Documents obtained from former National Security Agency contractor Edward Snowden suggest that the NSA has obtained access to internal communications among major overseas data centers operated by Yahoo and Google. The documents suggest that by copying data traveling between the centers as it passes through undisclosed interception points, the agency is able to gather hundreds of millions of records. Those apparently include the content of communications as well as the metadata associated with them.
The NSA apparently collaborates with its British counterpart, the GCHQ, on the collection project, which has the code name MUSCULAR. As Barton Gellman and Ashkan Soltani report, the collection is in addition to the previously revealed collection under the PRISM program. That process legally compels Yahoo, Google, and other companies to provide information on their users:
Under PRISM, the NSA already gathers huge volumes of online communications records by legally compelling U.S. technology companies, including Yahoo and Google, to turn over any data matching court-approved search terms. That program, which was first disclosed by The Washington Post and the Guardian newspaper, is authorized under Section 702 of the Foreign Intelligence Surveillance Act and overseen by the Foreign Intelligence Surveillance Court.
Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.
Outside U.S. territory, statutory restrictions on surveillance seldom apply and the Foreign Intelligence Surveillance Court has no jurisdiction. Senate Intelligence Committee Chairwoman Dianne Feinstein has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies.
John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said it was obvious why the agency would prefer to avoid restrictions where it can.
“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.”
Andrea Peterson speculates on other reasons why the NSA might have sought an additional mode of access to the data:
By accessing data without the knowledge of tech companies, it didn’t have to worry that the volume of data it was accessing could raise privacy alarm bells within those companies.
Both Yahoo and Google expressed concern about Gellman and Soltani’s revelations and claimed the data link infiltration was done without their knowledge. In a statement to the Post, Google said it was “troubled” by the allegations and they were “not aware of this activity.” Similarly, a Yahoo spokeswoman said the company had “not given access to our data centers to the NSA or to any other government agency.”
Of course, it’s also possible that the decision to collect the data wasn’t part of any broader strategy. The NSA’s mission is to collect and analyze foreign intelligence. Here, it had an opportunity to parse through a truly astounding amount of data. Over one 30-day period earlier this year, the agency collected 181,280,466 new records, including metadata and the actual content of e-mails. Scooping up data is deep in the NSA’s DNA, and it may simply have been unable to help itself.
The agency has confronted renewed scrutiny this month following reports that it gathered millions of European call records and monitored the phones of foreign heads of state, including German Chancellor Angela Merkel. The agency’s director responded to the reports in testimony before the House Intelligence Committee on Tuesday:
Gen. Keith Alexander said foreign intelligence services collected phone records in war zones and other areas outside their borders and provided them to the spy agency — an operation that was misunderstood by French and Spanish newspapers that reported that the NSA was conducting surveillance in their countries.
“This is not information that we collected on European citizens,” Alexander told the House Intelligence Committee. “It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations.”
Alexander made the comments in response to questions from the panel’s chairman, Rep. Mike Rogers (R-Mich.), about reports that the NSA collected more than 70 million French phone records in a one-month period late last year and early this year and intercepted more than 60 million phone calls in Spain during the same time frame.
The reports, based on revelations by former NSA contractor Edward Snowden, stirred public anger and prompted a diplomatic protest from France.
Apparently referring to a slide outlining the information, Alexander said the leaker and reporters “did not understand what they were looking at.” The sources of the data on the slide included information the NSA collected under its various authorities, as well as data that foreign partners provided to the agency, he said.
Meanwhile, lawmakers are considering competing proposals for the future of the NSA:
[One] proposal, from a bipartisan coalition in the House and the Senate, would effectively halt “bulk” records collection under the USA Patriot Act. Another bipartisan group of lawmakers is preparing legislation that would preserve the program while strengthening privacy protections.
The dueling proposals are setting the stage for what could be a fierce political showdown over the NSA’s authorities. NSA Director Keith Alexander and Director of National Intelligence James R. Clapper Jr. — who are set to testify before Congress on Tuesday — have defended the phone records program as a vital counterterrorism tool. But privacy advocates and critics on Capitol Hill, led by a diverse group of liberal Democrats and libertarian conservatives, have described it as a gross infringement on civil liberties. . . .
In July, the House narrowly defeated a measure to defund the phone records collection program. Since then, fresh disclosures about the NSA’s activities and capabilities, based on leaks from former agency contractor Edward Snowden and declassified court opinions, have continued to spark controversy — and have built support for reining in the surveillance.
The phone call database contains billions of records of numbers dialed, as well as the lengths and times of calls, but not their content.
According to one of the documents obtained from Snowden, the NSA collected 181,280,466 pieces of information through MUSCULAR. At times, the agency has been overwhelmed with data, much of it of little intelligence value.
See more on MUSCULAR below.