Several well-researched articles go into detail about the NSA’s phone and internet surveillance. Marcy Wheeler’s diagram summarizes how the different programs fit together. Bulk data collection from telcos captures metadata (the phone number or internet address being contacted, how long the call or email was, location, email subject header). The content goes into different databases and has separate procedures to access it. Julian Sanchez has a great analysis, starting with an exchange between from Rep. Jerry Nadler and FBI Director Robert Mueller, and relates to back to the FISA battle where we started:
What seems more likely is that Nadler is saying analysts sifting through metadata have the discretion to determine (on the basis of what they’re seeing in the metadata) that a particular phone number or e-mail account satisfies the conditions of one of the broad authorizations for electronic surveillance under §702 of the FISA Amendments Act. Those authorizations allow the targeting of whole groups or “categories of intelligence targets,” as the administration puts it. Once the FISA Court approves targeting procedures, they have no further role in deciding which specific accounts can be spied on. This is, as those of us who wrote about the FAA during its recent reauthorization observed, kind of a problem.
In Minimize This!, Marc Ambinder has a lot of details on how the authorization works, starting with a phone call captured at “a cell phone tower near the home of a known trafficker in nuclear components”.
1. If the number called is a number for which the NSA has already gotten a court order to intercept, then the analyst can listen in on the call.
2. If the number is unknown to the analyst, he or she will use a variety of tools and databases to try and identify it. If the name (if there IS a name) that comes up at the end of THIS search is the target of an ongoing FISA order, then the analyst can continue to listen.
3. If the number is identified as belonging to a U.S. person who has heretofore never been identified with nuclear proliferation or anything else [emphasis mine], then the analyst must electronically minimize the U.S. portion of the call. Sometimes, depending on who is doing the analysis, a computer will do this before the analyst has any say in the matter.
In the third instance, the U.S. person can become a target. Here’s what happens: Generally, the NSA analyst will contact a superior, who will write a report attesting to the fact that a known nuclear proliferator called a telephone number inside the U.S. This report, called an IIR, will be forwarded to the FBI’s electronic communication liaison unit with NSA, and will be flagged by both the FBI and the CIA. At this point, depending upon the situation, the FBI will run with the tip, or will coordinate with the CIA, or the NSA and FBI will use the IIR to seek a FISA order to monitor the person’s communications.
But the standard the court looks for is higher: Probable cause must exist to show that the U.S. person belongs to a network of proliferation.
Barton Gellman’s U.S. surveillance architecture includes collection of revealing Internet and, phone metadata in the Washington Post and Stephen Braun et. al’s AP story on Secret to Prism program: Even bigger data seizure have a wealth of detail. Marcy Wheeler’s posts on Emptywheel have a lot of the best analysis of the situation; as well as The CNET “Bombshell” and the Four Surveillance Programs, check out Shell Games: How to Keep Doing Internet Data Mining and Avoid the Courts, PRISM: The Difference between Orders and Directives, Russ Feingold: Yahoo Didn’t Get the Info Needed to Challenge the Constitutionality of PRISM, and What Does NCTC Do with NSA and FBI’s Newly Disclosed Databases?
Katitza Rodriguez et. al from the EFF looks at it from the perspective of the vast majority of the world who are not “U. S. persons” in An International Perspective on FISA: No Protections, Little Oversight. And Speaking of the international perspective, Philip Dorling’s Australia gets ‘deluge’ of US secret data, prompting a new data facility in The Age reports that “Australian intelligence agencies receive what Defence intelligence officials describe as ”huge volumes” of ”immensely valuable” information derived from PRISM and other US signals intelligence collection programs” and has a gem likely to reinforce the rest of the world’s fear that maybe, just maybe, the information is being used for things other than fighting terror:
US signals intelligence is also described as ”absolutely critical” to Australia’s diplomatic campaign to win a seat on the United Nations Security Council.
”Without intelligence support, overwhelmingly provided by US capabilities, we would not have won the seat,” one Department of Foreign Affairs and Trade officer recently said.