A U.S. National Security Agency surveillance program focused on overseas telephone and email communications is targeted and narrow, and not the bulk collection portrayed in numerous news reports from recent months, U.S. officials told a privacy watchdog board Wednesday.
Contrary to denials from many technology companies, the NSA's foreign surveillance programs authorized by section 702 of the FISA Amendments Act have the participation of those vendors, officials with the U.S. intelligence community told the U.S. Privacy and Civil Liberties Oversight Board (PCLOB).
Internet service providers and other technology companies "would have received legal process" documents when the NSA wanted to conduct surveillance on their customers, said Rajesh De, the NSA's general counsel. The NSA collects communications to and from certain email and telephone targets, with assistance from communications providers, and it also engages in upstream collection from the "Internet backbone," De said.
The picture U.S. officials painted to the PCLOB about NSA foreign surveillance efforts is very different from news reports based on leaks from former NSA contractor Edward Snowden over the past nine months.
Just a day after the Washington Post reported that the NSA has built a surveillance system capable of recording all of a foreign country's telephone calls, officials said the agency's surveillance programs focused on foreign communications don't target entire regions or countries but rather specific email addresses and telephone numbers.
The overseas programs are not bulk collection, added Robert Litt, general counsel in the Office of the Director of National Intelligence. Bulk collection is "getting a whole bunch of communications, hanging onto them, and then figuring out later what you want," he said. "This is not that. This is a situation where we figure out what we want, and we get that specifically."
To target a person under the overseas programs, the NSA needs "reason to believe" the communications are relevant to a foreign intelligence purpose.
Numerous press reports based on information from Snowden have suggested the NSA, through a program called Prism, is sifting through the servers of nine technology companies, including Microsoft, Google, Facebook and Apple. Most of those companies have denied giving the NSA access to their servers.
The NSA has also intercepted Internet communications in transit, planned to distribute surveillance malware targeting millions of computers and intercepted the mobile phone calls of millions of people, according to leaks from Snowden.
While officials from the NSA, ODNI and the Department of Justice denied reports that they are collecting overseas communications in bulk, others testifying at the PCLOB hearing voiced skepticism. The intelligence officials appear to be using a narrow definition of collection by suggesting that intercepting emails and telephone calls doesn't constitute collection, said Jameel Jaffer, deputy legal director of American Civil Liberties Union.
It would be difficult for the NSA to target communications about specific people, as the agency says it does, without having broader access to Internet or telephone traffic, he said.
"My understanding is there is no way to engage in 'about' surveillance without inspecting, in some sense, every communication within the universe of those that you are monitoring," he said. "You can call that bulk collection, or you could call that something else, but that scanning of every communication in a particular universe raises constitutional issues."
Jaffer and two other witnesses told the privacy board the NSA programs violate the Fourth Amendment to the U.S. Constitution, which protects U.S. residents against unreasonable searches and seizures. While the NSA says it does not target U.S. residents, there are few procedures in place to keep the agency from collecting information about U.S. residents, said Laura Donohue, a professor at the Georgetown University Law School.
In addition, the underlying law puts few limits on the NSA sharing information it has collected with law enforcement agencies in the U.S., she said.
Because the NSA foreign surveillance programs target people reasonably believed to be overseas, there is no Fourth Amendment issue, countered ODNI's Litt. People who live outside the U.S. "do not have rights under the Fourth Amendment," he said. "The Constitution does not require individualized warrants to target them."
Litt called the overseas surveillance programs important for U.S. national security. The overseas surveillance program is "one of the most valuable collection tools that we have," he said. "It is one of our most important sources of information, not only about terrorism, but about a wide variety of other threats to our nation."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.