Government unveils secret order to Verizon

Obama administration officials faced deepening political skepticism Wednesday about a far-reaching counterterrorism program that collects millions of Americans’ phone records, even as they released newly declassified documents in an attempt to spotlight privacy safeguards.

The previously secret material — a court order and reports to Congress — was released by Director of National Intelligence James R. Clapper as a Senate Judiciary Committee hearing opened Wednesday morning in which lawmakers sharply questioned the efficacy of the collection of bulk phone records. A senior National Security Agency official conceded that the surveillance effort was the primary tool in thwarting only one plot — not the dozens that officials had previously suggested.

In recent weeks, political support for such broad collection has sagged, and the House last week narrowly defeated a bipartisan bid to end the program, at least in its current form. On Wednesday, senior Democratic senators voiced equally strong doubts.

“This bulk-collection program has massive privacy implications,” said Senate Judiciary Committee Chairman Patrick J. Leahy (Vt.). “The phone records of all of us in this room — all of us in this room — reside in an NSA database. I’ve said repeatedly, just because we have the ability to collect huge amounts of data does not mean that we should be doing so. . . . If this program is not effective, it has to end. So far, I’m not convinced by what I’ve seen.”

Administration officials defended the collection effort and a separate program targeting foreigners’ communication as essential and operating under stringent guidelines.

“With these programs and other intelligence activities, we are constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties,” Deputy Attorney General James Cole said. “We believe these two programs have achieved the right balance.”

Cole nonetheless said the administration is open to amending the program to achieve greater public trust. Legislation is pending in the Senate that would narrow its scope.

The NSA program collecting phone records began after the September 2001 terrorist attacks and was brought under the supervision of the Foreign Intelligence Surveillance Court in 2006. But its existence remained hidden until June, when the Guardian newspaper in Britain published a classified FISC order to a U.S. phone company to turn over to the NSA all call records. Former NSA contractor Edward Snowden leaked the order to the newspaper.

On Wednesday, the Guardian published new documents provided by Snowden that outlined previously unknown features of an NSA data-retrieval system called XKeyscore. The newspaper reported that the search tool allowed analysts to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals.”

NSA slides describing the system published with the Guardian article indicated that analysts used it to sift through government databases, including Pinwale, the NSA’s primary storage system for e-mail and other text, and Marina, the primary storage and analysis tool for “metadata.” Another slide described analysts using XKeyscore to access a database containing phone numbers, e-mail addresses, log-ins and Internet user activity generated from other NSA programs.

The Foreign Intelligence Surveillance Court

The newspaper said the disclosures shed light on Snowden’s claim that the NSA’s surveillance programs allowed him while sitting at his desk to “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal ­e-mail.” U.S. officials have denied that he had such capability.

In a statement responding to the Guardian report, the NSA said “the implication that NSA’s collection is arbitrary and unconstrained is false. NSA’s activities are focused and specifically deployed against — and only against — legitimate foreign intelligence targets.” The agency further said: “Access to XKEYSCORE, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks. . . . Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.”

On Wednesday, Clapper disclosed the FISA court’s “primary” order that spells out the program’s collection rules and two reports to Congress that discussed the program, which is authorized under Section 215 of the “business records” provision of the Foreign Intelligence Surveillance Act. Administration officials released the documents to reassure critics that the program is strictly supervised and minimally invasive.

For instance, the primary order states that only “appropriately trained and authorized personnel” may have access to the records, which consist of phone numbers of calls made and received, their time and duration, but not names and content. Officials call this metadata. The order also states that to query the data, there must be “reasonable, articulable suspicion,” presumably that the number is linked to a foreign terrorist group.

But the documents fueled more concern about the program’s scope among civil liberties advocates who are pressing the administration to release the legal rationale that might explain what makes such large numbers of records relevant to an authorized investigation. Perhaps most alarming to some critics was the disclosure, in the order, that queries of the metadata return results that are placed into a “corporate store” that may then be searched for foreign intelligence purposes with fewer restrictions.

That disclosure takes on significance in light of Deputy NSA Director John C. Inglis’s testimony last month that analysts could extend their searches by “three hops.” That means that starting from a target’s phone number, analysts can search on the phone numbers of people in contact with the target, then the numbers of people in contact with that group, and then the numbers of people in contact with that larger pool. That is potentially millions of people, said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, who also testified Wednesday.

The Office of the DNI earlier released a statement that fewer than 300 numbers were queried in 2012. That could still mean potentially hundreds of millions of records, Sen. Richard J. Durbin (D-Ill.) said at the hearing.

Also, according to the order, the NSA does not need to audit the results of searches of the corporate store.

The order asserts that phone metadata could be obtained with a grand jury subpoena. That may be true for one person or even a group of people, but not for all Americans’ phone records, critics said.

Privacy advocates criticized redactions in the reports to Congress of information about the NSA’s failure to comply with its own internal rules. That is “among the most important information that the American public needs to critically assess whether these programs are proper,” said Mark Rumold, a staff lawyer at the Electronic Frontier Foundation.

At the hearing, Leahy voiced upset with the administration for suggesting that the program was as effective in thwarting terrorist plots as another NSA program, authorized under Section 702 of FISA and targeting foreigners’ communications. “I don’t think that’s a coincidence when we have people in government make that comparison, but it needs to stop,” he said of attempts to conflate the two programs’ utility.

He noted that senior officials had testified that the phone logging effort was critical to thwarting 54 plots, but after reviewing NSA material, he said that assertion cannot be made — “not by any stretch.” Pressed by Leahy on the point, Inglis admitted that the program “made a contribution” in 12 plots with a domestic nexus, but only one case came close to a “but-for” or critical contribution.

Carol D. Leonnig and William Branigin contributed to this report.

by Sari Horwitz

and Ellen Nakashima

The Obama administration on Wednesday made public a previously classified order that directed a company identified by U.S. officials as Verizon Communications to turn over a vast number of Americans’ phone records.

The formerly secret order was unveiled along with other documents by Director of National Intelligence James R. Clapper Jr. as top Obama administration officials were preparing to testify before the Senate Judiciary Committee in a hearing on oversight of the Foreign Intelligence Surveillance Act (FISA).

A statement issued by Clapper’s office said he “has determined that the release of these documents is in the public interest.”

The primary court order sets forth the government’s privacy safeguards for the National Security Agency’s program to collect the bulk phone call detail records of millions of Americans. The order, signed by a judge from the Foreign Intelligence Surveillance Court, does not explain the legal rationale for the program.

Rather, it is an apparent effort by the administration to allay privacy concerns raised by the leaking of a secondary court order by former NSA contractor Edward Snowden that documented the NSA’s program to collect “all call detail records” of phone calls from U.S. phone companies for counterterrorism purposes.

According to the order released Wednesday, the court found that there were “reasonable grounds to believe that the [records sought] are relevant to authorized investigations being conducted by the FBI . . . to protect against international terrorism.”

Although no company names appear on the heavily redacted court order, senior U.S. officials said it was issued by the Foreign Intelligence Surveillance Court to a subsidiary of Verizon in April. Officials described it as the formal order underlying the directive that was disclosed in June by Snowden, who is accused of leaking classified information about surveillance programs.

The officials, speaking on the condition of anonymity before the order was released because they were not authorized to speak publicly, expressed hope that the document would shed light on how the U.S. government obtains communications records under FISA and the restrictions placed on surveillance programs.

The order from April covers the same length of time as the order previously disclosed by Snowden. Officials have said the Justice Department seeks renewal for the bulk-collection orders every 90 days.

The formerly “top secret” 17-page order, redacted to remove any information about the company providing the records or the target of the investigation, was originally scheduled to be declassified in April 2038. It demands “all call detail records or ‘telephony metadata’ created by [redacted].” A footnote specifies that “telephone metadata does not include the substantive content of any communication . . . or the name, address, or financial information of a subscriber or customer.”

The order notes that the NSA must “strictly adhere” to “minimization” procedures to protect the privacy of U.S. citizens or residents, for example, by allowing only authorized personnel to have access to the data.

According to Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who penned an opinion piece Wednesday in The Washington Post, the authorized personnel consist of 22 analysts.

The release came as the Judiciary Committee convened to hear testimony by officials from the Justice Department, the NSA and the Office of the Director of National Intelligence.

Appearing before the committee Wednesday were Deputy Attorney General James Cole; National Security Agency Deputy Director John C. Inglis; Robert S. Litt, general counsel in the Office of the Director of National Intelligence; and Sean M. Joyce, deputy director of the FBI.

Testifying as part of a second panel were James G. Carr, a senior federal judge in Toledo, Ohio, who former served on the Foreign Intelligence Surveillance Court; Jameel Jaffer, deputy legal director of the American Civil Liberties Union; and Stewart Baker, a Washington lawyer.

Several lawmakers quizzed the administration officials about whether the documents, and others that were leaked by Snowden, should have been classified in the first place.

“The American public is an important part of this debate,” said Sen. Sheldon Whitehouse (D-R.I.). “We would probably be better off if there was not such a strong instinct to classify information and to keep it classified.”

Some senators were perturbed that the government waited until moments before the hearing to release the FISA court order and two other documents about the bulk collection programs. They suggested that the timing did not give them the opportunity to prepare adequately to question the witnesses about the documents.

“Ad hoc transparency doesn’t engender trust,” Sen. Al Franken (D-Minn.) complained during Wednesday’s hearing.

At a similar hearing of the House Judiciary Committee two weeks ago, lawmakers expressed deep skepticism over the NSA’s bulk collection of phone records.

The phone records include basic information on the calls of millions of Americans — such as the phone numbers dialed, the time of the call and the length of the conversations — but not the content of the calls.

U.S. officials have defended the collection, saying it has proved vital to the disruption of terrorist plots in the United States and overseas.

One of the documents declassified Wednesday, a report provided to Congress on the NSA’s bulk collection programs ahead of the 2011 Patriot Act reauthorization, forcefully made that point. “NSA needs access to telephony and e-mail transactional information in bulk so that it can quickly identify and assess the network of contacts that a targeted number or address is connected to,” it said. “Importantly, there are no intelligence collection tools that, independently or in combination, provide an equivalent capability.”

The report added: “The more metadata NSA has access to, the more likely it is that NSA can identify, discover and understand the network of contacts linked to targeted numbers or addresses.” If the agency had to wait until after a lead was developed, “important connections could be lost in data that was sent prior to the identification of the [suspected] phone number or e-mail address,” it said. “The attacks of 9/11 taught us that applying lead information from foreign intelligence in a comprehensive and systematic fashion is required to protect the homeland,” and the surveillance programs “cover a critical seam in our defense against terrorism,” the report said.

But some lawmakers have said the NSA’s program goes beyond the more targeted collection of communications data that was authorized by Congress.

Under questioning at Wednesday’s hearing from Sen. Charles E. Grassley (R-Iowa), intelligence officials stressed that the surveillance program authorized by Section 215 of the Patriot Act does not collect individual names, addresses or social security numbers, or capture the content of phone calls.

“Nobody is listening to anybody’s conversations through this program, and through this program nobody could,” Cole said.

Feinstein said it was important for the public to know that the phone numbers cannot be mined for data unless the number has a “reasonable, articulable” suspicion of being connected to terrorism.

She said she wants more information about what data are being gathered, and what impact they are having in terms of combating terrorism.

“I believe . . . we would place this nation in jeopardy if we eliminated those two programs,” she said.

Nonetheless, the order released Wednesday also apparently shows that NSA technicians, contrary to government officials’ statements, may review the data even when there is no connection to foreign terrorism, for instance, to make it “usable” for intelligence analysis or to look for “high volume” numbers.

“It’s become a pattern of the government making blanket assertions — we collect only on foreign targets — but there are always the asterisks,” said Elizabeth Goitein, co-director of the Liberty and National Security Program of the Brennan Center for Justice. “They don’t tell you about the asterisks.”

Leslie Harris, president and chief executive of the Center for Democracy and Technology, said in a statement: “The order shows that the NSA use of the telephone calling information proceeds on autopilot — without FISA Court intervention — once a broad order is issued. The government, not the FISA Court, decides whether a particular person’s phone number, and the phone numbers of everyone associated with that person, will be investigated through queries of this vast database. It is time to close down this disturbing process that clearly puts privacy and civil liberties on the back burner.”

The government officials testified that the NSA tries to glean additional information from the data only when there is reasonable suspicion of a link to a foreign terrorist group, and they emphasized that there are many fewer such queries than critics of the policy seem to fear.

In 2012, the officials said, the queries resulted in 12 reports to the FBI that contained fewer than 500 phone numbers.

“This is nothing but a tool to try and identify telephone numbers that warrant further investigation,” Litt told the committee.

In an opening statement at the hearing, Sen. Patrick J. Leahy (D-Vt.), the Judiciary Committee chairman, noted that in the years since the Sept. 11, 2001, terrorist attacks, Congress has expanded the scope of the Foreign Intelligence Surveillance Act.

“We must carefully consider now whether those laws may have gone too far,” he said. “We need straightforward answers. I’m concerned we’re not getting them.”

He added: “I think the patience of the American people is beginning to wear thin.” He called for taking a “close look at the phone records program,” saying that “if this program is not effective, it has to end.”

Leahy also disputed administration accounts of the number of terrorist plots that may have been disrupted by the collection of phone records. He said a classified list provided by Army Gen. Keith B. Alexander, director of the NSA, “does not reflect dozens” of thwarted plots, “let alone 54 as some have suggested.”

Inglis, the agency’s deputy director, said later that the phone surveillance program contributed to disrupting or discovering attacks 12 times. He said the figure of 54, previously advanced by Alexander, included plots foiled by both the phone records surveillance and a separate program to collect Internet communications.

William Branigin and Debbi Wilgoren contributed to this report.