In recent weeks, political support for such broad collection has sagged, and the House last week narrowly defeated a bipartisan bid to end the program, at least in its current form. On Wednesday, senior Democratic senators voiced equally strong doubts.
“This bulk-collection program has massive privacy implications,” said Senate Judiciary Committee Chairman Patrick J. Leahy (Vt.). “The phone records of all of us in this room — all of us in this room — reside in an NSA database. I’ve said repeatedly, just because we have the ability to collect huge amounts of data does not mean that we should be doing so. . . . If this program is not effective, it has to end. So far, I’m not convinced by what I’ve seen.”
Administration officials defended the collection effort and a separate program targeting foreigners’ communication as essential and operating under stringent guidelines.
“With these programs and other intelligence activities, we are constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties,” Deputy Attorney General James Cole said. “We believe these two programs have achieved the right balance.”
Cole nonetheless said the administration is open to amending the program to achieve greater public trust. Legislation is pending in the Senate that would narrow its scope.
The NSA program collecting phone records began after the September 2001 terrorist attacks and was brought under the supervision of the Foreign Intelligence Surveillance Court in 2006. But its existence remained hidden until June, when the Guardian newspaper in Britain published a classified FISC order to a U.S. phone company to turn over to the NSA all call records. Former NSA contractor Edward Snowden leaked the order to the newspaper.
On Wednesday, the Guardian published new documents provided by Snowden that outlined previously unknown features of an NSA data-retrieval system called XKeyscore. The newspaper reported that the search tool allowed analysts to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals.”
NSA slides describing the system published with the Guardian article indicated that analysts used it to sift through government databases, including Pinwale, the NSA’s primary storage system for e-mail and other text, and Marina, the primary storage and analysis tool for “metadata.” Another slide described analysts using XKeyscore to access a database containing phone numbers, e-mail addresses, log-ins and Internet user activity generated from other NSA programs.
The newspaper said the disclosures shed light on Snowden’s claim that the NSA’s surveillance programs allowed him while sitting at his desk to “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal e-mail.” U.S. officials have denied that he had such capability.
In a statement responding to the Guardian report, the NSA said “the implication that NSA’s collection is arbitrary and unconstrained is false. NSA’s activities are focused and specifically deployed against — and only against — legitimate foreign intelligence targets.” The agency further said: “Access to XKEYSCORE, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks. . . . Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.”
On Wednesday, Clapper disclosed the FISA court’s “primary” order that spells out the program’s collection rules and two reports to Congress that discussed the program, which is authorized under Section 215 of the “business records” provision of the Foreign Intelligence Surveillance Act. Administration officials released the documents to reassure critics that the program is strictly supervised and minimally invasive.
For instance, the primary order states that only “appropriately trained and authorized personnel” may have access to the records, which consist of phone numbers of calls made and received, their time and duration, but not names and content. Officials call this metadata. The order also states that to query the data, there must be “reasonable, articulable suspicion,” presumably that the number is linked to a foreign terrorist group.
But the documents fueled more concern about the program’s scope among civil liberties advocates who are pressing the administration to release the legal rationale that might explain what makes such large numbers of records relevant to an authorized investigation. Perhaps most alarming to some critics was the disclosure, in the order, that queries of the metadata return results that are placed into a “corporate store” that may then be searched for foreign intelligence purposes with fewer restrictions.
That disclosure takes on significance in light of Deputy NSA Director John C. Inglis’s testimony last month that analysts could extend their searches by “three hops.” That means that starting from a target’s phone number, analysts can search on the phone numbers of people in contact with the target, then the numbers of people in contact with that group, and then the numbers of people in contact with that larger pool. That is potentially millions of people, said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, who also testified Wednesday.
The Office of the DNI earlier released a statement that fewer than 300 numbers were queried in 2012. That could still mean potentially hundreds of millions of records, Sen. Richard J. Durbin (D-Ill.) said at the hearing.
Also, according to the order, the NSA does not need to audit the results of searches of the corporate store.
The order asserts that phone metadata could be obtained with a grand jury subpoena. That may be true for one person or even a group of people, but not for all Americans’ phone records, critics said.
Privacy advocates criticized redactions in the reports to Congress of information about the NSA’s failure to comply with its own internal rules. That is “among the most important information that the American public needs to critically assess whether these programs are proper,” said Mark Rumold, a staff lawyer at the Electronic Frontier Foundation.
At the hearing, Leahy voiced upset with the administration for suggesting that the program was as effective in thwarting terrorist plots as another NSA program, authorized under Section 702 of FISA and targeting foreigners’ communications. “I don’t think that’s a coincidence when we have people in government make that comparison, but it needs to stop,” he said of attempts to conflate the two programs’ utility.
He noted that senior officials had testified that the phone logging effort was critical to thwarting 54 plots, but after reviewing NSA material, he said that assertion cannot be made — “not by any stretch.” Pressed by Leahy on the point, Inglis admitted that the program “made a contribution” in 12 plots with a domestic nexus, but only one case came close to a “but-for” or critical contribution.
Carol D. Leonnig and William Branigin contributed to this report.