Glenn Greenwald (w/Spencer Ackerman) has a new story out today in The Guardian, revealing that the NSA had run a dragnet for all email metadata in the United States from 2001 until 2011. This would be an email version of the phone record dragnet revealed a couple of weeks ago, where in that case every phone call in the country had its metadata handed over to the National Security Agency without targeting any individual having been suspected of a crime.
Many people have already explained why such metadata can be an extreme invasion of privacy. In the case of phone metadata, repeated calls an abortion clinic that suddenly stop, or calls to a cancer specialist, can reveal medical conditions to the government that are otherwise strongly protected by state and federal law.
The NSA doesn't appear to have any privacy constraints on the information it gathers, meaning it can be shared with other federal agencies and possibly even civilian authorities -- privacy walls erected after Watergate that were weakened and removed by the USA PATRIOT Act, Protect America Act of 2007, and FISA Amendments Act of 2008.
Funny how all these laws which threaten and attack civil liberties and constitutional rights are all magically protecting America. What they should be named are the "Protect Government And Fuck The Rest of You" Acts of The Decade Of Pants Shitting.
With email metadata, a person's movements can be tracked if they are using their smart phone or even public computer systems like libraries and open WiFi routers with IP address geo-location tools.
Although the Obama administration ended this particular program in 2011, it's still worth noting that like the telephone metadata dragnet, this program was illegal when it was created by the Bush administration in 2001.
That means this program was not created in response to the September 11th attacks, but actually predates it and was one of the very first things that George W. Bush had done after he was sworn into office. (Correction:I was thinking of the date of the invasion of Iraq, which was 2002. It's possible that this program came after 9/11.)
Both programs were retro-actively legalized by the controversial Protect America Act of 2007 and FISA Amendments Act of 2008, although the ACLU has sued the government arguing that even granting that, such programs violate the fourth amendment.
As with the phone call controversy, the NSA can record the actual contents of emails if you're conversing with anyone they reasonably believe is outside the United States. There is no oversight at all of that loophole; the Congress removed it from the Foreign Intelligence Surveillance Court and put the NSA in charge of making those determinations all by itself in 2007 and 2008.
Given the existence of the PRISM spying program, it'd seems likely that the email metadata program was shut down not because it was a massive invasion of privacy or possibly unconstitutional, but because it was obsolete.
Besides knowing the specific details of each and every email sent and received, and each phone call made in the United States, the NSA can create multiple databases that when collectively searched would result in a virtual dossier on every American's communications in the country. Querying such a database for a single phone number could instantly reveal every person the target has ever spoken to online and off over the past decade without any suspicion of wrong-doing by an American citizen.
It's possible, given the (disputed) capabilities of PRISM, that such information can now be collected in real-time with no chance for service providers like Google (Gmail) to object in a court of law and no binding policies about deleting that information after a set amount of time has passed.
The real danger of near total government secrecy is how impossible it is to understand the full capability of the surveillance state. The NSA telephone metadata dragnet may not seem threatening all by itself, but when you realize that other information dragnets exist and all of them can be collated by an agency known to have some of the world's most expensive and powerful supercomputers at its disposal, only then can you fully appreciate the threat to the constitution and our privacy that these programs represent.
Is it any wonder that Edward Snowden went to such extreme precautions to hide his identity even from The Guardian, before fleeing the country entirely?
To use him as an example, once the government became suspicious that Snowden was missing work at defense contractor Booz Allen, the NSA could have decided that he was a security risk or even a terrorist. Once that determination has been made, the NSA could begin searching through all of his phone records made over the past five years, examined his email records and the records of anyone he's talked to in the last five years (American or not), used PRISM to begin monitoring his email accounts (possibly in real-time), search engine queries, and used then ultra-secret National Security Letters (NSL) to obtain transactional details of his financial records (which is basically full content information given their nature), car rental records, gas station purchases, Wal-Mart purchases, and anything else that you can think of.
All the NSA would need to justify doing all of that is finding one record where Snowden communicated with someone they believe is outside the United States (like say U.S. Guardian edition journalist Glenn Greenwald, an American citizen who lives in Brazil) and then declare that "foreign person" to maybe/possibly/kind of be part of something that concerns them. Congress went to great lengths in 2007 and 2008 to make it that trivial to spy on U.S. citizens.
And absolutely none of that requires a warrant under current U.S. law. Only the NSA decides who is and isn't a threat, who is and isn't an American, and only the federal government decides when it's valid to use an NSL.
The point of repeating the importance of the public knowing about all of these programs isn't that the government shouldn't be allowed to keep secrets, it's that we've all been trained only to fear the government discovering the content of our private actions like listening to phone calls, yet there other substantial threats to privacy than that.
The surveillance state is becoming so complete and invasive that it no longer needs to read your email or listen to your phone calls to know everything it wants to know about you.
If the government wants to know if you're about to leave the country, it can find that out without warrants or court oversight of any kind. It can compare your phone call records against the numbers of every airline in the world or every ticket agency. It can serve the phone company, airline, and booker with National Security Letters to find out who you've been talking to, when you bought a ticket, find through public information listings what flights were available the day that you bought that ticket, and if necessary, discover every purchase you've made in the past month from your credit card company and bank.
If your bank tells the NSA and FBI that you bought something that costs $529.42 at the Wal-Mart in City Xyz on street Abc, they can go to that Wal-Mart and ask for listings of any products that cost exactly that amount and find out exactly what you bought. If you bought multiple items, don't think for a second that the NSA and FBI don't have the ability to compare the prices of every item that a store like Wal-Mart sells and determine exactly what you bought just from a single price total. It can, and likely can do so in seconds given the computing power that the NSA possesses.
I'm no spook and I could probably write a program that could do that within a day, that once filled with data could give you results within seconds.
If you bought a gun, they might show up at your door with a swarm of trigger-happy ATF agents armed for a war, instead of a couple of suits. Even if your purchase is completely legal and even justified. If you bought something that can purify water, that gives the state an idea of the countries you might be traveling to. If you bought a pre-paid cell phone, post-9/11 laws likely mean that the manufacture could give the government a special hard-coded ID that all phones have that would allow them to track your physical location in real-time to within hundreds of feet.
Hell, if you so much as searched Google for "good hotels in London", they've got you.
None of this is fantasy or paranoia precisely because we now know that all of these programs and capabilities exist and are being used. When these programs are used together, and more programs that we surely don't even know about, there is little that the surveillance state can't know about you.
There's a saying that you're not paranoid if they're really after you. In this day and age with what we already know about the national security surveillance state, it's already a fact that the government is after all of us, to at least some degree. 24 hours a day, seven days a week, they are recording your phone call and email records, wiring themselves into websites like Google and Facebook, and Congress is loosening civil liberties protections on these programs every chance that it gets.
The scandal here is that we've slowly all become persons of interest in the eyes of the federal government, and that government has more eyes than you can possibly imagine.
* * *
NSA IG: "strange that NSA was told to execute a secret program that everyone knew presented legal questions" w/o being told legal theory
Two telecoms "approached NSA... through an existing program" to volunteer help when they "noticed odd patterns in domestic calling records"
Spencer Ackerman is Tweeting interesting bits from the newly revealed classified NSA Inspector General report. Here are a few:
- Some private companies came to the NSA with datamining programs of their own -- they offered their data for spying as a suggestion.
- Private companies expressed fear over legal liability after 2005 revelations of illegal spying, probably the imputes for Protect America Act and FISA Amendments Act.
- "STELLARWIND had 4 components: Telephony metadata; telephony content; Internet metadata; Internet content."
- "Note as well that the NSA considers its private-sector partners (telecos, ISP) so crucial that it won't even name them in an IG report."
- "Note the part where the NSA doesn't tell the presiding judge of FISA court about STELLARWIND for 3 months; & rest of FISA Court for 4 years."
- "Obvious but easily overlooked point: STELLARWIND was supposed to be an emergency program. Aspects of its surveillance persist 12 yrs on."
As if this point needed to be underscored, the government kept a program that collected telephone/Internet metadata and content secret, from the most secret court on the planet (that approves 99.7% of requests) for four years. Yeah, because that really sounds like it's legal and totally uncontroversial.