Ordinary citizens in NSA’s net

WASHINGTON — Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post.

Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Washington Post, were not the intended surveillance targets but were caught in a net the NSA had cast for someone else.

Many of them were Americans. Nearly half of the surveillance files contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Washington Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S. residents.

The surveillance files highlight a policy dilemma that has been aired only abstractly in public. There are discoveries of considerable intelligence value in the intercepted messages — and collateral harm to privacy.

Among the most valuable contents are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks.

Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of Muhammad Tahir Shahzad, a Pakistan-based bomb builder, and Umar Patek, a suspect in a 2002 terrorist bombing in Bali. At the request of CIA officials, The Washington Post is withholding other examples that officials said would compromise ongoing operations.

Many other files described as useless by the analysts but nonetheless retained, have an intimate, voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions and financial anxieties. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded.

The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories. Senior government officials have depicted it as beyond Snowden’s reach.

The Washington Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations and 7,900 documents taken from more than 11,000 online accounts. The material spans President Barack Obama’s first term, from 2009 to 2012.

The files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, called PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies.

No government oversight body has delved into a comparably large sample of what the NSA collects — not only from its targets but from people who may cross a target’s path.

Among the latter are medical records sent from one family member to another, resumes from job hunters and student’s academic transcripts.

Scores of pictures show infants and toddlers in bathtubs, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie.

By law, the NSA may “target” only foreign nationals located overseas unless it obtains a probable-cause warrant. For collection under PRISM rules, analysts must state a reasonable belief that the target has information of value about a foreign government, a terrorist organization or the spread of nonconventional weapons.

Most of the people caught up in those programs would not lawfully qualify as such. “Incidental collection” of third-party communications is inevitable in many forms of surveillance.

There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of those in the Snowden archive were monitored because they interacted directly with a target, but others had tenuous links.

If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, as well as those who simply read what other people wrote.

In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.

Share and Enjoy