Why The Washington Post's big NSA revelation is a bust
While the world awaits Glenn Greenwald's long-promised final scoop, in which actual targets of the National Security Agency's post-9/11 surveillance programs might be identified, The Washington Post pushed out a dramatic story of their own on Sunday. Based on 160,000 transcripts of intercepted conversations, The Post found that "nine of 10 account holders found in a large cache of intercepted communications ... were not the intended surveillance target but were caught up in a net that the agency had cast for someone else."
And here's the piece's jaw-dropper:
Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses, or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or "minimized," more than 65,000 such references to protect Americans' privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents. [The Washington Post]
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Some of the most trenchant critics of the NSA were giddy. It's now been proven, Conor Friedersdorf at The Atlantic wrote, that:
The NSA collects and stores the full content of extremely sensitive photographs, emails, chat transcripts, and other documents belong to Americans, itself a violation of the Constitution—but even if you disagree that it's illegal, there's no disputing the fact that the NSA has been proven incapable of safeguarding that data. There is not the chance the data could leak at sometime in the future. It has already been taken and given to reporters. The necessary reform is clear. Unable to safeguard this sensitive data, the NSA shouldn't be allowed to collect and store it. [The Atlantic]
Except — not so fast.
Here's a little bit of neutral context:
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
The intercepts leaked by Snowden contain information derived from both the PRISM program, which collects ephemera directly from service providers and is based on FISA court orders for specific foreign targets, and from its cable interception program, which taps directly into the internet and sucks ephemera through a very complicated filtering process, getting rid of as much non-target communication as the technology is capable of filtering, and back through to the NSA, where analysts can figure out what's going on.
The NSA's "Turbulence" architecture filters for selectors at the point of interception, and indeed, even before: The NSA tries to infect computers and networks, "tag" certain communications of interests from targets, and then have its hardware "read" those tags as the internet traffic they're bundled with streams through a node the NSA happens to be collecting from.
Staying neutral here, the trouble and much of the controversy stems from the NSA's inability to determine which communications are "foreign," and its compliance problems have highlighted a real and troubling gap between what its technology was actually capable of and what the NSA assumed it was doing. Each NSA product line is an IP geolocation cell that works solely to determine the foreignness and origin of communication.
Now, I'm going to abandon my neutrality. Here's the scenario portrayed in the article: The NSA begins to collect content from a target, either because of a FISA order or a "702" certification on a class of targets — like "Russian government officials living in Utah." The NSA tries to eliminate as much of the targets' e-mails and chats to people inside the United States automatically, unless they're looking for a spy, in which case the FBI could be handling the case under separate authority. Ok, so: having run the data through an automatic minimization system of some sort, the NSA analysts are required to minimize every U.S.-person communication that they see. Minimize does not "to get rid of." It means to anonymize the U.S.-based non-target source. A minimized NSA intercept from me to a Russian government official in Utah might look like this:
From: XXXX.XXXXXXXX@gmail.com
>To: Sergey Federov (Sfederov@juniper.com)
Subject: ASPEN
Hi Sergey,
I unfortunately won't be attending the Aspen Ideas festival to talk about espionage and surveillance this year, or about XXXXXXXX XXXXXXX.
Sincerely,
XXXX.XXXXXX
Minimized: My name and that of the U.S. president.
Maybe I could be a customer service representative from the pizza place that got his order wrong, and I'm e-mailing him to apologize for it. The NSA and the FBI are required by statute to minimize the communication if they determine it has no intelligence value. (And why would the NSA waste time reading a conversation about pizza anyway?)
The Post article says that nine out of 10 account holders in the cache were not targets, and half of them contained U.S. person communication, most of which had been minimized. The nine out of 10 figure shouldn't surprise anyone. Look at your own inbox. If the FBI obtained your e-mail because you were involved in a plot to rob banks, at least nine out of 10 account holders would not be targets. Because warrants don't authorize the FBI to only read the content of the e-mails you might have sent to your associates, they authorize them to read the content of your e-mails, period, to investigate. That's intrusive, but that's why the FBI has to swear out an affidavit and get a warrant. (Here's a better explanation). When it comes to foreign targets, the NSA needs either a FISA order or certification to begin the process. We treat U.S. citizens differently than we do foreign targets.
Half of the the Snowden cache contained U.S. person communication of some sort. Again, not really surprising, especially if the intercepts came from the PRISM program. People around the world often communicate with companies here in the U.S. (which DOES count as a U.S person), or with friends from college who live here, and it is not even remotely remarkable that a foreign target's stored e-mails would include a "selector" that might be based in the U.S. or a U.S. person's name in the conversation itself.
The Post article says that MOST of those communications were minimized, according to law. But 900 or so identifiable U.S. person terms/selectors/account holders were not. This means that, in the above example, maybe the NSA minimized my e-mail address but not my telephone number. Why might the NSA not have minimized this? Because doing so would require an analyst to look at the content of every communication and run every selector (telephone number and e-mail address) through a database to figure out if it should be minimized. This would be inordinately time-intensive, so the NSA relies on automation, and THEN, when the analyst IS looking at specific communication, the analyst is required to minimize any un-minimized selector that makes it through.
The analyst's judgment can be subjective. On the first instance, the analyst has to figure out whether the communication is relevant to a foreign intelligence purpose. Then, they must figure out whether the selector terms, names, and identities are foreign and domestic. If the specific communication IS relevant to a foreign intelligence purpose, the analyst will spend time analyzing it.
How might U.S. persons flow through the NSA systems without being minimized? Easily. The communication simply wasn't looked at. No human being saw it. The Post's reporters looked at every single line of 160,000 intercepts. The NSA analysts don't do that/can't do that because the SIGINT system would not function for a second if they did.
Is it chilling that The Washington Post now has these intercepts? Yes. Does it represent a huge failure by the NSA? Debatable. The person who obtained them originally, Edward Snowden, spent more than a year, with very high clearances, trying to figure out how to steal them without triggering alarms. To say that they weren't protected by the NSA is to blame your grandmother for keeping her purse in a simple combination lock safe the kitchen, and not the thief who broke into the house to steal it. (In this case, the thief cased the house for a long time and had to figure out the combo to the lock.)
Marc Ambinder is TheWeek.com's editor-at-large. He is the author, with D.B. Grady, of The Command and Deep State: Inside the Government Secrecy Industry. Marc is also a contributing editor for The Atlantic and GQ. Formerly, he served as White House correspondent for National Journal, chief political consultant for CBS News, and politics editor at The Atlantic. Marc is a 2001 graduate of Harvard. He is married to Michael Park, a corporate strategy consultant, and lives in Los Angeles.
-
Today's political cartoons - December 21, 2024
Cartoons Saturday's cartoons - losing it, pedal to the metal, and more
By The Week US Published
-
Three fun, festive activities to make the magic happen this Christmas Day
Inspire your children to help set the table, stage a pantomime and write thank-you letters this Christmas!
By The Week Junior Published
-
The best books of 2024 to give this Christmas
The Week Recommends From Percival Everett to Rachel Clarke these are the critics' favourite books from 2024
By The Week UK Published
-
The recycling crisis
The Explainer Much of the stuff Americans think they are "recycling" now ends up in landfills and incinerators. Why?
By The Week Staff Published
-
The L.A. teachers strike, explained
The Explainer Everything you need to know about the education crisis roiling the Los Angeles Unified School District
By Jeff Spross Published
-
The NSA knew about cellphone surveillance around the White House 6 years ago
The Explainer Here's what they did about it
By Marc Ambinder Published
-
America's homelessness crisis
The Explainer The number of homeless people in the U.S. is rising for the first time in years. What’s behind the increase?
By The Week Staff Published
-
The truth about America's illegal immigrants
The Explainer America's illegal immigration controversy, explained
By The Week Staff Last updated
-
Chicago in crisis
The Explainer The "City of the Big Shoulders" is buckling under the weight of major racial, political, and economic burdens. Here's everything you need to know.
By The Week Staff Published
-
The bad news about ISIS's defeat in Ramadi
The Explainer The contours of a broader sectarian war are coming into focus
By James Poulos Published
-
America can still destroy the world
The Explainer The decline of U.S. military power has been greatly exaggerated
By Kyle Mizokami Last updated