Nine of 10 online communications intercepted by the National Security Agency were ordinary American and non-American Internet users, not legally targeted foreigners, according to an investigative report by the Washington Post on Saturday.
As part of a four-month investigation, The Post received a “large cache of intercepted coversations” from former NSA contractor and whistleblower Edward Snowden. The Post said it reviewed “roughly 160,000 intercepted email and instant message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.”
According to The Post, the surveillance files from US digital networks included names, email addresses or other details that the NSA marked as belonging to US citizens. The material spans from 2009 to 2012.
While some of the files are legitimate and led directly to the capture of several terrorists, including the 2011 capture in Abbottabad of Pakistan-based bomb builder Muhammad Tahir Shahzad, other files retained were described as useless by NSA analysts with “a startlingly intimate, even voyeuristic quality.”
“They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless,” The Post reports. Some of the data includes resumes from job hunters, academic transcripts from students, and photos showing women in bikini tops and shorts suggestively leaning into webcams.
The investigation by The Post confirms that the broad data collection by the NSA enables it to collect data on ordinary American citizens, data that even its own analysts define as useless. As the NSA continues to defend collecting mass amounts of data in the name of protecting the US from terrorist threats, more measures need to be put in place to protect its citizens from privacy intrustions by their own government.
Last month, the US House of Representatives voted in favor of a proposal that would essentially block government authorities from conducting warrantless searches on the data of US citizens, and stop the CIA and NSA from creating software and hardware backdoors for spying. There are still many outstanding issues, including reworking the limits on foreign surveillance.
The actions by the NSA continue to have an impact on the domestic hosting and cloud business, as 31 percent of IT decision makers are migrating data to locations where the business knows it will be safe.
According to The Post, the NSA may legally target only foreign nationals located overseas unless it obtains a warrant based on probable cause from a special surveillance court. However, the NSA obtains content intercepted incidentally from third-parties, and is permitted to “retain, store, search and distribute to its government customers.”
The report said that internal communications show supervisors reminding analysts that PRISM and Upstream collection have a lower standard for foreigness standard of proof than a traditional surveillance warrant from a FISA judge. The former requires reasonable believe rather than probable cause.
The NSA did attempt to mask or minimize the terms that identify possible, potential or probable US persons, along with US companies, including beverage companies, universities, fast food restaurants and webmail hosts, The Post said.
Analysts used other rational to determine if a target is foreign, including their emails being written in a foreign language (a quality shared by tens of millions of Americans, The Post points out), or an overseas IP address. This, of course, is misleading as many US citizens use alternate IPs to stream content unavailable in the country, for example.