Just how much intel do we share with the Israelis?  According to the Guardian and based on more of the Edward Snowden cache, plenty — and not just from foreign signals intelligence (SIGINT).  A memorandum from the NSA’s files states that the Israelis can access the entire trawl of data produced by the NSA, before the “minimization” that eliminates domestic American communications data:

The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.

Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.

The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process “minimization”, but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.

The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.

The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies “pertaining to the protection of US persons”, repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.

But this is undermined by the disclosure that Israel is allowed to receive “raw Sigint” – signal intelligence. The memorandum says: “Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadataand content.”

According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. “NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection”, it says.

Most of the recent revelations have been either irrelevancies or malicious damage to American foreign intelligence collection, but this would put the story back in the arguably-whistleblowing column — if true.  And it is true that paragraph Ia agrees to share intel that “has not been reviewed for foreign intelligence purposes or minimized,” presumably to give Israelis the best possible raw data for their own analysts to use.  However, reading down to paragraph Ic, there seems to be a very large caveat, emphasis mine:

ISNU also recognizes that NSA has agreements with Australia, Canada, New Zealand, and the United Kingdom that require it to protect information associated with U.K. persons, Australian persons, Canadian persons and New Zealand persons using procedures and safeguards similar to those applied for U.S. persons. For this reason, in all uses of raw material provided by NSA, ISNU agrees to apply the procedures outlined in this agreement to persons of those countries.

That raises two questions. First, can we trust the Israelis to screen for all of these restrictions?  And second, why not do it ourselves first?  The memo doesn’t answer the second question, but it does note that the NSA has an audit process in paragraph IVa(2) to make sure ISNU complies with Ic:

[The NSA shall:] Regularly review a sample of files transferred to ISNU to validate the absence of U.S. Persons identities.

The agreement also requires ISNU to not use any data that should be minimized, in paragraph IVb(2):

[ISNU shall:] Not use any information provided by NSA, as raw material or otherwise, to intentionally intercept the communications to, from, or about a U.S. person.

Again, this still doesn’t answer the second question, which is why we don’t perform minimization first. It could be argued that the delay might make the SIGINT a lot less useful, but that would also be true for the US as well.  Does ISNU and/or the NSA use the pre-minimized data and then minimize it after its use, or do both minimize first?

The agreement also contains this codicil in IVb(7):

Destroy upon recognition any communication contained in raw SIGINT provided by NSA that is either to or from an official of the U.S. Government.

I’m sure they find that helpful.

This certainly raises some curious questions about the security and privacy of American domestic communications, questions that the NSA should answer. However, the memorandum itself shows that the Guardian’s assertion that “the agreement places no legally binding limits on the use of the data by the Israelis” is actually untrue, and that the agreement bars them from using the data in significant ways, and not just for US persons, either. Whether or not the NSA enforces it and ISNU abides by it are additional questions that need answers, though.

Update: A few points of feedback from Twitter. Glenn Greenwald says I’m wrong in the conclusion, in that the document itself claims it’s not binding on the participants:

I think we’re a bit into the semantic weeds here, but I’ll stipulate that the Guardian is literally correct. However, agreements of any kind between two intel services are hardly going to be binding under international law anyway, since much of what they do arguably violates international law (or falls within its gray areas, at best). Clearly, though, the NSA document not only envisioned putting limits on what the Israelis could do with the data, it included audits to make sure they complied, which is a little different than what the tone of the article suggested. Still, I should have written my point that way rather than write that it was categorically false.

Next, Joshua Foust pokes a few holes in the story, the biggest of which is that the Guardian used a draft document that the NSA didn’t sign:

For starters, the MOU is dated, in some way, in March of 2009 (there is no date on the document and the Guardian does not say when it was drafted). It is only signed by an Israeli official, and not by any U.S. official, so we do not know if this is the final MOU that frames the intel sharing agreement. But there’s more: this past June, the Guardian reported that in July of 2009 the minimization procedures governing US person information were dramatically tightened. From the Guardian:

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target “non-US persons” under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance…

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

So four months after this MOU was first saved to someone’s sharedrive (which is how Edward Snowden downloaded his documents), the rules that govern how American information collected by the NSA can be use were changed, apparently dramatically. So we don’t know if or how those new rules may have changed the terms of this MOU for sharing intelligence with Israel.

To recap so far: we don’t know if this is the final version of the MOU, because it does not bear the signature or approval of any U.S. official; and we do not know if its terms changed after rules altered the nature of collection on U.S. persons. Most importantly, there is no statement suggesting the frequency of sharing even though the Guardian printed that US personal information is “routinely shared” anyway. But, alas, there’s more.

The “more” also includes the points I made in the original post and re-addressed in the above update, plus other issues with the interpretation of the MOU.  Be sure to read it all.