NSA Allowed to Spy On Pretty Much Anyone, Anywhere, Documents Reveal
Broad authorization, convenient legal interpretations, and technical hanky-panky put us all at risk.
Ever since stories about the National Security Agency's (NSA) spying began pouring out last year, courtesy of Edward Snowden's release of classified information about the secretive intelligence agency, speculation has been rife about the extent of domestic surveillance, the legal parameters within which the NSA operates, and the degree to which it respects those parameters. Newly released documents suggest that limits on the NSA's authority to intercept communications are few, and the executive branch's interpretation of the NSA's jurisdiction doesn't limit surveillance to the far side of the nation's borders.
Specifically, the NSA is authorized to spy on 193 named countries, as well as a host of non-state organizations. And, it may be redirecting domestic communications outside the United States in order to "legalize" access to the data.
According to Ellen Nakashima and Barton Gellman of the Washington Post:
The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.
The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowden — lists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency.
The United States government recognizes 195 independent states, so that's a fairly comprehensive category. The list of likely targets includes almost every country on the planet, as well as the United Nations, international financial organizations, and political parties in several countries.
The certification from the Foreign Intelligence Surveillance Court that permits surveillance of the named targets is approved annually.
Nakashima and Gellman note that the NSA is also authorized to target foreign individuals who "possess, are expected to receive and/or are likely to communicate foreign intelligence information concerning these foreign powers"—a broad mandate open to wide interpretation.
Researchers say that the word "foreign" is also open to interpretation. In a paper published last week, Axel Arnbak of Harvard University's Berkman Center for Internet & Society and Sharon Goldberg of Boston University's Department of Computer Science caution that "there are several loopholes that these authorities can exploit to conduct largely unrestrained surveillance on Americans by collecting their network traffic abroad." Those loopholes include rerouting domestic traffic so it passes through equipment overseas, and so becomes, under certain interpretations of the law, subject to interception.
International communications intercepted on U.S. soil are regulated by FISA and are subject to oversight by Congress and the judiciary. By contrast, surveillance on Americans from abroad under EO 12333 is by and large the sole domain of the Executive branch. Designing a surveillance operation to adhere to two main criteria—to not `intentionally target a U.S. person' (like e.g., bulk surveillance) and to be conducted abroad—allows the the operation to be regulated by the permissive legal regime under EO 12333, thus circumventing constitutional and statutory safeguards seeking to protect the privacy of Americans.
Arnbak and Goldberg note that they don't know that the NSA under executive branch authority is deliberately structuring its surveillance to "legally" intercept Americans' communications. But they caution that it's possible and not really subject to oversight.
Reason's Ron Bailey comments on this issue, "Given the past record of the NSA's leadership with regard to truthtelling, it's reasonable to assume that the agency is engaging in technical hanky-panky as a way to get around the pesky Fourth Amendment rights of Americans."
Separately, the Electronic Frontier Foundation filed suit against the NSA today to force the agency to disclose the extent it which it exploits software security bugs before revealing their existence to the public.