Last week, Glenn Greenwald was supposed to have published a "fireworks grand finale" NSA article drawn from documents leaked by Edward Snowden. The article was evidently going to reveal the names of various NSA surveillance targets, but as we reported on Tuesday, the article was withheld due to what Greenwald called "last-minute claims" by the government regarding national security concerns.
Fast forward to Saturday morning. The Washington Post's Barton Gellman, along with co-authors Julie Tate and Ashkan Soltani, appear to have collectively scooped Greenwald with a very similar story, titled "In NSA-intercepted data, those not targeted far outnumber the foreigners who are." The article details the collection of electronic documents with references to non-targeted individuals, as well as NSA success stories and questionable flaws.
That's not to say Greenwald won't publish his version. He will. And he'll probably include information which Gellman prudently and responsibly declined to publish due to concerns over privacy and national security. So, in the end, Greenwald will probably have a few exclusive details, but only because he's routinely been more liberal about including information that other publications have rightfully excluded.
This of course leads us to the content of the new Gellman article.
The story contains information that both vindicates NSA, along with some information that appears, at least on the surface, to raise questions about NSA's minimization procedures. After extensive research via Snowden's NSA documents, The Post reported that around 160,000 emails and text messages were collected by NSA during the Obama administration partly via the PRISM operation as was legally authorized by Section 702 of the FISA Amendments Act of 2008.
In and of itself, this doesn't seem like news.
The hyperbolic, panic-button news here is that, according to The Post, around 90 percent of the records collected were inadvertently collected from people who aren't directly targeted by NSA. Out of the 160,000 records, including emails, texts, instant messages and so forth, there were 65,000 "references" to so-called "U.S. Persons" -- citizens or foreigners living inside the U.S. To be precise, that's 65,000 references, not 65,000 individual names. Some of these references might be repeated, so the actual total number of individuals could be far fewer than 65,000.
All of these references were "minimized," meaning the email addresses and personally identifiable details were masked and encrypted per Justice Department rules designed to protect the privacy of Americans. However, The Post reported that 900 email references were not minimized and that they might be "strongly linked to U.S. citizens or U.S.residents." Later, Gellman tweeted that the records verifying the 900 unminimized references were "imperfect." A little murky, but okay, we'll give The Post the benefit of the doubt and assume that the linkage is strong enough on these 900 references. The fact that 900 references to American email addresses weren't minimized seems problematic, but Gellman failed to explain why those records weren't minimized. Is there a legally justifiable explanation? We don't know.
Now, the reason why the ratio of targeted versus non-targeted collections seems overblown is that in the course of legally targeting one person, the communications of people whom the target has contacted will also be collected and retained per the law. So to suggest that it's unusual for targeted collections to exceed non-targeted collections doesn't quite hold water.
Meanwhile, some of the minimized data is ludicrously identifiable. For example:
Some of them border on the absurd, using titles that could apply to only one man. A “minimized U.S. president-elect” begins to appear in the files in early 2009, and references to the current “minimized U.S. president” appear 1,227 times in the following four years.
Again, the article doesn't offer any explanation as to why NSA's minimization was so ridiculous here. But clearly in the absence of an adequate operational explanation, this is an area where NSA reforms might be in order.
Outside the borders of the U.S., The Post reported that NSA collected very private "intimate, even voyeuristic" information from apparently innocent foreigners with personal relationships with targets. This information includes medical records, baby pictures and intimate lingerie photos of girlfriends and the like. None of this information was linked to U.S. Persons in the article. It might be, but the article doesn't say. The Post wisely chose to not disclose the specifics of this information, but there's a massive elephant in the room here.
Edward Snowden leaked every last detail of these sordid, private communications to Glenn Greenwald, Laura Poitras and Barton Gellman, along with who knows how many other reporters. (Transparency supporters like Greenwald refuse to say how many reporters and publications have documents, or exactly how many documents each reporter has received.) While NSA has the congressionally-sanctioned legal authority to collect and retain communications from surveillance targets as well as the targets' communications with non-targets, Snowden doesn't have the authority to dump all of this private "voyeuristic" information to reporters, nor are there any real checks on the operational security measures taken by each publication.
Supporters of Greenwald and Snowden might not see the distinction, but there's a world of difference between NSA retaining this information, and private citizens like Gellman, Greenwald or even Julian Assange having access to it. Chiefly, one entity, NSA, is tasked with secret foreign intelligence gathering, while the other entities have the capability to accidentally or intentionally reveal that secret information to potentially tens of millions of people. NSA is one of the most powerful intelligence agencies in the world and yet Snowden was able to abscond with hundreds of thousands of documents (another area for reform). Comparatively, how secure are the documents being held by The Washington Post, The Guardian, The Intercept or any other of the who-knows-how-many publications where Snowden documents are being held? It's safe to assume that Der Spiegel or Pro Publica might not be anywhere near as secure as NSA.
And if outfits like Cryptome are to be believed, the entire Snowden cache might very well be horked and dumped online by industrious hackers any day now -- a possibility that could've been avoided had the information remained at Fort Meade.
Finally, while it's obvious that NSA isn't without its problems, the article revealed that the agency's surveillance operations do, in fact, work. Beyond the scare-headline and lede, the fifth and sixth paragraphs reported the following:
Among the most valuable contents — which The Post will not describe in detail, to avoid interfering with ongoing operations — are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks.
Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of Muhammad Tahir Shahzad, a Pakistan-based bomb builder, and Umar Patek, a suspect in a 2002 terrorist bombing on the Indonesian island of Bali. At the request of CIA officials, The Post is withholding other examples that officials said would compromise ongoing operations.
This is precisely why there's an NSA: weeding out secret nuclear weapons projects, apprehending terrorism suspects and protecting U.S. computer networks from malicious hackers. Coincidentally, we learned about the importance and flaws of NSA several days before The Post's article.
The Privacy and Civil Liberties Oversight Board (PCLOB) released a report last week (pdf) on this very matter and concluded that PRISM and FISA Section 702, "has been valuable and effective in protecting the nation’s security and producing useful foreign intelligence." PCLOB also concluded that "...certain aspects of the program’s implementation raise privacy concerns. These include the scope of the incidental collection of U.S. persons’ communications and the use of queries to search the information collected under the program for the communications of specific U.S. persons."
In other words, PCLOB, an oversight committee which existed before the emergence of Edward Snowden, by the way, reached a very similar conclusion to the overall point of The Post's article three days before it was published, and without the need for leaking both personal and national security secrets to reporters like Gellman and Greenwald.
As for Greenwald, it's his move now. And then we'll see how much he truly values privacy by way of what he chooses to withhold, considering how he, along with who knows how many others, have been granted the rare opportunity to gawk at the personal photos, communications and even medical records of the people whose privacy they claim to be defending.
Adding... Greenwald has always asserted that Snowden stole roughly 50,000 documents. But these electronic communications alone total 160,000.
UPDATE: Barton Gellman clarified on Twitter that the mentions of "minimized U.S. president" were other targets mentioning Obama -- not that NSA was targeting Obama.
A couple things on this. First of all, the 1,200 references to Obama proves my theory that, yes, the 65,000 minimized U.S. Persons included repeat mentions of the same individuals -- not 65,000 total individuals. Also, why wasn't this clarified in the article itself? Decide for yourself whether it was deliberately vague or just an error. But I wonder how many people who read The Post article also follow Gellman on Twitter.