James Bamford is the author of three books on the NSA, including “The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America.”

When the National Security Agency was created through a top-secret memorandum signed by President Harry Truman in 1952, the agency was so secret that only a few members of Congress knew about it. While the NSA gradually became known over the decades, its inner workings remain extremely hidden, even with the recent leaks about its gathering of Americans’ phone records and tapping into data from the nine largest Internet companies. Let’s pull back the shroud a bit to demystify this agency.

1. The NSA is allowed to spy on everyone, everywhere.

After his release of documents to the Guardian and The Washington Post, former NSA contractor Edward Snowden said, “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant to a federal judge to even the president if I had a personal e-mail.”

But Snowden probably couldn’t eavesdrop on just about anyone, including the president, without breaking the law. The Foreign Intelligence Surveillance Act forbids the NSA from targeting U.S. citizens or legal residents without an order issued by the Foreign Intelligence Surveillance Court. This applies whether the person is in the United States or overseas. According to documents from Snowdenpublished by The Post and the Guardian on Thursday, if agency employees pick up the communications of Americans incidentally while monitoring foreign targets, they are supposed to destroy the information unless it contains “significant foreign intelligence” or evidence of a crime.

What’s technically feasible is a different matter. Since 2003, the NSA has been able to monitor much of the Internet and telephone communication entering, leaving and traveling through the United States with secret eavesdropping hardware and software installed at major AT&T switches, and probably those of other companies, around the country.

2. The courts make sure that what the NSA does is legal.

This is part of the NSA’s mantra. Because both the surveillance court and the activities it monitors are secret, it’s hard to contradict. Yet we know about at least one transgression since Congress created the court in 1978 in response to the NSA’s previous abuses.

Under the court’s original charter, the NSA was required to provide it with the names of all U.S. citizens and residents it wished to monitor. Yet the George W. Bush administration issued a presidential order in 2002 authorizing the NSA to eavesdrop without court-approved warrants.

After the New York Times exposed the warrantless wiretapping program in 2005, Congress amended the law to weaken the court’s oversight and incorporate many of the formerly illegal eavesdropping activities conducted during the Bush years. Rather than individual warrants, the court can now approve vast, dragnet-style warrants, or orders, as they’re called. For example, the first document released by the Guardian was a top-secret order from the court requiring Verizon to hand over the daily telephone records of all its customers, including local calls.

3. Congress has a lot of oversight over the NSA.

This is the second part of the mantra from NSA Director Keith Alexander and other senior agency officials. Indeed, when the congressional intelligence committees were formed in 1976 and 1977, their emphasis was on protecting the public from the intelligence agencies, which were rife with abuses.

Today, however, the intelligence committees are more dedicated to protecting the agencies from budget cuts than safeguarding the public from their transgressions. Hence their failure to discover the Bush administration’s warrantless wiretapping activity and their failure to take action against the NSA’s gathering of telephone and Internet records.

4. NSA agents break into foreign locations to steal codes and plant bugs.

According to intelligence sources, a number of years ago there was a large debate between the NSA and the CIA over who was responsible for conducting “black-bag jobs” — breaking into foreign locations to plant bugs and steal hard drives, or recruiting local agents to do the same. The NSA argued that it was in charge of eavesdropping on communications, known as signals intelligence, and that the data on hard drives counts. But the CIA argued that the NSA had responsibility only for information “in motion,” while the CIA was responsible for information “at rest.” It was eventually decided that the CIA’s National Clandestine Service would focus on stealing hard drives and planting bugs, and the NSA, through a highly secret unit known as Tailored Access Operations, would steal foreign data through cyber-techniques.

5. Snowden could have aired his concerns internally rather than leaking the documents.

I’ve interviewed many NSA whistleblowers, and the common denominator is that they felt ignored when attempting to bring illegal or unethical operations to the attention of higher-ranking officials. For example, William Binney and several other senior NSA staffers protested the agency’s domestic collection programs up the chain of command, and even attempted to bring the operations to the attention of the attorney general, but they were ignored. Only then did Binney speak publicly to me for an article in Wired magazine.

In a Q&A on the Guardian Web site, Snowden cited Binney as an example of “how overly-harsh responses to public-interest whistle-blowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrong-doing simply because they’ll be destroyed for it: the conscience forbids it.”

And even when whistleblowers bring their concerns to the news media, the NSA usually denies that the activity is taking place. The agency denied Binney’s charges that it was obtaining all consumer metadata from Verizon and had access to virtually all Internet traffic. It was only when Snowden leaked the documents revealing the phone-log program and showing how PRISM works that the agency was forced to come clean.


Read more from Outlook, friend us on Facebook, and follow us on Twitter.