The White House wants Congress to reauthorize two of the NSA’s largest surveillance programs before they expire at the end of the year.
One of them scans the traffic that passes through the massive internet cables going in and out of the U.S. and ends up catching a vast number of American communications in its dragnet.
But how many? Lawmakers have been asking for years, and the intelligence community has consistently refused provide even a ballpark figure.
At a hearing of the House Judiciary Committee on Wednesday, several members expressed frustration that intelligence chiefs — first under Obama, and now under Trump — have failed to provide any kind of estimate, even in classified briefings.
“The members of this committee and the public at large require that estimate to engage in a meaningful debate,” said Rep. John Conyers, D-Mich., the leading Democrat on the committee. “We will not simply take the government’s word on the size of the so-called ‘incidental collection.’”
Section 702 of the Foreign Intelligence Surveillance Act, which lapses at the end of the year, allows the NSA to collect vast amounts of domestic internet traffic as long as it maintains it is only “targeting” foreigners. Documents provided by NSA whistleblower Edward Snowden described two huge surveillance programs that operate under that authority. One program, PRISM, allows the NSA to collect data in bulk from tech companies like Google, Facebook and Apple. The other program — Upstream — allows the NSA to tap the massive internet cables that carry information in and out of the U.S. and search for communications involving certain foreign “targets” or “selectors”.
As the NSA scans the cables for information on its targets, it also collects information on the Americans those targets are communicating with, as well as entirely unrelated information, such as communications from people who happened to be in the same chat room as a target. Furthermore, the targets can be selected for any “foreign intelligence purpose” — not just counterterrorism.
As a result, the NSA ends up collecting information on a huge number of U.S. persons without getting a warrant – collection they describe as “incidental,” but which is really inevitable. And using what critics call the backdoor loophole, law enforcement officials then search through that material for information on Americans.
That collection on Americans is part of how the law was designed, according to Elizabeth Goitein, a lawyer for the Brennan Center for Justice. “Incidentally,’ is the terminology used by the government,” Goitein testified at Wednesday’s hearing. “But it is part of the design of the program to acquire communications of foreign targets with Americans.”
The issue of “incidental collection” has come into the spotlight in the weeks since Trump’s inauguration. Last month, anonymous members of the intelligence community leaked information about phone calls between the Russian ambassador — who was understandably targeted for surveillance – and Trump’s former national security adviser, Michael Flynn.
Flynn’s resignation spooked some Republicans who worried about that ability being used improperly. “Whatever your political persuasion is, for me it had a chilling effect,” said Rep. Raúl Labrador, R-Idaho. “My political opponents could use my personal information, that they maybe gathered in some private information, against me in the future. That should be quite terrifying to anybody, whether you’re a Republican or Democrat.”
Conyers, along with a bipartisan group of 14 Democrats and Republicans, sent a letter to the director of national intelligence in April last year, asking “simply for a rough estimate” of how many Americans had their communications collected.
Conyers sent a follow-up letter in December. “The intelligence community has not so much as responded to our December letter,” Conyers said Wednesday. “I had hoped for better.”
Sen. Ron Wyden, D-Ore., first requested an estimate in 2011 — even before the Snowden disclosures demonstrated the reach of the surveillance programs. The federal Privacy and Civil Liberties Oversight board recommended in 2014 that the NSA start keeping track of the number. In 2015, more than 30 civil liberties organizations wrote a letter to the Intelligence Community’s Civil Liberties Protection Office, demanding the same thing, and got an unresponsive reply.
The intelligence community insists that it doesn’t keep track, in part because doing so would require it to identify which phone numbers and computer IP addresses belong to American citizens. April Doss, a former NSA lawyer, told the committee that it would require the NSA to de-anonymize everyone in their communications. “In my view, the collection and maintenance of that reference information would itself pose significant impacts to privacy,” she said.
But Goitein noted that the NSA already uses computer IP addresses to approximate who is a U.S. citizen for other purposes, so it would be easy for them to estimate how many Americans’ communications they collect.
“The NSA has determined that the IP address is an accurate enough indicator of a persons status … to use it to filter out the wholly domestic communications that the NSA is prohibited from acquiring,” she testified. “If it’s accurate enough to enable the NSA to comply with that constitutional obligation, then it’s certainly accurate enough for the estimate.”