New documents reveal parameters of NSA’s secret surveillance programs By Ellen Nakashima, Barton Gellman and Greg Miller http://www.washingtonpost.com/world...8600-d9f7-11e2-a9f2-42ee3912ae0e_story_1.html The National Security Agency may keep the e-mails and telephone calls of citizens and legal residents if the communications contain “significant foreign intelligence” or evidence of a crime, according to classified documents that lay out procedures for targeting foreigners and for guarding Americans’ privacy. Newly disclosed documents describe a series of steps the world’s largest spy agency is supposed to take to keep Americans from being caught in its massive surveillance net. They suggest that the NSA has latitude to keep and use citizens’ communications under certain conditions. President Obama said the National Security Agency’s email collecting program “does not apply to U.S. citizens and...people living in the United States.” The papers, made available to The Washington Post and Britain’s Guardian newspaper, are the first public written documentation of procedures governing a far-reaching NSA surveillance program authorized by Congress in 2008 to gather the e-mails and phone calls of targets who are supposed to be foreigners located overseas. In recent days, the Obama administration has defended the program as critical to national security, saying it has helped foil more than 50 terrorist plots in the United States and abroad. President Obama said after the disclosures that NSA domestic activities “do not involve listening to people’s phone calls, do not involve reading the e-mails of U.S. citizens or U.S. residents, absent further action by a federal court, that is entirely consistent with what we would do, for example, in a criminal investigation.” The new documents show that the NSA collects, processes, retains and disseminates the contents of Americans’ phone calls and e-mails under a wide range of circumstances. NSA Director Keith B. Alexander described the program as “limited, focused and subject to rigorous oversight.” Testifying before Congress, he said “the disciplined operation” of this and a related surveillance program “protects the privacy and civil liberties of the American people.” A spokesman for the Office of the Director of National Intelligence declined to comment on the documents Thursday. Privacy advocates expressed concern about what they viewed as rules that leave much wiggle room for NSA analysts to monitor Americans’ communications. “These documents confirm what we have feared all along, that the NSA believes it can collect Americans’ international communications with little, if any, restriction,” said Alex Abdo, a staff lawyer with the American Civil Liberties Union. “Its procedures allow it to target for surveillance essentially any foreigner located abroad — whether or not they’re suspected of any wrongdoing, let alone terrorism.” Administration officials say the surveillance program does not target Americans anywhere without a warrant. Still, said Gregory Nojeim, senior counsel for the Center for Democracy and Technology, “there’s a lot of leeway to use ‘inadvertently’ acquired domestic communications,” for instance, for criminal inquiries. And the rules show that the communications of lawyers and their clients may be retained if they contain foreign intelligence information, although dissemination must be approved by the NSA general counsel. Congress authorized the collection program amid a great debate about the degree to which the government was expanding its surveillance authority without sufficient protection for Americans’ privacy. Authorized by Section 702 of the amended Foreign Intelligence Surveillance Act (FISA), the program did away with the traditional individual warrant for each foreign suspect whose communications would be collected in the United States. In its place, the FISA court, which oversees domestic surveillance for foreign intelligence purposes and whose proceedings are secret, would certify the government’s procedures to target people overseas and ensure citizens’ Classified documents spell out procedures for targeting foreigners and minimizing the collection of data from U.S. persons. President Obama said the National Security Agency’s email collecting program “does not apply to U.S. citizens and...people living in the United States.” President Obama said the National Security Agency’s email collecting program “does not apply to U.S. citizens and...people living in the United States.” It issues a certificate, good for one year, that allows the NSA to order a U.S. Internet or phone company to turn over over e-mails, phone calls and other communications related to a series of foreign targets, none of which the court approved individually. “What’s most striking about the targeting procedures is the discretion they confer on the NSA,” said Elizabeth Goitein, co-director of the Brennan Center for Justice’s Liberty and National Security program. In figuring out whether a target is “reasonably believed” to be located overseas, for example, the agency looks at the “totality of the circumstances” relating to a person’s location. In the absence of that specific information, “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person,” according to rules on the targeting of suspects. Nonetheless, the documents contain a series of steps the NSA may take to determine a foreigner’s location. Agency analysts examine leads that may come from other agencies, including from human sources. They conduct research in NSA databases, scrutinize Internet protocol addresses and target “Internet links that terminate in a foreign country.” “When NSA proposes to direct surveillance at a target, it does so because NSA has already learned something about the target,” according to the targeting rules. Often, that lead comes from the CIA or a law enforcement agency. The NSA uses whatever details are contained in that lead to make an initial assessment of whether it is being asked to eavesdrop on an overseas target. But the agency then takes other steps depending on the circumstances, such as scanning databases “to which NSA has access but did not originate” for clues about location. To prevent U.S. citizens and legal residents from being targeted, NSA keeps a database of phone numbers and e-mail addresses associated with people thought to be living in the country. New requests are compared to records on the list. Matches are signals to put the surveillance on hold. The NSA then goes through a sequence of potential additional checks, according to the document. It may look at area codes and the ordinary data packets that accompany e-mails as they cross the Internet. And it may check contact lists associated with e-mail accounts, as well as massive “knowledge databases” that contain CIA intelligence reports. After it begins intercepting calls or e-mails, the NSA is supposed to continue to look for signs that the person it is monitoring has entered the United States, which would prompt a halt in surveillance and possibly a notification to the FBI. The document on “minimization” spells out rules for protecting privacy, some of which have been described publicly. The rules protect not just citizens, but foreigners in the United States. If domestic communications lack significant foreign intelligence information, they must be promptly destroyed. Communications concerning Americans may not be kept more than five years. If a target who was outside the United States enters the country, the monitoring must stop immediately.