Holiday snaps and nuclear intel: The NSA’s data capture exposed

NSA catches only 10% of data legally, but is it a fair trade off?

Mosaic of eyes, courtesy of ShutterstockUp until now, Edward Snowden has revealed the techniques and tools used by the National Security Agency (NSA) in its surveillance activities, but he’s kept the actual content of intercepted messages close to the vest, assuring journalists and the public that his evidence would eventually show that the spy agency pretty much sees all, knows all.

Now, the content is out – or, at least, shared with The Washington Post.

Snowden’s made good on his promises, and months-long analysis done by The Post on 160,000 intercepted messages has provided a blueprint of what the US’s intelligence agencies vacuumed up and from whom.

The takeaway that spawned headlines on Monday: 90% of the account holders found in a large cache of intercepted conversations that Snowden handed over, in full, to The Post weren’t intended targets of surveillance but were still swept up in the net cast to catch somebody else.

The NSA’s interception of messages shows laughably feeble attempts to “minimise” the identity of illegally tracked targets (the NSA notes that it was tracking a “US president-elect”, for example; given that we know the date of the intercepted messages, there’s only one man who it could be); interception of (and, occasionally, mocking of) content that’s heart-stirringly intimate; and a slender but undeniably significant slice of legally snared conversations – including the unveiling of a new nuclear project – that has to be weighed against the otherwise outrageous scale of privacy invasion.

The Post looked over a cache that consists of 160,000 intercepted email and instant-messaging conversations, plus 7,900 documents taken from more than 11,000 online accounts, all dating to President Obama’s first term, from 2009 to 2012.

The Post says that the materials paint a vivid picture of the landscape ushered in by Section 702 of the Foreign Intelligence Surveillance Act (FISA) amendments [PDF].

Section 702 rubberstamped the ongoing, illegal mass spying on domestic communications that began after 9/11, during the Bush administration.

In 2008, Section 702 was added to the pre-existing FISA, amending it so as to allow the NSA to work with telecoms to copy, scan and filter internet and phone traffic coming through physical infrastructure – a program code-named Upstream that snatches data as it crosses the US junctions of global voice and data networks.

Section 702 also covered collection orders, including PRISM, directed at specific companies to compel them to hand over content (as long as it’s “targeted” mostly at foreigners).

Through PRISM, US intelligence has been able to get its hands on content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading internet companies.

Regardless of whether intercepted content comes from PRISM, Upstream or other warrantless searches, it’s all copied and dumped into a searchable database.

Enter Edward Snowden.

He searched it, he copied it, he handed it over to The Post, and here are some of the things that the newspaper says it subsequently came across in that deep data store:

  • Medical records sent from one family member to another;
  • Résumés from job hunters;
  • Academic transcripts of schoolchildren;
  • Photos of: a young girl in religious dress beaming at a camera outside a mosque; of infants and toddlers in bathtubs, on swings, sprawled on their backs and being kissed by their mothers; of men flexing their muscles; and of women modeling lingerie, leaning suggestively into a webcam or striking risque poses;
  • A suspected kidnapper, newly arrived in Syria before the civil war, begging for a job as a janitor and expressing surprise at how scantily clad were the women on local beaches.

In fact, much of the captured communications have a “startlingly intimate, even voyeuristic quality”, The Post says, telling stories of “love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes”.

As The Post reports, 90% of these intercepted conversations were from people who wouldn’t lawfully qualify as targets – in other words, the NSA wouldn’t be able to state a reasonable belief that the individuals had information of value about a foreign government, a terrorist organisation or the spread of nonconventional weapons.

The law requires the NSA to legally target only foreign nationals located overseas, unless it gets a warrant based on probable cause from a special surveillance court.

But while 9 out of 10 surveillance subjects were innocent internet users, that still leaves 1 out of 10 who were anything but that.

For example, in the documents revealed by Snowden, one analyst made fun of the scandalised, would-be janitor and suspected kidnapper.

He may have been mocked, but that suspected kidnapper is just one example pointing to dangerous or potentially dangerous individuals who were legally spied upon – 10% of whom provided solid intelligence of serious security threats.

To avoid interfering with ongoing operations, the CIA asked The Post to refrain from giving details about the most valuable intercepted content it analysed.

But this is the gist of the most crucial intelligence:

  • Fresh revelations about a secret overseas nuclear project,
  • double-dealing by an ostensible ally,
  • a military calamity that befell an unfriendly power, and
  • the identities of aggressive intruders into US computer networks.

And while The Post refrained from giving details on ongoing investigations, it did point to the successful capture of two suspected terrorists as a direct result of months of tracking communications across more than 50 alias accounts.

One was the 2011 capture of Pakistani bomb-builder Muhammad Tahir Shahzad, and the other was the capture of Umar Patek, who was sentenced to 20 years in jail for a 2002 terrorist bombing on the Indonesian island of Bali that killed more than 200 people.

NSA defenders are pointing to such arrests as being confirmation of its surveillance programs.

From PowerLine’s Paul Mirengoff:

[The Post succeeds] only in confirming the value of the NSA’s practice in combating the threat to our safety posed by terrorists.

Leftists like Glenn Greenwald have persistently maintained that NSA’s electronic spying is basically worthless in countering terrorism. This claim was always absurd on its face, and the Post's story debunks it.

Regarding the 9 out of 10 innocents caught in the net, Mirengoff echoes what the Obama administration had to say when it shrugged off The Post’s article: it’s “unavoidable, rather than surprising”.

Robert Litt, the general counsel to the director of national intelligence, on Sunday told the New York Times that The Post didn’t disclose anything new:

These reports simply discuss the kind of incidental interception of communications that we have always said takes place under Section 702.

We target only valid foreign intelligence targets under that authority, and the most that you could conclude from these news reports is that each valid foreign intelligence target talks to an average of nine people.

But how long does the NSA retain the email and phone conversations of innocents that it’s swept up, and how well does it safeguard that content?

Snowden was a mere contractor, but he was still able to deeply probe that material, having the power, as he says, to find a senator’s email just by typing in a few search terms on XKeyscore, the NSA’s intelligence searching and analysis tool.

Material described by analysts themselves as being useless is nonetheless kept hanging around.

Even if that material seems harmless now, there’s no telling how it could come back to haunt us, as Snowden told The Post:

Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders, their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?

Yes, the 1 out of 10 real threats can be used to justify the existence of the NSA programs.

But fully? Completely? Unreservedly? If not, to what extent?

Do the intelligence successes detailed in The Post’s report completely counterbalance the 9 out of 10 innocent people whose privacy is not only violated illegally but continuously, given the government’s retention of data?

How do we assess the tradeoff of privacy for captured terrorists and foiled security plots?

I don’t know how to do that difficult math. Do you?

Image of mosaic of eyes courtesy of Shutterstock.