A Surveillance Primer: What Exactly Are We Talking About Regarding the NSA?
So I’d like to take some time to explain in general terms the NSA program that everyone is screaming about.
By the way, I fully realize that the paranoid pro-Snowden crowd will insist that I’m lying or shilling for the government or both. Clearly there’s no way to respond to conspiracy theories other than to demand hard evidence. Beyond that, I can only concur with Charles Johnson who tweeted that many of the pro-Snowden people are deliberately misunderstanding what’s going on to suit their own agenda. I don’t intend to convince any of those people as they’re nestled within their own epistemic cocoons. But I think the summary below will be helpful to the rest of us who aren’t necessarily surveillance experts.
Let’s begin by defining metadata.
Phone metadata: This includes the “call pairs” — the two phone numbers on a call, plus the date, length and duration of the call.
Email metadata: The “to” and “from” email addresses, along with the IP addresses and subject lines. Basically it’s the same information you’d see on the envelope of a postal letter.
Similar metadata is collected for text messages, Facebook DMs and the like. The purpose of metadata is to weed out your cat meme emails, which NSA doesn’t care about nor does it read or retain, and to zero in on real suspects for targeted surveillance (which, as you’ll read below, requires an individual warrant for U.S. persons).
What is “minimization?” This is the procedure NSA uses to safeguard the privacy of American citizens. Part of this process includes the anonymization/encryption of personal information, transforming proper names, for example, into random strings of characters called “designators.” Eichenwald described minimization like so:
If information about specific Americans (or even foreigners inside the United States) is captured, those details must be removed from all records and cannot be shared with any other entity in the government unless it is necessary to understand and interpret related foreign intelligence or to protect lives from criminal threats.
Now for the NSA “bombshells.”
STELLAR WIND (Phone)
What is it? NSA’s collection of phone call metadata, but it also once included email metadata (see below). One aspect of this program was released by Snowden and Greenwald regarding Verizon phone records, but it’s not nearly the first time we became aware of NSA’s collection of phone metadata. (Here’s a random Google search for pertinent news articles about “NSA metadata collection” between 2001 and 2012.)
Who does it target? Foreign terrorists. Reminder: NSA is solely tasked with gathering foreign intelligence — not domestic criminal investigations or surveillance.
Is this legal? Yes, per the USA PATRIOT Act, Section 215. Opponents argue that NSA is taking the section too far. (Whatever you or I might think of the PATRIOT Act, legal is legal. Snowden himself said, “We’re a nation of laws, not of men.”)
Is the collection of phone metadata constitutional? Generally, yes. In 1979, the Supreme Court ruled in Smith v Maryland that once you send your data (phone number, etc) to a third party, you’ve relinquished your expectation of privacy because you’re voluntarily giving your data to the phone company.
Are there warrants? Technically, yes. The FISA court (FISC) issues bulk warrants every 90 days. It’s important to note that if NSA or FBI determines probable cause and decides to engage in the targeted surveillance of an American citizen’s phone calls, it must attain an individual warrant from a FISC judge, just as any law enforcement agency would do in a criminal investigation.
Is this Stellar Wind about wiretapping citizens, and can NSA listen to your calls? No. Not without very complicated, multi-layered approvals and individual warrants.
Is there oversight? Yes. Oversight is conducted by FISC, the Justice Department, House and Senate Intelligence Committees and the Privacy and Civil Liberties Oversight Board, which has existed since 2004. In 2009, the Obama/Holder Justice Department beefed up privacy safeguards following “routine oversight” of the program.
What can you do if you don’t like it? Get rid of your evil, corporate smartphone service and buy pre-paid cellphones (not with your credit card, which stores data that’s far more detailed than any government agency).
STELLAR WIND (Email)
What is it? NSA’s collection of email metadata.
Who does it target? Foreign terrorists.
Are there warrants? Yes.
What’s the status of this program? I’m stopping here because, according to documents released by Greenwald, this facet of Stellar Wind was discontinued by the Obama administration in 2011. Greenwald also reported that Stellar Wind “did not include the content of emails.”
What is it? A database management system for internet communications metadata acquired via Google, Microsoft, Apple, Facebook, Yahoo! and other so-called “tech giant” corporations. PRISM is part of the STELLAR WIND operation. The purpose is to weed out massive amounts of internet metadata in order to subsequently target the communications of potential terrorists.
What is it not? Contrary to some articles, PRISM isn’t a “program” or “operation.” And contrary to Greenwald’s initial reporting, PRISM doesn’t “tap” into corporate servers, nor does PRISM involve “direct access” to those servers.
Is PRISM secret? No. PRISM was publicly authorized by Section 702 of the FISA Amendments Act in 2008. Then-Senator Obama voted for the act.
Who does it target? Foreign terrorists. There are currently 117,675 foreign targets in the database.
Are there warrants? There are FISC subpoenas and warrants for the information.
What about American citizens? According to the FISA Amendments Act, Section 702, Americans can’t be “intentionally targeted” without individual warrants. Any metadata that’s inadvertently collected is encrypted/anonymized and destroyed.
Is there content? Only if an individual warrant is issued by a FISC judge.
Is there oversight? Yes. Oversight is conducted by FISC, the Justice Department, House and Senate Intelligence Committees, the Privacy and Civil Liberties Oversight Board and the legal departments of each tech corporation.
What can you do if you don’t like it? Install encryption software like Tor on your computer and email client (warning: this will slow down your internet performance). Stop using free email services. Delete your Facebook account. The pisser is that even if you jump through all of these hoops, you still have to file tax returns, which is another example of the government acquiring your private information. You also might have a bank account or a credit card. You probably have health insurance, too. Each of these outfits, and many more, have far more extensive and intrusive data than NSA.
So I think that covers most of it. There are other foreign intelligence gathering operations, of course, but the above “bombshell” items are central to all of the recent hooplah and garment rending. I can’t emphasize enough how counterproductive, misleading and irresponsible it is to go around screeching about how the government is spying on you or targeting you or following your every keystroke. Unless there’s probable cause and a warrant, it’s not. And understanding what’s really happening free from the fog of outrage is a solid first step toward having a much-needed debate about NSA and FISC based upon rational, reasonable terms. Otherwise, nothing good will come out of this.
I’d like to acknowledge several writers who have done much of the heavy lifting to explain what’s really happening without all of the scare-words and link-bait hyperbole that’s indicative of the pro-Snowden, pro-Greenwald crowd: our own J.M. Ashby, Josh Marshall, Charles Johnson, Kurt Eichenwald and former NSA senior intelligence analyst John Schindler. While I’m here, author James Bamford published two informative pre-9/11 volumes, The Puzzle Palace and Body of Secrets, about both the history of NSA and the precursors to the program outlined above.
Adding… I welcome any reasonable, factual corrections to the above information.