms to self-certify themselves as respectful of European data protection rules.High Court Justice Gerard Hogan said Schrems did not need to prove that his own data had been spied upon to make a complaint.“Quite obviously, Mr Schrems cannot say whether his own personal data has ever been accessed or whether it would ever be accessed by the US authorities,” he wrote in his ruling.

“But even if this were considered to be unlikely, he is nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the US security authorities.”However, he said that only the European Court of Justice could decide that individual member states were allowed to look past the Safe Harbour principle or reinterpret its meaning. Hogan said that Schrems, who had filed on behalf of the Europe-v-Facebook group, really had a problem with this principle and acknowledged that there may be an argument for the idea that the rule was outdated.“The Safe Harbour Regime… may reflect a somewhat more innocent age in terms of data protection,” he said. “This Regime came into force prior to the advent of social media and, of course, before the massive terrorist attacks on American soil which took place on September 11th, 2001.”

A federal judge who ordered the National Security Agency to retain all records of its secret telephone surveillance related to an ongoing case has reversed the order – just a day after it was issued. “In order to protect national security programs, I cannot issue a ruling at this time. The Court rescinds the June 5 order,” US District Judge Jeffrey White said from the bench on Friday. The NSA had been prohibited from destroying any of its records of communications surveillance on Thursday – specifically under the government’s Section 702 program. Section 702 of the Foreign Intelligence Surveillance Act (FISA) has been used by the NSA to justify widespread collection of phone calls and emails.

The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases, according to interviews with government officials and recently declassified material. In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court.

What had not been previously acknowledged is that the court in 2008 imposed an explicit ban — at the government’s request — on those kinds of searches, that officials in 2011 got the court to lift the bar and that the search authority has been used. Together the permission to search and to keep data longer expanded the NSA’s authority in significant ways without public debate or any specific authority from Congress. The administration’s assurances rely on legalistic definitions of the term “target” that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government’s approach to surveillance: collecting first, and protecting Americans’ privacy later.

“The government says, ‘We’re not targeting U.S. persons,’ ” said Gregory T. Nojeim, senior counsel at the Center for Democracy and Technology. “But then they never say, ‘We turn around and deliberately search for Americans’ records in what we took from the wire.’ That, to me, is not so different from targeting Americans at the outset.”

President Obama will shortly give a speech in which he’ll make cosmetic changes to the NSA dragnet, but will continue, in many ways, the accessing of personal data from Americans with no probable cause. As part of his cosmetic effort, he will also say there has been no evidence of abuse in these programs. That means he does not consider any of the following abuse: The NSA spied on the porn and phone sex habits of ideological opponents, including those with no significant ties to extremists, and including a US person.

According to the NSA in 2009, it had a program similar to Project Minaret — the tracking of anti-war opponents in the 1970s — in which it spied on people in the US in the guise of counterterrorism without approval. We still don’t have details of this abuse. When the NSA got FISC approval for the Internet (2004) and phone (2006) dragnets, NSA did not turn off features of Bush’s illegal program that did not comply with the FISC authorization. These abuses continued until 2009 (one of them, the collection of Internet metadata that qualified as content, continued even after 2004 identification of those abuses). Even after the FISC spent 9 months reining in some of this abuse, the NSA continued to ignore limits on disseminating US person data. Similarly, the NSA and FBI never complied with PATRIOT Act requirements to develop minimization procedures for the Section 215 program (in part, probably, because NSA’s role in the phone dragnet would violate any compliant minimization procedures).

The NSA has twice — in 2009 and 2011 — admitted to collecting US person content in the United States in bulk after having done so for years. It tried to claim (and still claims publicly in spite of legal rulings to the contrary) this US person content did not count as intentionally-collected US person content (FISC disagreed both times), and has succeeded in continuing some of it by refusing to count it, so it can claim it doesn’t know it is happening. As recently as spring 2012, 9% of the NSA’s violations involved analysts breaking standard operating procedures they know. NSA doesn’t report these as willful violations, however, because they’ve deemed any rule-breaking in pursuit of “the mission” not to be willful violations. In 2008, Congress passed a law allowing bulk collection of foreign-targeted content in the US, Section 702, to end the NSA’s practice of stealing Internet company data from telecom cables. Yet in spite of having a legal way to acquire such data, the NSA (through GCHQ) continues to steal data from some of the same companies, this time overseas, from their own cables. Arguably this is a violation of Section 702 of FISA.