The latest leaked documents published by The Guardian detail in full the scope of the orders signed off on by judges of a top secret U.S. court, which determines what the U.S. National Security Agency can do with data it "inadvertently" collects from U.S. residents.
Specifically, the documents outline the circumstances in which data collected on U.S. persons should be destroyed, and the methods that the NSA must run through in order to determine whether or not a suspect is outside the U.S.
That is, so long as the data collected came from non-U.S. residents.
Both documents, signed by U.S. Attorney General Eric Holder on July 29, 2009, show that data belonging to U.S. residents can still be collected, retained, and used by law enforcement and intelligence agencies.
Set up in 1978 under the Foreign Intelligence Surveillance Act (FISA), the FISA court (FISC) approved the policies submitted by Holder that allow the NSA a broad range of tools to collect and retain data.
A series of checks are made by the NSA to determine if someone is in the U.S. or not. Should the target not pass the tests, the intelligence agency may not delete that data — even if it is subsequently proved to be from a U.S. resident.
The FISC order states that data that may contain details of U.S. persons can be kept for up to five years. Data that is "inadvertently acquired" domestically can be retained and made us of so long as it contains intelligence that may have useable intelligence. Also, the NSA is allowed to access the content of communications from "U.S.-based machines" to establish if a suspect is located in the U.S., which would determine whether or not the intelligence agency can continue spying.
There are three main elements of the U.S. surveillance laws that can be used under FISA and the Patriot Act:
Section 702 (also known as 1881a) of FISA minimizes the targeting of U.S. residents for surveillance, while allowing U.S. law enforcement to acquire online data of foreigners or groups of people that are not located within the U.S. — such as those in the EU.
Under the Fourth Amendment, which protects U.S. residents from unreasonable searches and seizures, the U.S. government requires a warrant to gain access to contents of communications.
However, the newspaper said that in one case, a "one-paragraph order" authorized the NSA to determine whether or not a person on U.S. soil, which would limit the agency's powers. According to one section of the order, if a person cannot be reasonably believed to be located outside the U.S., or "whose location is not known" will be "presumed to be a non-United States person" until a point where they can be positively identified as one.
Which means, if the NSA doesn't know, it will presume that the person is not a U.S. person — allowing the agency to perform a lot more data collection and intelligence gathering on that person.
The kicker in The Guardian's story is here: "If it later appears that a target is in fact located in the U.S., analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.
Just over a week ago, President Obama said: "Nobody is listening to your phone calls." But according to the London-based newspaper, this may be in conflict with statements made by the President.
For anyone keeping up with this surveillance scandal, despite a story from last week suggesting these exact same claims before The Guardian's leak on Thursday, a Congressman and a government official said in counter-statements that this was not in fact the case.
Rep. Jerrold Nadler (D-NY), who made the claims last week, said he was satisfied that the, "NSA cannot listen to the content of Americans’ phone calls without a specific warrant."
The U.S. Director of National Intelligence James Clapper also released a statement. "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress."
On page 7 of the "top secret" order, it does state: "NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities."
This seems to suggest that in some cases U.S. persons may be subject to having the contents of their communications accessed and analyzed. If that person is then later confirmed to be in the U.S., that data collection must be "terminated without delay." But, the caveat is that where the NSA claims it cannot filter U.S. data from non-U.S. data, the collection will carry on.
This data, as mentioned, can be retained for up to five years.
If that data, which belongs to a U.S. resident within the U.S., is significant enough, the NSA can appeal to its director if it finds evidence of a crime, encrypted data, or intelligence that may harm people or property.
There's no need to read between the lines: encrypted data may end up floating to the top of the NSA's collection list as it appears, based on the documents, to be equated with criminal activity.
Such data that doesn't fall in any of the three categories, the data must be destroyed, as per the second secret "minimization procedures." Another caveat: communications that are between a U.S. person and a person located outside the U.S., this data can be retained.
The publication states that: "Much of the decision-making appears to lie with NSA analysts, rather than the Fisa court or senior officials."