N.S.A. Gets More Latitude to Share Intercepted Communications
James R. Clapper, center, former director of US National Intelligence, with Adm. Michael S. Rogers, right, director of the National Security Agency, during a Senate hearing in January 2017. Credit Stephen Crowley/The New York Times
In its final days, the Obama administration had expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.
The rules significantly relaxed longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.
The change means that far more officials are searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.
Former Attorney General Loretta E. Lynch signed the rules permitting the N.S.A. to disseminate “raw signals intelligence information” on Jan. 3, after the director of national intelligence, James R. Clapper Jr., signed them on Dec. 15, 2016, according to a 23-page, largely declassified copy of the procedures.
Previously, the N.S.A. filtered information before sharing intercepted communications with another agency, like the C.I.A. or the intelligence branches of the F.B.I. and the Drug Enforcement Administration. The N.S.A.’s analysts passed on only information they deemed pertinent, screening out the identities of innocent people and irrelevant personal information.
Now, other intelligence agencies will be able to search directly through raw repositories of communications intercepted by the N.S.A. and then apply such rules for “minimizing” privacy intrusions.
“This is not expanding the substantive ability of law enforcement to get access to signals intelligence,” said Robert S. Litt, the general counsel to Mr. Clapper. “It is simply widening the aperture for a larger number of analysts, who will be bound by the existing rules.”
But Patrick Toomey, a lawyer for the American Civil Liberties Union, called the move an erosion of rules intended to protect the privacy of Americans when their messages are caught by the N.S.A.’s powerful global collection methods. He noted that domestic internet data was often routed or stored abroad, where it may get vacuumed up without court oversight.
“Rather than dramatically expanding government access to so much personal data, we need much stronger rules to protect the privacy of Americans,” Mr. Toomey said. “Seventeen different government agencies shouldn’t be rooting through Americans’ emails with family members, friends and colleagues, all without ever obtaining a warrant.”
The N.S.A. has been required to apply similar privacy protections to foreigners’ information since early 2014, an unprecedented step that President Obama took after the disclosures of N.S.A. documents by the former intelligence contractor Edward J. Snowden. The other intelligence agencies will now have to follow those rules, too.
Under the new system, agencies ask the N.S.A. for access to specific surveillance feeds, making the case that they contain information relevant and useful to their missions. The N.S.A. grants requests it deems reasonable after considering factors like whether large amounts of Americans’ private information might be included and, if so, how damaging or embarrassing it would be if that information were “improperly used or disclosed”.
The move is part of a broader trend of tearing down bureaucratic barriers to sharing intelligence between agencies that dates back to the aftermath of the terrorist attacks of Sept. 11, 2001. In 2002, the Foreign Intelligence Surveillance Court secretly began permitting the N.S.A., the F.B.I. and the C.I.A. to share raw intercepts gathered domestically under the Foreign Intelligence Surveillance Act.
After Congress enacted the FISA Amendments Act – which legalized warrantless surveillance on domestic soil so long as the target is a foreigner abroad, even when the target is communicating with an American – the court permitted raw sharing of emails acquired under that program, too.
In July 2008, the same month Congress passed the FISA Amendments Act, President George W. Bush modified Executive Order 12333, which sets rules for surveillance that domestic wiretapping statutes do not address, including techniques that vacuum up vast amounts of content without targeting anybody.
After the revision, Executive Order 12333 said the N.S.A. could share the raw fruits of such surveillance after the director of national intelligence and the attorney general, coordinating with the defense secretary, agreed on procedures. It took another eight years to develop those rules.
The Times first reported the existence of those deliberations in 2014 and later filed a Freedom of Information Act lawsuit for documents about them. It ended that case in February 2016, and Mr. Litt discussed the efforts in an interview at that time, but declined to divulge certain important details because the rules were not yet final or public.
Among the most important questions left unanswered in February was when analysts would be permitted to use Americans’ names, email addresses or other identifying information to search a 12333 database and pull up any messages to, from or about them that had been collected without a warrant.
There is a parallel debate about the FISA Amendments Act’s warrantless surveillance program. National security analysts sometimes search that act’s repository for Americans’ information, as do F.B.I. agents working on ordinary criminal cases. Critics call this the “backdoor search loophole” and some lawmakers want to require a warrant for such searches.
By contrast, the 12333 sharing procedures allow analysts, including those at the F.B.I., to search the raw data using an American’s identifying information only for the purpose of foreign intelligence or counterintelligence investigations, not for ordinary criminal cases. And they may do so only if one of several other conditions are met, such as a finding that the American is an agent of a foreign power.
However, under the rules, if analysts stumble across evidence that an American has committed any crime, they send it to the Justice Department.
The limits on using Americans’ information gathered under Order 12333 do not apply to metadata: logs showing who contacted whom, but not what they said. Analysts at the intelligence agencies may study social links between people, in search of hidden associates of known suspects “without regard to the location or nationality of the communicants”.
November 15, 2017