NSA Collects Far More Information About Ordinary People Than So-Called “Targets”

July 7, 2014

Nearly half of the internet traffic obtained by the NSA under a program that allows the agency to “target” foreigners overseas contained details about U.S. citizens, The Washington Post reported yesterday.

The Post reviewed a sizeable cache of intercepted communications provided by Edward Snowden – including 160,000 e-mail and instant-message conversations – and found that 9 out of 10 account holders were not actual targets. The report provides the first concrete data about how much “non-target” information gets swept up in so-called “targeted” surveillance.

“The documents reviewed by the Post show that the NSA’s surveillance is ‘targeted’ in name only,” said Elizabeth Goitein.

“The internet traffic the NSA intercepts ‘incidentally’ ranges from intimate photos and love letters to proclamations of religious belief,” continued Goitein. “The agency makes no effort to delete this highly personal information. Even if we trust each official within this enormous bureaucracy not to abuse the trust he or she has been given, do we trust every future member of the NSA under every future administration?”

“It is time for the NSA to come clean about the masses of information about Americans it keeps on its files in the name of pursuing foreign targets,” said Faiza Patel. “By hiding the ball, the NSA both creates mistrust and stymies efforts to have a national conversation about these issues.”

The story also cast into doubt some of the descriptions of the NSA program in the report issued last week by the Privacy and Civil Liberties Oversight Board. For instance, the Board, which did not have similar access to a large sample of intercepted communications, reported that the NSA’s targeting is “individualized” through the use of “selectors” that correlate to e-mail accounts and the like. The documents shared by Snowden reportedly show that the NSA has targeted Internet Protocol (IP) addresses of servers used by hundreds of people.

The law requires the NSA to “minimize” incidentally collected information about American citizens and residents, and the documents show that the NSA generally “masks” their identifying information. But “masking” is not “deleting”: masked information can be unmasked.