The opinion signed by Judge Colleen Kollar-Kotelly permitted the NSA to gather in bulk information about e-mail and other forms of Internet communication such as e-mail addresses, but not the content. Its true scope, however, was unclear. Three pages describing the categories of “metadata” that the NSA proposed to collect were redacted.
Although the date was blacked out, the opinion appeared to be the order that placed the NSA’s Internet metadata program under court supervision in July 2004, according to an NSA inspector general report leaked this year by former NSA contractor Edward Snowden.
Prior to that date, the NSA had been collecting the e-mail records without court or congressional approval as part of a secret terrorist surveillance program authorized by President George W. Bush in the wake of the September 2001 terrorist attacks.
The 87-page order lays out what was apparently the initial, albeit by-now familiar, argument for bulk collection under the Foreign Intelligence Surveillance Act and the court’s reasons for accepting it. Kollar-Kotelly found that a relatively low standard of “relevance” to collect the information was necessary “to permit, as is the case in criminal investigations, the use of this very valuable investigative tool at the critical early stages of foreign intelligence and international terrorism investigations.”
She acknowledged that the volume of data collected would be “enormous,” though the amount estimated by the NSA was redacted. And she said the NSA asserted that it needed such massive amounts of data to identify unknown people who may be in contact with terrorists’ whose e-mail addresses would be used to search the database. “Analysts know that terrorists’ e-mails are located somewhere in the billions of data bits; what they cannot know ahead of time is exactly where,” the judge wrote.
The judge said the NSA could use two methods to search the data. One is “contact-chaining,” or using computer algorithms to identify all e-mail accounts that have been in contact with the suspect’s e-mail account, as well as all accounts that have been in contact with an account in that first tier of results. The second method was redacted.
Kollar-Kotelly said Americans do not have a reasonable expectation of privacy for the metadata they generate, citing Supreme Court cases, including a 1979 case, Smith v. Maryland
She issued her opinion under what is known as the “pen-
register/trap and trace” provision of FISA. A similar analysis to justify NSA’s massive collection of telephone metadata has been made under a different FISA provision.
The two groups whose Freedom of Information Act lawsuits helped force disclosure of the documents expressed dismay about the court’s interpretation of the law.
“On the logic of these opinions, almost every digital footprint we leave behind can be vacuumed up by the government — who we talk to, what we read, where we go online,” said Patrick Toomey, American Civil Liberties Union staff attorney. “Like previous releases, these materials show the danger of a government that sidesteps public debate and instead grounds its surveillance powers in the secret opinions of a secret court. The more we learn, the clearer it is that our surveillance laws and oversight rules are in dramatic need of reform.”
Mark Rumold, staff attorney for the Electronic Frontier Foundation, said the latest release mirrored previous releases of documents by the director of national intelligence in which the court “signed off on constitutionally questionable orders that affected the privacy rights of millions of Americans.”
Clapper said in a statement that the release of the documents “reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States.”
The releases included a memo sent to the House and Senate intelligence committees in 2009 in which the NSA acknowledged that it had failed to abide by court-imposed “minimization” rules designed to protect the privacy of U.S. citizens.
In particular, the NSA admitted that it had improperly allowed about 200 analysts from the CIA, the FBI and the National Counterterrorism Center to have access to sensitive reports that were largely based on trails of e-mail communications among millions of Internet users, many of them Americans.
The reports did not include e-mail content, according to the notice sent to the committees, but disseminating the data “was not consistent with” orders from the surveillance court.
That violation became part of a broader pattern of NSA problems, prompting the FISA Court to express “grave concern over the lack of apparent NSA compliance with the Court ordered minimization procedures,” according to the notice sent to the committees.
The memo also pointed to another significant compliance issue: a practice adopted by the NSA in which it deemed a series of “selectors,” or search terms, as legitimate targets for further scrutiny in its massive databases as long as the terms were somehow related.
It is not clear from the document whether the “selectors” in this case were various identifiers for a single individual, or names of others in contact with that initial target.
In effect, the NSA was going beyond the FISA Court’s rules that the agency only search selectors when it could demonstrate a “reasonable articulable suspicion” of a link to terrorism or other legitimate foreign intelligence purpose.
The Justice Department filed a notice of non-compliance with the FISA Court after discovering the practice, according to the documents.
The files also reveal that in recent years the NSA was actively “exploring the possibility” of building a database that would include detailed information on the locations from which people including U.S. citizens made cellular phone calls.
In a memo sent to a staff member of the Senate Intelligence Committee, the NSA made clear that it believed it had the legal authority to track such location information in addition to the existing metadata it was already collecting on the number and durations of billions of phone calls.
The disclosure indicates that U.S. intelligence officials were more aggressively pursuing the collection of such locational data than they have publicly acknowledged.
In the wake of the Snowden leaks, NSA Director Keith Alexander has said that the NSA briefly conducted a test program to collect a sample of location data from one cellular service provider, but emphasized that the effort was abandoned.
The newly released memo, which was written in response to questions from the Senate Intelligence Committee, said however that the NSA was considering “acquiring such mobility data under this program in the near future under the authority currently granted by the [FISA] Court.”
Much of the document’s text was blacked out.
Carol D. Leonnig contributed to this report.