NSA graphs citizens’ social webs

Agency taps bank, travel, phone records, even Facebook

WASHINGTON - Since 2010, the National Security Agency has been using its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.

The spy agency began allowing the analysis of phone call and email logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after agency officials lifted previous restrictions on the practice, according to documents provided by Edward Snowden, the former agency contractor.

The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an agency memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every email address, phone number or other identifier, the document said.

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter-registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior officials of President Barack Obama’s administration said the agency drew on it for both Americans and foreigners.

Agency officials declined to say how many Americans have been caught up in the effort. The documents do not describe what has resulted from the scrutiny, which links phone numbers and emails in a “contact chain” tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest.

The growing body of knowledge in recent months about the agency’s access to and use of private information concerning Americans has prompted lawmakers in Washington to call for reining in the agency and Obama to order an examination of its surveillance policies.

Almost everything about the agency’s operations is hidden, and the decision to revise the limits concerning Americans was made in secret, without review by the nation’s intelligence court or any public debate.

The legal underpinning of the policy change, an agency spokesman said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ “metadata,” which includes the timing, location and other details of calls and emails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court.

A 2009 draft of an agency inspector general’s report suggests that contact chaining and analysis might have been done on Americans’ communications data under the George W. Bush administration’s program of wiretapping without warrants, which began after the Sept. 11, 2001, terrorist attacks.

In 2006, the agency’s acting general counsel wrote a letter to a senior Justice Department official, which was also leaked by Snowden, formally asking for permissionto perform the analysis on U.S. phone and email data. A Justice Department memorandum to the attorney general noted that the “misuse” of such information “could raise serious concerns,” and said the agency promised to impose safeguards, including regular audits, on the metadata program. In 2008, the Bush administration gave its approval.

A new policy that year, detailed in “Defense Supplemental Procedures Governing Communications Metadata Analysis,” authorized by Defense Secretary Robert Gates and Attorney General Michael Mukasey, said that because the Supreme Court had ruled that metadata was not constitutionally protected, agency analysts could use such information “without regard to the nationality or location of the communicants,” according to an internal agency description of the policy.

After that decision, which was previously reported by The Guardian, the agency performed the social network graphing in a pilot project for 1½ years “to great benefit,” according to the 2011 memorandum. It was put in place in November 2010.

The agency documents show that one of the main tools used for chaining phone numbers and email addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked.

The documents show that significant amounts of information from the United States go into Mainway. An internal agency bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of thedata of Americans if at least one end of the communication is believed to be foreign.

If the agency does not immediately use the phone and email logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.

One 2011 memorandum, for example, said that after a court ruling narrowed the scope of the agency’s collection, the data in question was “being buffered for possible ingest” later. A year earlier, an internal briefing paper from the agency’s Office of Legal Counsel showed that the agency was allowed to collect and store raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”

Front Section, Pages 2 on 09/29/2013

Upcoming Events