Almost four years after former National Security Agency contractor Edward Snowden first began to unveil the size and scope of the American government’s global intelligence apparatus, the NSA announced the end of one of its most hotly debated warrantless surveillance programs.
Last week, the NSA announced it would discontinue a controversial dimension of its “upstream” bulk collection of American citizens’ text and email communications concerning specific foreign targets as authorized by Section 702 of the Foreign Intelligence Surveillance Act in 2008. More specifically, the agency announced it would no longer collect “about” communications, messages “that [include] the targeted email address in the text or body of the email, even though the email is between two persons who are not themselves target.” From the New York Times:
Under one aspect of the warrantless surveillance program, which Congress legalized with the FISA Amendments Act of 2008, telecommunications companies like AT&T and Verizon give the N.S.A. copies of internet messages that cross the international border and contain a search term that identifies foreigners overseas the government has targeted for surveillance; email addresses are one example. The agency calls this “upstream” collection.
Until 2013, it was not publicly known that the equipment installed on network switches was systematically sifting all cross-border internet traffic and sending to the N.S.A. messages containing such a targeted email address anywhere — not just emails to or from targets, but also between other people who talk about them.
The Times itself broke the news of the “about” surveillance in 2013 thanks to one of the documents leaked by Snowden to journalist Glenn Greenwald and other selected confidants at mainstream media outlets. And while emails “to and from” foreign persons are still fair game, the NSA’s new changes score as a win for privacy advocates, who have long argued that the hoovering of “about” communications by the federal government constitutes a potential violation of Americans’ Fourth Amendment rights — an argument that seems validated by this recent rollback.
“This change ends a practice that allowed Americans’ communications to be collected without a warrant merely for mentioning a foreign target,” Senator Ron Wyden, who sits on the Senate Select Committee on Intelligence, told the New York Times.
But there’s a strain of defiance running through this rule change. Though the agency conceded in its decision that violations of constitutional rights accidentally occur as “compliance violations,” it continues to contend that the surveillance authorized by Section 702 was legal and constitutional.
In the NSA’s telling, the decision was triggered by “inadvertent compliance lapses” involving the personal information of American citizens that the agency self-reported to Congress and the United States Foreign Intelligence Surveillance Court, which oversees FISA warrants. “Following these reports, the FISC issued two extensions as NSA worked to fix the problems before the government submitted a new application for continued Section 702 certification,” the agency said in a second statement released last week. “The FISC recently approved the changes after an extensive review.”
What does this actually mean? In Intercept reporter Dan Froomkin’s assessment, the FISC “refused to reauthorize the wider program until it stopped ‘about’ searches entirely,” which isn’t actually that surprising when you consider how strongly some federal judges have reacted to the disclosure of “about” surveillance in the past. Just consider this 2014 report on Section 702 from the independent Privacy and Civil Liberties Oversight Board:
Outside of this fundamental core, certain aspects of the Section 702 program push the program close to the line of constitutional reasonableness. Such aspects include the unknown and potentially large scope of the incidental collection of U.S. persons’ communications, the use of “about” collection to acquire Internet communications that are neither to nor from the target of surveillance, and the use of queries to search for the communications of specific U.S. persons within the information that has been collected.
In other words, the NSA is framing its decision to scale back on “about” surveillance as “as an optional measure to protect Americans’ privacy, while not conceding a key point of its critics: that such ‘about’ collection violated Americans’ constitutional rights to privacy,” as the Guardianput it.
The move is a blow to the NSA’s warrantless surveillance regime, but it’s not the end of the agency’s pursuit of personal data. As Froomkin notes, the internal policy change leaves PRISM, which vacuums up user data from the servers of major Internet companies like Google and Facebook, intact — and leaves Americans vulnerable to the same “compliance lapses” that constitute violations of their Fourth Amendment rights.
Taken with the agency’s shady mea culpa on Friday, this suggests that the NSA might someday resurrect “about” surveillance with the help of more sympathetic FISC judges.
“This development underscores the need for Congress to significantly reform Section 702 of FISA, which will continue to allow warrantless surveillance of Americans,” American Civil Liberties Union legislative counsel Neema Singh Guliani said in a statement Friday. “While the NSA’s policy change will curb some of the most egregious abuses under the statute, it is at best a partial fix. Congress should take steps to ensure such practices are never resurrected and end policies that permit broad, warrantless surveillance under Section 702, which is up for reauthorization at the end of the year.”
Despite this, it’s hard to overstate the tectonic change the NSA’s policy change represents given the three years of political momentum touched off by the Snowden revelations. Snowden himself put it far more powerfully on Friday: “The truth changed everything.”