And what happens when the N.S.A. realizes that it is reading and listening to an American’s communications? It is supposed to stop, at least until it gets a different kind of FISA order—which, based on what it has already heard, may be all the easier. And if it finds something that is interesting in any one of a half-dozen ways, it can analyze the communications further, and hold on to them for five years. Maybe an American’s e-mails contain “significant foreign intelligence information”; or maybe they don’t, but are “reasonably believed” to contain evidence of a crime. There are a lot of crimes on the books, and the N.S.A. is also allowed to count one it thinks might be “about to be committed.” It can also “disseminate” the information to other agencies, and find out more about the American if it seems that the person might have access to secrets, or be a target of foreigners, or just do business with them. This includes communications between someone under indictment and his or her lawyer—the words can’t be used in a prosecution, but can be to gather intelligence. And what the N.S.A. happens to see can also be used in leak investigations.
Does this still seem too narrow, not enough to keep us all safe? The documents note that the private data of Americans that the N.S.A. can hold on to “include electronic communications acquired because of limitations on NSA’S ability to filter communications.” In other words, if it fails to fine-tune its targeting, it can keep what it sweeps up anyway. Also, if the N.S.A. decides on its own that there is an “immediate threat,” it can temporarily put all these minimization procedures aside and figure it out later.