The latest scoop from the Guardian on American intelligence work seems more like a clarification than breaking news. We knew about the NSA’s collection of telecom metadata as far back as 2006, although we didn’t know that FISA courts had continued to issue approvals for its continuance every 90 days during the Barack Obama administration. The PRISM leaks strongly suggested that the NSA was surveilling Internet content at home as well as abroad, which still hasn’t been entirely clarified. Discovering that FISA allowed the collection of Internet metadata until 2011 seems a bit of an anti-climax at this point:
The Obama administration for more than two years permitted the National Security Agency to continue collecting vast amounts of records detailing the email and internet usage of Americans, according to secret documents obtained by the Guardian.
The documents indicate that under the program, launched in 2001, a federal judge sitting on the secret surveillance panel called the Fisa court would approve a bulk collection order for internet metadata “every 90 days”. A senior administration official confirmed the program, stating that it ended in 2011.
The collection of these records began under the Bush administration’s wide-ranging warrantless surveillance program, collectively known by theNSA codename Stellar Wind.
According to a top-secret draft report by the NSA’s inspector general – published for the first time today by the Guardian – the agency began “collection of bulk internet metadata” involving “communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States”.
Eventually, the NSA gained authority to “analyze communications metadata associated with United States persons and persons believed to be in the United States”, according to a 2007 Justice Department memo, which is marked secret.
This parallels what we knew about the telecom data as far back as 2006. Back then, the NSA argued that they could surveil phone calls that had one point of contact outside the US (or both ends of the conversation outside the US, which few disputed). While the Internet data wasn’t part of that debate, it’s not conceptually any different than the telecom metadata argument made back then.
The Obama administration told the Guardian’s Glenn Greenwald and Spencer Ackerman that they discontinued that specific program of Internet metadata collection in 2011. However, the NSA has replaced it with another, the reporters state, which again collects metadata on Internet traffic that involves at least one point of contact outside the US. The article claims that the difference between metadata and content in the electronic-communication theater differs substantially from the telecom theater:
But email metadata is different. Customers’ data bills do not itemize online activity by detailing the addresses a customer emailed or the IP addresses from which customer devices accessed the internet.
Internal government documents describe how revealing these email records are. One 2008 document, signed by the US defense secretary and attorney general, states that the collection and subsequent analysis included “the information appearing on the ‘to,’ ‘from’ or ‘bcc’ lines of a standard email or other electronic communication” from Americans.
In reality, it is hard to distinguish email metadata from email content. Distinctions that might make sense for telephone conversations and data about those conversations do not always hold for online communications.
“The calls you make can reveal a lot, but now that so much of our lives are mediated by the internet, your IP [internet protocol] logs are really a real-time map of your brain: what are you reading about, what are you curious about, what personal ad are you responding to (with a dedicated email linked to that specific ad), what online discussions are you participating in, and how often?” said Julian Sanchez of the Cato Institute.
“Seeing your IP logs – and especially feeding them through sophisticated analytic tools – is a way of getting inside your head that’s in many ways on par with reading your diary,” Sanchez added.
As in the earlier telecom metadata story, the collection of Internet metadata has been overseen by the FISA court. This highlights the issues of whether the FISA court acts independently and needs more transparency and oversight, but we’re back to the same debate we had in 2006. Does the NSA, which is supposed to restrict itself to surveilling foreign communications, have the authority to surveil communications that contain one locus within in US? Congress addressed that in subsequent FISA legislation, and can change their collective mind about it if they see the need. This article adds to the scope and context of the issue, but doesn’t say much that hasn’t already been under debate.