The Guardian has released the secret documents pertaining to the "procedures used by NSA [National Security Agency] to target non-US persons."
Exhibit A here and Exhibit B here.
Starting with the headlined statement, when news first broke about the Obama administration, with secret FISA court orders, was directing the NSA to collect information in bulk from large tech companies and phone companies, catching data from US citizens as well as non-US persons, Barack Obama took to the national stage and informed Americans "Nobody is listening to your telephone calls."
While it is clear the intended purpose is to target non-US persons, what Obama assured Americans was a blatant, bold-faced lie, according to the newly revealed documents.
"In the absence of specific information regarding whether a target is a United States person," it states "a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person."This also means when Cyber Command Commander of the National Security Agency, Chief General Keith Alexander said the NSA doesn’t have the "technical insights" and added they are not authorized to collect from the sea of data nor does the NSA have the "equipment," that too was highly misleading as the newly released procedure documents makes very apparent.
If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.
Despite language written into the procedures to remove US citizens and residents from data collection, the caveats in the policy allow for the exact opposite:
However, alongside those provisions, the Fisa court-approved policies allow the NSA to:
• Keep data that could potentially contain details of US persons for up to five years;
• Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
• Preserve "foreign intelligence information" contained within attorney-client communications;
• Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.
TechDirt takes particular issue with the NSA's determination to retain information if it is encrypted:
There's been plenty of commentary concerning the latest NSA leak concerning its FISA court-approved "rules" for when it can keep data, and when it needs to delete it. As many of you pointed out in the comments to that piece -- and many others are now exploring -- the rules seem to clearly say that if your data is encrypted, the NSA can keep it. Specifically, the minimization procedures say that the NSA has to destroy the communication it receives once it's determined as domestic unless they can demonstrate a few facts about it. As part of this, the rules note:
In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them. And, furthermore, as we noted earlier, the basic default is that if the NSA isn't sure about anything, it can keep your data. And, if it discovers anything at all remotely potentially criminal about your data, it can keep it, even if it didn't collect it for that purpose. As Kevin Bankston points out to Andy Greenberg in the link above:
The default is that your communications are unprotected.That's the exact opposite of how it's supposed to be under the Constitution. The default is supposed to be that your communications are protected, and if the government wants to see it, it needs to go to court to get a specific warrant for that information.
Encryption is used for a variety of reasons, protecting data, sensitive information, companies developing new technology, people using wireless to prevent their online credit card information from being hacked into...etc.
The bottom line here is the NSA does have the ability, technology, and the overly broad authority written into the procedures, to not only keep Americans data, but to eavesdrop for the purpose of supposedly ruling them out.
This directly contradicts Obama's assertion that "Nobody is listening to your telephone calls.."
Remember what started all this was The Guardian publishing a secret Foreign Intelligence Surveillance Court order allowing the government to obtain information on every single Verizon customer, for three months, on an ongoing daily basis.
Verizon is one of the nation's largest telecommunications companies, with approximately 121 million customers, according to its first-quarter earnings report this April.
Full Wake up America NSA scandal coverage found here.