James Ball and Spencer Ackerman
August 9, 2013
The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens’ email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.
The previously undisclosed rule change allows NSA operatives to hunt for individual Americans’ communications using their name or other identifying information. Senator Ron Wyden told the Guardian the NSA’s authorities provide loopholes that allow “warrantless searches for the phone calls or emails of law-abiding Americans”.
The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA’s dragnet surveillance programs.
The intelligence data is being gathered under Section 702 of the of theFisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.
The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as “incidental collection” in surveillance parlance.
But this is the first evidence that the NSA has permission to search those databases for specific US individuals’ communications.
A secret glossary document provided to operatives in the NSA’s Special Source Operations division — which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies — details an update to the “minimization” procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US.
“While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data,” the glossary states, “analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence].”
The term “identifiers” is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.
The document — which is undated, though metadata suggests this version was last updated in June 2012 — does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.