Throughout the past months, US intelligence agency leaders have accused the media of sensationalizing the information on National Security Agency surveillance programs exposed by former NSA contractor Edward Snowden. They’ve accused media of publishing incomplete, inaccurate and misleading reports that have contributed to misperceptions about what it is the NSA actually does in its operations.
At a Senate Judiciary Committee hearing on October 2, the chairman, Senator Patrick Leahy, confronted NSA director Gen. Keith Alexander and Director for National Intelligence James Clapper and countered, “Both of you have raised concerns that the media reports about government surveillance programs have been incomplete, inaccurate and misleading or some combination of that, but I worry that we’re still getting inaccurate and incomplete statements from the administration.” Leahy pointed to the fact that there have been repeated claims about terrorist plots being thwarted under a business records provision of the PATRIOT Act, Section 215, and under a provision of the FISA Amendments Act, referred to as 702.
“That’s plainly wrong, but we still get it in the letters to members of Congress,” Leahy declared. “We get it in statements. These weren’t all plots and they weren’t all thwarted. The American people are getting left with an inaccurate impression of the effectiveness of the NSA programs.”
Leahy asked if Alexander would agree “that the 54 cases that keeping getting cited by the administration were not all plots.” Also, he asked if Alexander would agree that only 13 had some nexus to the United States. Alexander conceded this was all true.
There was “only one case” where phone records collection stopped terrorist activity,” Leahy asked. Alexander said he believed it was two cases.
Whatever the number, Leahy explained, “We’re talking about massive, massive collection. We’re told we have to do that to protect us.” If the statistics are “not accurate, it does not have the credibility with the Congress. It does not have the credibility with this chairman. It does not have the credibility with the country.”
US Intelligence Agency Leaders Pressed on Social Graphing Revelations in New York Times
Leahy proceeded to ask the intelligence agency leaders about the New York Times report published over the weekend on documents from Snowden. A “contact-chaining” memo revealed the NSA adopted new procedures to conduct analysis of communications metadata “from and through any selector, irrespective of nationality or location, in order to follow or discover valid intelligence targets.”
As the memo stated, “The impact of the new procedures is two-fold. In the first place it allows NSA to discover and track connections between foreign intelligence targets and possible 2nd Party or US communicants. In the second place it enables large-scale graph analysis on very large sets of communications metadata without having to check foreignness of every node or address in the graph.”
Leahy reacted, “We get more in the newspapers than we do in the classified briefings that you give us.” He added, “If it’s accurate, it appears to contradict earlier representations that NSA does not compile dossier files on the American people.” He asked if the NSA was compiling profiles or dossiers on the American people.
Alexander said the reports are “inaccurate and wrong.” The “facts” are that the Times took the fact that the NSA takes data to “enrich it” and they did not include the word “foreign” in front of any mention of data. He claimed the NSA only looks at “foreign information.” (This is likely a term of art. “Foreign information” may not necessarily mean information from foreigners. It may mean information related to foreign activities the NSA is monitoring.)
Leahy pressed Alexander. He asked, what authority are you using to do this analysis? And are you saying the Times is flat out wrong in their article?
They are “flat out wrong in saying we’re creating dossiers on Americans,” Alexander said. [Note: The Times report never alleged the NSA was compiling dossiers. That is merely the impression numerous individuals got from reading the story—that this information was probably being compiled into dossiers.]
Alexander further detailed that the metadata is collected under Executive Order 12333 from 2009. It is not reviewed by the Foreign Intelligence Surveillance Court. Phone records or emails, he claimed, are used to “figure out social networks abroad.” Data may be used to help the FBI pursue a terrorist threat in the US. It may be used in the case of overseas hostages. It may be used to track industries since “US companies are considered US persons.” Collection can be reviewed by President Barack Obama’s administration or audited by NSA’s own staff.
Leahy asked if any of these complaints were shared with the Times. Alexander answered, “We did give them insights. They didn’t take all the data. I don’t know what and why.” He conceded it was accurate that the Secretary of Defense and Attorney General had granted authority to collect metadata (which, by the way, had previously been discouraged within government).
It was unknown if Congress had been informed about what the NSA was doing around social mapping. Alexander tried to suggest that what the NSA was doing with metadata was the “least intrusive” way to understand terrorism problems the nation could face. Leahy took issue saying, “Many might think it’s most intrusive.”
Is Technology Being Developed to Protect Americans’ Privacy?
Senator Mazie Hirono also asked about the Times story. She read this excerpt on a tool NSA is using to chain phone numbers and email addresses called Mainway:
The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign.
She said the NSA is developing technology for collection, but is it also developing technology to protect privacy?
Alexander again stated that all of those should have the word “foreign in front of them.” He accused the Times of “jumping to conclusions that this is done on Americans.” He added, “I think our rules for ensuring the privacy both of Americans and our allies is actually better than any country in the world.”
Senator Richard Blumenthal asked further questions on the Times report. “Is it your testimony here that there has been no social network mapping or graphing that involves American residents or citizens?” he asked. He noted he was referring to mapping a person’s social network through emails or Facebook.
Alexander said they would “filter out any NSA data.” But that’s not what the 2011 memo on “contact-chaining,” which formed the basis of the Times story, said. One of the benefits of the new analysis was, as previously mentioned, it enabled “large-scale graph analysis on very large sets of communications metadata without having to check foreignness of every node or address in the graph.” That does not inspire confidence that data on US citizens is not being swept up in the collection process.
Also, Alexander hesitated to fully answer a question and said he was at this hearing today to discuss the business records provision under FISA, which is what he is familiar with. He did not want to take questions on other NSA surveillance programs.
NSA’s Secret “Pilot Project” to Collect Americans’ Location Data in Bulk
As the hearing was about to begin, Charlie Savage of the Times reported, “The National Security Agency in 2010 and 2011 conducted a secret pilot project to test the collection of bulk data about the location of Americans’ cellphones, but the agency ultimately decided against putting such a program into play for now.” (This is what Senator Ron Wyden tried to get Alexander to speak about in a Senate Select Committee on Intelligence hearing last week.)
Clapper was prepared to read a statement with information on the project that had been declassified if asked about it, and it was Senator Ted Cruz who asked, “Do you believe the NSA needs to collect GPS location information on American citizens to prevent terrorism?” Except, Alexander read the prepared statement.
“NSA does not collect locational information under Section 215 of the PATRIOT Act,” Alexander read. “In 2010 and 2011, NSA received samples in order to test the ability of its systems to handle the data format but that data was not used for any other purposes and was never available for intelligence analysis purposes.”
He added in a closed hearing on June 25 the NSA promised to notify Congress “before any locational data was collected.” The government would be required to seek approval for collection from the FISA Court. Also, he said, “This may be something that is a future requirement for the country.” But, currently, data is handed over to the FBI and, when they get “their probable cause,” they can go collect location data if needed.
During the hearing, Alexander was asked about a previous statement about collecting all Americans phone records and putting them in a lock box. Would there be any other records of Americans he would think the NSA needed to collect?
Alexander told the committee he could not come up with any at the time. The answer indicated that could change and it would be permissible to collect other records if the NSA could come up with a purpose for the collection.
What Happens to Collected Metadata?
Senator Jeff Flake asked a critical question, whether all metadata collected was discarded after five years. Alexander said it depends. Particularly, under Executiver Order 12333, whether it was discarded after five years would depend on the “size of the repository and type of data being done.” It might be retained longer if it involved valuable data from overseas.
“If you have metadata collected under separate authorities, not just 215, is that bunched together so retained beyond 5 years? Or how do you separate it?” Flake asked.
“I don’t know of any other programs that would collect metadata outside the United States except for 215,” Alexander answered. Clapper tapped him and said there was overseas metadata. Alexander added “other agencies” would retain data longer. “Hopefully,” there weren’t other programs he was forgetting.
The hearing was very different from the alleged oversight hearing the Senate Select Committee on Intelligence performed last week. It involved senators asking actual questions that could truly lead to the formation of new policies or the proposal of additional reforms. It was not primarily used as an opportunity to give speeches about Terrorism (although Senator Dianne Feinstein stopped by to disrupt the hearing with exactly that kind of speech, where she told a story about 9/11 to express the need to save NSA surveillance powers).
The answers Alexander and Clapper gave created more questions. This 2009 executive order is less understood than the business records provision and it does not seem like senators were ever properly briefed. The nature of it may have been obscured or, perhaps, leadership of the intelligence committee (like Feinstein) hid details. It is unclear at the moment.
Most of the answers from Alexander and Clapper were answers designed to address what is authorized under the Foreign Intelligence Surveillance Act. Programs not functioning under that authority are being overlooked or ignored when they give answers. So, that is why the public is hearing “not under this program” when saying certain collection is not occurring. But that does not clear suspicions that certain collection of records is not happening under other programs.
What other pilot projects or developed and then scrapped projects should Americans have a right to know about? If the data collected was retained or the NSA continued in some other form or were folded into existing programs, the public should know.
The hearing raised the specter of what the entire US intelligence apparatus is doing to engage in mass surveillance. The FBI, DEA, the National Counterterrorism Center and Department of Homeland Security are collecting data. The DHS has engaged in social network monitoring and used fusion centers to target citizens in the kind of way that many suspect the program in the Times story could.
Finally, this hearing was yet another example of the power of leaks to influence elected officials. The senators would not have asked questions about whether NSA was creating dossiers on Americans if it had not been for Snowden or the story published by the Times.