
The Guardian has been silent for a while, but into the breach stepped the Washington Post with two new stories based on items selected from the Edward Snowden collection, which, I understand, still does not feature ties or outerware.
Headlines: Documents Reveal NSA's Extensive Involvement in Targeted Killing Program and NSA Collects Millions of E-mail Address Books Globebally
Significance: Hard to say. The "targeted killing program" referred to in the headline is a policy that the entire intelligence community collaborates on. It would be quite unusual if the CIA used another agency to gather signals intelligence on its targets. From previous reporting, we know how closely the NSA and the CIA collaborate on just about everything else. Of interest, though, is the way the NSA helped: targeted cyber penetrations are a very rich source of counter-terrorism intelligence. They don't really just use the phone anymore. The Post withheld a bunch of details, appropriately so, so the significance beyond this bit of trivia is unknown. The other story, on the mass collection of contact lists, is more interesting. It is also, in some ways, a deeper dive into a subject already brought to the surface -- the NSA's global collection of Internet metadata, of which contact lists are a part. The collection falls under the Executive Order that authorizes foreign intelligence collection, so Congress doesn't have as many ways to oversee these programs. The NSA says that these foreign intelligence programs are subject to the same "minimization" procedures if your contact list or mine happens to get caught up in their net.
Key point: From what we know of the NSA's aperture issues, it's hard to believe that a lot of US persons contact lists haven't passed through NSA filters and servers at some point. It is really difficult to segregate different types of digital information as it passes through filters, cables, nodes and servers around the world.
Explanation: The intelligence committees in Congress know all about the NSA's collection of SIGINT on specific terrorist targets. They are less familiar with "overcollects" of US persons Internet metadata arising from the NSA's global intelligence programs. This ought to be rectified.
What we still don't know: Can the NSA figure out in any efficient way without having a human examine each bit of data what belongs to a US person and what does not, especially if it is collected from a point originating overseas?
Harm to national security from publication: None. In my opinion, which is of limited relevance, these articles do not appreciably harm national security.