The Justice Department in 2012 granted approval to the National Security Agency to target foreign hackers overseas under a law that authorizes the agency with court permission to receive e-mails and other Internet traffic from U.S. tech companies, according to new documents.
But the NSA Office of General Counsel raised concerns internally that collection at the Internet backbone in the United States could “potentially include so much” information of Americans that the data should be segregated. It is unclear if that happened.
The legal office suggested that the information be used only by analysts who monitor foreign hacker activity, according to the documents, which were leaked by former NSA contractor Edward Snowden.
The documents were published Thursday by the New York Times and ProPublica. They show an agency whose job is to gather electronic intelligence on foreign adversaries grappling with the exponential growth in hacker activity targeting U.S. computer networks.
The law in question is Section 702 of the FISA Amendments Act, passed in 2008. That law put under court oversight a program of warrantless surveillance begun shortly after the Sept. 11, 2001, terrorist attacks.
The law also expanded the government’s surveillance authority in this area, allowing the NSA to collect not only communications of foreign terrorist groups but also those that pertain to foreign intelligence generally. That meant Section 702 became useful for a wide variety of espionage, from spying on proliferators of nuclear weapons to learning the intentions of Russian and Chinese officials.
The NSA began to notice a “huge collection gap against cyberthreats to the nation,” according to the documents, because under the law it could target foreign hackers who could be linked to a foreign government or terrorist group, but not those who could not.
Thus in May and July 2012, the Justice Department approved the targeting of “certain [hacker] signatures” and certain Internet addresses, although a definitive link to a foreign power may be difficult to establish. Signatures are patterns of computer activity or strings of computer code that indicate the presence of a hacker.
“Hacker signatures pull in a lot,” said one slide from the general counsel’s office. “Worst thing” the NSA could do is to “turn” the data-gathering system to collect on a U.S. hacker, it said. Such “incidental” collection on someone who is not a lawful target “is a violation of law,’’ the slide said.
“The Director of National Intelligence recently described the cyber threat facing the United States as ‘increasing in frequency, scale, sophistication and severity of impact,’ ” DNI spokesman Brian Hale said in a statement. “Against that backdrop, it should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies.”
Hale added: The NSA “cannot target anyone under the court-approved procedures unless there is an appropriate, and documented, foreign intelligence purpose.” The efforts of foreign hackers to penetrate U.S. networks constitute a lawful foreign intelligence purpose, he said.
A former senior national security official, who spoke on the condition of anonymity to discuss classified matters, put it another way:
“The American public would be shocked if the government weren’t targeting foreign hackers.”
The Foreign Intelligence Surveillance Court, which oversees the application of Section 702, is aware of the Justice Department’s 2012 interpretation of the law, the former official said.
The House and Senate intelligence committees also were briefed on it, the official said.