For most of the last week, the US intelligence and law-enforcement communities have insisted that the controversy over the NSA surveillance programs has been overblown and overhyped.  Not according to Rep. Jerrold Nadler (D-NY), who attended a briefing this week and pronounced himself “rather startled” by the disclosures.  CNet’s Declan McCullagh reported yesterday that Nadler claimed the NSA admitted to domestic phone tapping without warrants, and also said the NSA allows low-level analysts to approve such intrusions:

The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.

Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”

If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.

Not only does this disclosure shed more light on how the NSA’s formidable eavesdropping apparatus works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls.

Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler’s disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.

Congress believed it had proscribed this option in its 2008 revamping of the FISA laws, which then-Senator Barack Obama supported.  The law forbids the NSA or any other intelligence agency from targeting “US persons” without a warrant.  However, McCullagh reports that the NSA may have another interpretation of that clause:

A requirement of the 2008 law is that the NSA “may not intentionally target any person known at the time of acquisition to be located in the United States.” A possible interpretation of that language, some legal experts said, is that the agency may vacuum up everything it can domestically — on the theory that indiscriminate data acquisition was not intended to “target” a specific American citizen.

There is also the question about the difference between storing and actually listening to the calls.  The NSA might be recording and storing a wide range of phone calls (and Internet activity) without actually perusing it.  The theory goes that the NSA would not bother to listen to these calls unless they had a reason to do so, at which point they would seek a FISA court order to search through the calls.  But that may be a chicken-egg question: do they suspect something based on external intelligence, or do they run sophisticated search functions within the stored data that ends up highlighting suspicious activity?  And what kind of oversight gets exercised over the decision to add a domestic phone number to the recording queue?  According to Nadler, at least, those decisions are made on a low level with little oversight at all.

One point of skepticism has been the sheer scope of domestic traffic, both phone and Internet, and the cost of storing it.  McCullagh points us to an analysis conducted by Brewster Kahle, founder of the Internet Archive, which estimates the technological cost of storing recordings of all domestic calls in a year at the surprisingly low cost of $27 million.  That’s just the storage costs, of course; the programs needed to perform searches, the personnel costs, and all of the security efforts would make that price tag go up.  It’s not exactly a budget-buster to do, though, despite what people might assume.

So is that what happens — the NSA stores all the data, but doesn’t search it without specific warrants, and therefore considers itself within the law?  The Washington Post sheds a little more light on that question with a look back at a now-famous standoff between the FBI and the Bush administration:

The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.

Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.

Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.

As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”

When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.

Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.

The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.

Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.

When the NSA aims for foreign targets whose communications cross U.S. infrastructure, it expects to sweep in some American content “incidentally” or “inadvertently,” which are terms of art in regulations governing the NSA. Contact chaining, because it extends to the contacts of contacts of targets, inevitably collects even more American data.

Intelligence committee members have insisted that the NSA programs are conducted with plenty of oversight, and the controversy may still turn out to be hyperventilating over relatively minor issues of scope.  However, it’s at least clear that Congress hasn’t exercised enough oversight on these programs, and that most of them still don’t know what the NSA is really doing.

Update (AP): Did the NSA really say in a classified briefing that it can listen in on calls without a warrant, or did Nadler simply get confused? Here’s his new statement to BuzzFeed:

“I am pleased that the administration has reiterated that, as I have always believed, the NSA cannot listen to the content of Americans’ phone calls without a specific warrant.”

Read the transcript of his exchange with Mueller to see where he erred. The NSA told him that they could get “specific information” about a suspicious phone number without a FISA warrant. Nadler somehow took that to mean that they could tap that phone number and listen in. As Kevin Drum and Julian Sanchez noted last night, though, “specific information” may simply have meant metadata and phone records for the number, not the actual contents of phone calls. To actually tap a line, they need FISA approval. That’s what Mueller was trying to tell him.