Les anglonautes

About | Search | Vocapedia | Learning | Podcasts | Videos | History | Arts | Science | Translate

 Previous Home Up Next


History > 2013 > USA > N.S.A. (I)



Bad Times for Big Brother


December 21, 2013
The New York Times


It has been a long week for the National Security Agency. Last Monday, a federal judge ruled for the first time that the agency’s continuing sweep of Americans’ phone data — a once-secret program legally sanctioned for seven years and illegally conducted for five years before that — was very likely unconstitutional. Judge Richard Leon denounced the agency’s activities in collecting data on all Americans’ phone calls as “almost Orwellian.”

Two days later, the Obama administration released a comprehensive report that found “the current storage by the government of bulk metadata creates potential risks to public trust, personal privacy and civil liberty.” And last Friday, the latest release of classified documents from Edward Snowden revealed surveillance efforts that included the office of the Israeli prime minister and the heads of international companies and aid organizations.

If the N.S.A. had not already gotten the message, the 300-plus-page advisory report, by a panel of intelligence and legal experts selected by President Obama, surely drove it home. All three branches of the federal government are now on record as recognizing that the agency has repeatedly misused, if not plainly abused, its powers, and that it must be reined in. The report’s 46 wide-ranging recommendations include stopping the bulk collection and storage of phone data, reforming the structure and processes of the Foreign Intelligence Surveillance Court, installing a civil liberties advocate to argue against the government’s position in that court, and introducing stricter oversight of the agency’s actions across the board.

Most of these would be welcome reforms, and some of them Mr. Obama can put in place on his own. In fact, when he was a member of the Senate Mr. Obama supported many reforms that were similar or identical to the ones now on his desk. Yet as president, he has allowed the surveillance programs to continue and even grow.

That isn’t entirely shocking; the executive branch’s responsibility to protect national security is unique. But no matter who occupies the Oval Office, it has always tested and often transgressed the limits of its power. Over the long run, the nation cannot bank on presidential self-restraint or timely and favorable court rulings to stop the invasion of privacy on a mass scale.

Meanwhile, Congress has the power to change the surveillance laws, and now it has the support of a presidential commission, whose recommendations line up nicely with the provisions of the U.S.A. Freedom Act, a bill co-sponsored by Democratic Senator Patrick Leahy and Republican Representative James Sensenbrenner.

As that bill recognizes, one of the most urgent tasks for lawmakers will be to amend the law to stop the government’s collection and analysis of bulk data. Under the Patriot Act as it stands, the government needs only to show that the data it seeks are “relevant” to an authorized investigation concerning international terrorism — a vague standard that the intelligence court has interpreted so broadly as to make it meaningless. Any amendment should at the very least raise the standard to require a more direct connection between the data the government seeks and the wrongdoing it is trying to prevent.

Preventing terrorist attacks is a critical and complex job. But as the advisory report rightly emphasizes, a free society must have another kind of security as well: the security of its citizens from the “fear that their conversations and activities are being watched, monitored, questioned, interrogated, or scrutinized.” Without this security, “individual liberty, self-government, economic growth, and basic ideals of citizenship” all are jeopardized.

It has been more than six months since Mr. Snowden’s leaks began to expose breathtakingly broad surveillance activities that even monitored the communications of world leaders. The damage done to privacy rights, to the public’s trust in government and to diplomatic relationships is unlikely to be repaired for a long time.

In his news conference last Friday, Mr. Obama acknowledged that some reforms could be done, but he insisted that there was no evidence that the phone surveillance program was being abused — a truly disturbing assessment given all the revelations since June. He said there’s a need to restore Americans’ trust in their government. The way to restore that trust is not through cosmetic touch-ups, but by Congress and the courts setting firm limits on all surveillance programs and ensuring that the administration complies.

    Bad Times for Big Brother, NYT, 21.12.2013,






Obama Panel Recommends

New Limits on N.S.A. Spying


December 18, 2013
The New York Times


WASHINGTON — A panel of outside advisers urged President Obama on Wednesday to impose major oversight and some restrictions on the National Security Agency, arguing that in the past dozen years its powers had been enhanced at the expense of personal privacy.

The panel recommended changes in the way the agency collects the telephone data of Americans, spies on foreign leaders and prepares for cyberattacks abroad.

But the most significant recommendation of the panel of five intelligence and legal experts was that Mr. Obama restructure a program in which the N.S.A. systematically collects logs of all American phone calls — so-called metadata — and a small group of agency officials have the power to authorize the search of an individual’s telephone contacts. Instead, the panel said, the data should remain in the hands of telecommunications companies or a private consortium, and a court order should be necessary each time analysts want to access the information of any individual “for queries and data mining.”

The experts briefed Mr. Obama on Wednesday on their 46 recommendations, and a senior administration official said Mr. Obama was “open to many” of the changes, though he has already rejected one that called for separate leaders for the N.S.A. and its Pentagon cousin, the United States Cyber Command.

If Mr. Obama adopts the majority of the recommendations, it would mark the first major restrictions on the unilateral powers that the N.S.A. has acquired since the Sept. 11 terrorist attacks. They would require far more specific approvals from the courts, far more oversight from the Congress and specific presidential approval for spying on national leaders, especially allies. The agency would also have to give up one of its most potent weapons in cyberconflicts: the ability to insert “back doors” in American hardware or software, a secret way into them to manipulate computers, or to purchase previously unknown flaws in software that it can use to conduct cyberattacks.

“We have identified a series of reforms that are designed to safeguard the privacy and dignity of American citizens, and to promote public trust, while also allowing the intelligence community to do what must be done to respond to genuine threats,” says the report, which Mr. Obama commissioned in August in response to the mounting furor over revelations by Edward J. Snowden, a former N.S.A. contractor, of the agency’s surveillance practices.

It adds, “Free nations must protect themselves, and nations that protect themselves must remain free.”

White House officials said they expected significant resistance to some of the report’s conclusions from the N.S.A. and other intelligence agencies, which have argued that imposing rules that could slow the search for terror suspects could pave the way for another attack. But those intelligence leaders were not present in the Situation Room on Wednesday when Mr. Obama met the authors of the report.

The report’s authors made clear that they were weighing the N.S.A.’s surveillance requirements against other priorities like constitutional protections for privacy and economic considerations for American businesses. The report came just three days after a federal judge in Washington ruled that the bulk collection of telephone data by the government was “almost Orwellian” and a day after Silicon Valley executives complained to Mr. Obama that the N.S.A. programs were undermining American competitiveness in offering cloud services or selling American-made hardware, which is now viewed as tainted.

The report was praised by privacy advocates in Congress and civil-liberties groups as a surprisingly aggressive call for reform.

Senator Ron Wyden, an Oregon Democrat who has been an outspoken critic of N.S.A. surveillance, said it echoed the arguments of the N.S.A.’s skeptics in significant ways, noting that it flatly declared that the phone-logging program had not been necessary in stopping terrorist attacks.

“This has been a big week for the cause of intelligence reform,” he said.

Greg Nojeim of the Center for Democracy and Technology called the report “remarkably strong,” and singled out its call to sharply limit the F.B.I.’s power to obtain business records about someone through a so-called national security letter, which does not involve court oversight.

Anthony Romero, the executive director of the American Civil Liberties Union, while praising the report’s recommendations, questioned “whether the president will have the courage to implement the changes.”

Members of the advisory group said some of the recommendations were intended to provide greater public reassurances about privacy protections rather than to result in any wholesale dismantling of the N.S.A.’s surveillance powers. Richard A. Clarke, a cyberexpert and former national security official under Presidents Bill Clinton and George W. Bush, said the report would give “more reason for the skeptics in the public to believe their civil liberties are being protected.”

Other members included Michael J. Morell, a former deputy director of the C.I.A.; Cass Sunstein, a Harvard Law School professor who ran the office of Information and Regulatory Affairs in the Obama White House; Peter Swire, a privacy law specialist at the Georgia Institute of Technology; and Geoffrey R. Stone, a constitutional law specialist at the University of Chicago Law School, where Mr. Obama once taught.

Mr. Obama is expected to take the report to Hawaii on his vacation that starts this week and announce decisions when he returns in early January. Some of the report’s proposals could be ordered by Mr. Obama alone, while others would require legislation from Congress, including changes to how judges are appointed to the Foreign Intelligence Surveillance Court.

Senator Rand Paul, Republican of Kentucky, said he was skeptical that any changes passed by Congress would go far enough. “It gives me optimism that it won’t be completely brushed under the rug,” he said. “However, I’ve been here long enough to know that in all likelihood when there’s a problem, you get window dressing.”

The FISA court, which oversees national security surveillance inside the United States, has been criticized because it hears arguments only from the Justice Department without adversarial lawyers to raise opposing views, and because Chief Justice John G. Roberts Jr. has unilateral power to select its members. Echoing proposals already floated in congressional hearings and elsewhere, the advisory group backs the view that there should be a “public interest advocate to represent the interests of privacy and civil liberties” in classified arguments before the court. It also says the power to select judges for the surveillance court should be distributed among all the Supreme Court justices.

In backing a restructuring of the N.S.A.’s program that is systematically collecting and storing logs of all Americans’ phone calls, the advisers went further than some of the agency’s backers in Congress, who would make only cosmetic changes to it, but stopped short of calling for the program to be shut down, as its critics have urged. The N.S.A. uses the telephone data to search for links between people in an effort to identify hidden associates of terrorism suspects, but the report says it “was not essential to preventing attacks.”

Currently, the government obtains orders from the surveillance court every 90 days that require all the phone companies to give their customers’ data to the N.S.A., which commingles the records from every company and stores it for five years. A small group of analysts may query the database — examining records of everyone who is linked by up to three degrees of separation from a suspect — if the analyst has “reasonable, articulable suspicion” that the original person being examined is linked to terrorism.

Under the new system proposed by the review group, such records would stay in private hands — either scattered among the phone companies or pooled into some kind of private consortium. The N.S.A. would need to make the case to the surveillance court that it has met the standard of suspicion — and get a judge’s order — every time it wanted to perform such “link analysis.”

“In our view, the current storage by the government of bulk metadata creates potential risks to public trust, personal privacy, and civil liberty,” the report said.

The report recommended new privacy protections for the disclosure of personal information about non-Americans among agencies or to the public. The change would extend to foreigners essentially the same protections that citizens have under the Privacy Act of 1974 — a way of assuring foreign countries that their own citizens, if targeted for surveillance, will enjoy at least some protections under American law.

It also said the United States should get out of the business of secretly buying or searching for flaws in common computer programs and using them for mounting cyberattacks. That technique, using what are called zero-day flaws, so named because they are used with zero days of warning that the flaw exists, were crucial to the cyberattacks that the United States and Israel launched on Iran in an effort to slow its nuclear program. The advisers said that the information should be turned over to software manufacturers to have the mistakes fixed, rather than exploited.

Regarding spying on foreign leaders, the report urged that the issue be taken out the hands of the intelligence agencies and put into the hands of policy makers.


Jeremy W. Peters contributed reporting.

    Obama Panel Recommends New Limits on N.S.A. Spying, NYT, 18.12.2013,






Judge Questions Legality

of N.S.A. Phone Records


December 16, 2013
The New York Times


WASHINGTON — A federal district judge ruled on Monday that the National Security Agency program that is systematically keeping records of all Americans’ phone calls most likely violates the Constitution, describing its technology as “almost Orwellian” and suggesting that James Madison would be “aghast” to learn that the government was encroaching on liberty in such a way.

The judge, Richard J. Leon of Federal District Court for the District of Columbia, ordered the government to stop collecting data on the personal calls of the two plaintiffs in the case and to destroy the records of their calling history. But Judge Leon, appointed to the bench in 2002 by President George W. Bush, stayed his injunction “in light of the significant national security interests at stake in this case and the novelty of the constitutional issues,” allowing the government time to appeal it, which he said could take at least six months.

“I cannot imagine a more ‘indiscriminate’ and ‘arbitrary’ invasion than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval,” Judge Leon wrote in a 68-page ruling. “Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment,” which prohibits unreasonable searches and seizures.

Andrew Ames, a Justice Department spokesman, said government lawyers were studying the decision, but he added: “We believe the program is constitutional as previous judges have found.”

The case is the first in which a federal judge who is not on the Foreign Intelligence Surveillance Court, which authorized the once-secret program, has examined the bulk data collection on behalf of someone who is not a criminal defendant. The Justice Department has said that 15 separate judges on the surveillance court have held on 35 occasions that the calling data program is legal.

It also marks the first successful legal challenge brought against the program since it was revealed in June after leaks by the former N.S.A. contractor Edward J. Snowden.

In a statement from Moscow, where he has obtained temporary asylum, Mr. Snowden praised the ruling.

“I acted on my belief that the N.S.A.’s mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts,” Mr. Snowden said in his statement. It was distributed by Glenn Greenwald, a journalist who received leaked documents from Mr. Snowden and wrote the first article about the bulk data collection. “Today, a secret program authorized by a secret court was, when exposed to the light of day, found to violate Americans’ rights,” the statement said. “It is the first of many.”

The case was brought by several plaintiffs led by Larry Klayman, a conservative legal activist. Mr. Klayman, who represented himself and the other plaintiffs, said in an interview on Monday that he was seeking to turn the case into a class action on behalf of all Americans. “I’m extremely gratified that Judge Leon had the courage to make this ruling,” he said. “He is an American hero.”

Mr. Klayman argued that he had legal standing to challenge the program in part because, he contended, the government had sent inexplicable text messages to his clients on his behalf; at a hearing, he told the judge, “I think they are messing with me.”

The judge portrayed that claim as “unusual” but looked past it, saying Mr. Klayman and his co-plaintiff instead had standing because it was highly likely, based on the government’s own description of the program as a “comprehensive metadata database,” that the N.S.A. collected data about their phone calls along with everyone else’s.

Similar legal challenges to the N.S.A. program, including by the American Civil Liberties Union and the advocacy group Electronic Frontier Foundation, are at earlier stages in the courts. Last month, the Supreme Court declined to hear an unusual challenge to the program by the Electronic Privacy Information Center, which had sought to bypass lower courts.

The ruling on Monday comes as several government panels are developing recommendations on whether to keep, restructure or scrap the bulk data collection program, and as Congress debates competing bills over the program’s future.

Though long and detailed, Judge Leon’s ruling is not a final judgment on the program, but rather a preliminary injunction to stop the collection of data about the plaintiffs while they pursued their case.

He also wrote that he had “serious doubts about the efficacy” of the program, saying that the government had failed to cite “a single instance in which analysis of the N.S.A.’s bulk metadata collection actually stopped an imminent attack, or otherwise aided the government in achieving any objective that was time-sensitive.”

Judge Leon rejected the Obama administration’s argument that a 1979 case, Smith v. Maryland, had established there are no Fourth Amendment protections for call metadata — information like the numbers dialed and the date, time and duration of calls, but not their content. The 1979 case, which involved collecting information about a criminal defendant’s calls, helped establish the principle that people do not have a reasonable expectation of privacy for information they have exposed to a third party, like the phone company, which knows about their calls.

The surveillance court, which issues secret rulings after hearing arguments from only the Justice Department and without opposing lawyers, has maintained that the 1979 decision is a controlling precedent that shields the N.S.A. call data program from Fourth Amendment review. But Judge Leon, citing the scope of the program and the evolving role of phones and technology, distinguished the bulk collection from the 34-year-old case.

Last month, a federal judge declined to grant a new trial to several San Diego men convicted of sending money to a terrorist group in Somalia. Government officials have since acknowledged that investigators became interested in them because of the call records program. Citing Smith v. Maryland, the judge said the defendants had “no legitimate expectation of privacy” over their call data.

David Rivkin, a White House lawyer in the administration of the elder President George Bush, criticized Judge Leon’s reasoning.

“Smith v. Maryland is the law of the land,” Mr. Rivkin said. “It is not for a District Court judge to question the continuing validity of a Supreme Court precedent that is exactly on point.”

Judge Leon also pointed to a landmark privacy case decided by the Supreme Court in 2012 that held it was unconstitutional for the police to use a GPS tracking device to monitor a suspect’s public movements without a warrant.

Although the court decided the case on narrow grounds, five of the nine justices separately questioned whether the 1979 precedent was still valid in an era of modern technology, which enables long-term, automated collection of information.

    Judge Questions Legality of N.S.A. Phone Records, NYT, 16.12.2013,






End the N.S.A. Dragnet, Now


November 25, 2013
The New York Times


WASHINGTON — THE framers of the Constitution declared that government officials had no power to seize the records of individual Americans without evidence of wrongdoing, and they embedded this principle in the Fourth Amendment. The bulk collection of Americans’ telephone records — so-called metadata — by the National Security Agency is, in our view, a clear case of a general warrant that violates the spirit of the framers’ intentions. This intrusive program was authorized under a secret legal process by the Foreign Intelligence Surveillance Court, so for years American citizens did not have the knowledge needed to challenge the infringement of their privacy rights.

Our first priority is to keep Americans safe from the threat of terrorism. If government agencies identify a suspected terrorist, they should absolutely go to the relevant phone companies to get that person’s phone records. But this can be done without collecting the records of millions of law-abiding Americans. We recall Benjamin Franklin’s famous admonition that those who would give up essential liberty in the pursuit of temporary safety will lose both and deserve neither.

The usefulness of the bulk collection program has been greatly exaggerated. We have yet to see any proof that it provides real, unique value in protecting national security. In spite of our repeated requests, the N.S.A. has not provided evidence of any instance when the agency used this program to review phone records that could not have been obtained using a regular court order or emergency authorization.

Despite this, the surveillance reform bill recently ratified by the Senate Intelligence Committee would explicitly permit the government to engage in dragnet collection as long as there were rules about when officials could look at these phone records. It would also give intelligence agencies wide latitude to conduct warrantless searches for Americans’ phone calls and emails.

This is not the true reform that poll after poll has shown the American people want. It is preserving business as usual. When the Bill of Rights was adopted, it established that Americans’ papers and effects should be seized only when there was specific evidence of suspicious activity. It did not permit government agencies to issue general warrants as long as records seized were reviewed with the permission of senior officials.

Congress has a crucial opportunity to reassert constitutionally guaranteed liberties by reforming the N.S.A.’s overbroad collection of Americans’ personal data. But the Intelligence Committee bill squanders this chance. It would enable some of the most constitutionally questionable surveillance activities now exposed to the public eye. The Senate should be reining in these programs, not giving them a stamp of approval.

As members of the Intelligence Committee, we strongly disagree with this approach. We had already proposed our own, bipartisan surveillance reform legislation, the Intelligence Oversight and Surveillance Reform Act, which we have sponsored with a number of other senators. Our bill would prohibit the government from conducting warrantless “backdoor searches” of Americans’ communications — including emails, text messages and Internet use — under Section 702 of the Foreign Intelligence Surveillance Act. It would also create a “constitutional advocate” to present an opposing view when the F.I.S.C. is considering major questions of law or constitutional interpretation.

Rather than adopt our legislation, the Intelligence Committee chose to codify excessively broad domestic surveillance authorities. So we offered amendments: One would end the bulk collection of Americans’ records, but still allow intelligence agencies to obtain information they legitimately needed for national security purposes by getting the approval of a judge, which could even be done after the fact in emergency situations. Another of our amendments sought to prevent the N.S.A. from collecting Americans’ cellphone location information in bulk — a capability that potentially turns the cellphone of every man, woman and child in America into a tracking device.

Each of these proposals represents real and meaningful reform, which we believe would have fulfilled the purpose of protecting our security and liberty. Each was rejected by the committee, in some cases by a single vote.

But we will continue to engage with our colleagues and seek to advance the reforms that the American people want and deserve. As part of this effort, we will push to hold a comprehensive reform debate on the Senate floor.

There is no question that our nation’s intelligence professionals are dedicated, patriotic men and women who make real sacrifices to help keep our country safe and free. We believe that they should be able to do their jobs secure in the knowledge that their agencies have the confidence of the American people.

But this trust has been undermined by the N.S.A.’s domestic surveillance programs, as well as by senior officials’ misleading statements about surveillance. Only by ending the dragnet collection of ordinary Americans’ private information can this trust be rebuilt.

Congress needs to preserve the agencies’ ability to collect information that is actually necessary to guard against threats to our security. But it also needs to preserve the right of citizens to be free from unwarranted interference in their lives, which the framers understood was vital to American liberties.

Ron Wyden of Oregon, Mark Udall of Colorado and Martin Heinrich of New Mexico, all Democrats, are United States senators.

    End the N.S.A. Dragnet, Now, NYT, 25.11.2013,






Snowden Asks U.S.

to Stop Treating Him Like a Traitor


November 1, 2013
The New York Times


BERLIN — Edward J. Snowden, the fugitive American security contractor granted temporary asylum by Russia, has appealed to Washington to stop treating him like a traitor for revealing that the United States has been eavesdropping on its allies, a German politician who met with Mr. Snowden said on Friday.

Mr. Snowden made his appeal in a letter that was carried to Berlin by Hans-Christian Ströbele, a veteran member of the Green Party in the German Parliament. Mr. Ströbele said he and two journalists for German news outlets met with Mr. Snowden and a person described as his assistant — probably his British aide, Sarah Harrison — at an undisclosed location in or near Moscow on Thursday for almost three hours.

Mr. Ströbele had gone to Moscow to explore whether Mr. Snowden could or would testify before a planned parliamentary inquiry into the eavesdropping. Any arrangements for Mr. Snowden to testify would require significant legal maneuvering, as it seemed unlikely that he would travel to Germany for fear of extradition to the United States.

In his letter, Mr. Snowden, 30, also appealed for clemency. He said his disclosures about American intelligence activity at home and abroad, which he called “systematic violations of law by my government that created a moral duty to act,” have had positive effects.

Yet “my government continues to treat dissent as defection, and seeks to criminalize political speech with felony charges that provide no defense,” Mr. Snowden wrote. “However, speaking the truth is not a crime. I am confident that with the support of the international community, the government of the United States will abandon this harmful behavior.”

Mr. Ströbele, 74, is a seasoned left-wing defense lawyer and the longest-serving member of the parliamentary committee that oversees German intelligence. At a packed news conference after his return to Berlin, he said he was contacted about going to Moscow late last week after the German government said Chancellor Angela Merkel’s cellphone might have been tapped by American intelligence agents. He declined to elaborate, but said he has had no dealings with the Russian authorities or the German Embassy in Moscow.

He deftly parried requests to reveal more, while appealing to the governments and citizens of Germany, France and the United States to stop treating Mr. Snowden as a criminal.

Instead, Mr. Ströbele said, echoing an opinion gaining support here, Germany should thank Mr. Snowden. After ARD, the premier German television network, reported on Thursday night about the Moscow visit, it broadcast a commentary arguing that Germany should show gratitude for his exposure of United States intelligence practices.

Mr. Ströbele said he had found Mr. Snowden lucid and well informed. He said he had been told that Mr. Snowden was allowed to go shopping, but Mr. Ströbele declined to reveal any other details about Mr. Snowden’s routine.

News about the visit to Moscow eclipsed a number of interviews given on Thursday by the American ambassador, John B. Emerson, who tried to assuage German fears that the United States Embassy in Berlin was the center for monitoring Ms. Merkel and other well-placed Germans.

Mr. Emerson, who arrived in Berlin two months ago and is a strong proponent of a landmark American and European trade deal under negotiation, was summoned to the German Foreign Ministry last week after Berlin’s suspicions about eavesdropping on Ms. Merkel were made public. The action was unprecedented in post-World War II relations between the United States and Germany.

Ms. Merkel, while palpably angry in appearances last week, has made no direct statements since, quietly sending two senior advisers to Washington this week to begin re-establishing the trust she said had been breached.

Mr. Ströbele’s news conference yielded moments of humor as well. At one point, his cellphone rang. He pulled it out, looked at it and asked cheerfully, “Does anybody know the chancellor’s number?”

Asked to speculate about which intelligence services might have monitored his trip to Moscow, he said with a smile, “I assume that they are all interested.”

    Snowden Asks U.S. to Stop Treating Him Like a Traitor, NYT, 1.11.2013,






Angry Over U.S. Surveillance,

Tech Giants Bolster Defenses


October 31, 2013
The New York Times


SAN FRANCISCO — Google has spent months and millions of dollars encrypting email, search queries and other information flowing among its data centers worldwide. Facebook’s chief executive said at a conference this fall that the government “blew it.” And though it has not been announced publicly, Twitter plans to set up new types of encryption to protect messages from snoops.

It is all reaction to reports of how far the government has gone in spying on Internet users, sneaking around tech companies to tap into their systems without their knowledge or cooperation.

What began as a public relations predicament for America’s technology companies has evolved into a moral and business crisis that threatens the foundation of their businesses, which rests on consumers and companies trusting them with their digital lives.

So they are pushing back in various ways — from cosmetic tactics like publishing the numbers of government requests they receive to political ones including tense conversations with officials behind closed doors. And companies are building technical fortresses intended to make the private information in which they trade inaccessible to the government and other suspected spies.

Yet even as they take measures against government collection of personal information, their business models rely on collecting that same data, largely to sell personalized ads. So no matter the steps they take, as long as they remain ad companies, they will be gathering a trove of information that will prove tempting to law enforcement and spies.

When reports of surveillance by the National Security Agency surfaced in June, the companies were frustrated at the exposure of their cooperation with the government in complying with lawful requests for the data of foreign users, and they scrambled to explain to customers that they had no choice but to obey the requests.

But as details of the scope of spying emerge, frustration has turned to outrage, and cooperation has turned to war.

The industry has learned that it knew of only a fraction of the spying, and it is grappling with the risks of being viewed as an enabler of surveillance of foreigners and American citizens.

Lawmakers in Brazil, for instance, are considering legislation requiring online services to store the data of local users in the country. European lawmakers last week proposed a measure to require American Internet companies to receive permission from European officials before complying with lawful government requests for data.

“The companies, some more than others, are taking steps to make sure that surveillance without their consent is difficult,” said Christopher Soghoian, a senior analyst at the American Civil Liberties Union. “But what they can’t do is design services that truly keep the government out because of their ad-supported business model, and they’re not willing to give up that business model.”

Even before June, Google executives worried about infiltration of their networks. The Washington Post reported on Wednesday that the N.S.A. was tapping into the links between data centers, the beating heart of tech companies housing user information, confirming that their suspicions were not just paranoia.

In response, David Drummond, Google’s chief legal officer, issued a statement that went further than any tech company had publicly gone in condemning government spying. “We have long been concerned about the possibility of this kind of snooping,” he said. “We are outraged at the lengths to which the government seems to have gone.”

A tech industry executive who spoke only on the condition of anonymity because of the sensitivities around the surveillance, said, “Just based on the revelations yesterday, it’s outright theft,” adding, “These are discussions the tech companies are not even aware of, and we find out from a newspaper.”

Though tech companies encrypt much of the data that travels between their servers and users’ computers, they do not generally encrypt their internal data because they believe it is safe and because encryption is expensive and time-consuming and slows down a network.

But Google decided those risks were worth it. And this summer, as it grew more suspicious, it sped up a project to encrypt internal systems. Google is also building many of its own fiber-optic lines through which the data flows; if it controls them, they are harder for outsiders to tap.

Tech companies’ security teams often feel as if they are playing a game of Whac-a-Mole with intruders like the government, trying to stay one step ahead.

Google, for instance, changes its security keys, which unlock encrypted digital data so it is readable, every few weeks. Google, Facebook and Yahoo have said they are increasing the length of these keys to make them more difficult to crack.

Facebook also said it was adding the encryption method of so-called perfect forward secrecy, which Google did in 2011. This means that even if someone gets access to a secret key, that person cannot decrypt past messages and traffic.

“A lot of the things everybody knew they should do but just weren’t getting around to are now a much higher priority,” said Paul Kocher, president and chief scientist of Cryptography Research, which makes security technologies.

Facebook said in July that it had turned on secure browsing by default, and Yahoo said last month that it would do the same for Yahoo Mail early next year. And Twitter is developing a variety of new security measures, including encrypting private direct messages, according to a person briefed on the measures.

Many tech companies have made public information about the number of government requests for user data they receive, and sued to ask for permission to publish more of this data. On Thursday, Google, Microsoft, Facebook, Yahoo, Apple and AOL reiterated these points in a letter to members of Congress.

But publishing the numbers of requests the companies receive has less meaning now that reports show the government sees company data without submitting a legal request.

A sense of betrayal runs through the increasingly frequent conversations between tech company lawyers and lawmakers and law enforcement in Washington, and in private conversations among engineers at the companies and increasingly outspoken public statements by executives.

Mr. Drummond and Larry Page, Google’s co-founder and chief executive, have said privately that they thought the government betrayed them when the N.S.A. leaks began, by failing to explain the tech companies’ role to the public or the extent of its spying to the tech companies, according to three people briefed on these conversations. When President Obama invited tech chief executives to discuss surveillance in August, Mr. Page did not go and sent a lower-level employee instead.

Mark Zuckerberg, Facebook’s chief executive, sarcastically discussed surveillance at the TechCrunch Disrupt conference in September.

“The government blew it,” he said. “The government’s comment was, ‘Oh, don’t worry, basically we’re not spying on any Americans.’ Right, and it’s like, ‘Oh, wonderful, yeah, it’s like that’s really helpful to companies that are really trying to serve people around the world and really going to inspire confidence in American Internet companies.’ ”

    Angry Over U.S. Surveillance, Tech Giants Bolster Defenses, NYT, 31.10.2013,






The Spies Who Loved

to Damage Our Reputation


October 30, 2013
The New York Times


Perhaps there’s more we could do to antagonize American allies.

The National Security Agency could tweet Chancellor Angela Merkel’s juicy phone conversations, or post video clips on YouTube of Prime Minister Shinzo Abe of Japan singing in the shower.

The Pentagon could fly drones over Paris, dropping Big Macs on fine restaurants, just to show that we can.

Government officials fume at Edward Snowden and Chelsea Manning for harm they did to American security. Fair enough. But the latest uproar over our N.S.A. spying is a reminder of how senior American officials have themselves jeopardized our strategic interests — by overreaching and doing things just because they could.

Our national security policy has gone off the rails since 9/11. For a dozen years, security has been an obsession, rarely constrained by a weighing of trade-offs, and to what result? We have sought every tactical advantage, and this sometimes leads — as in eavesdropping of foreign allies — to strategic losses.

We have doubled spending on intelligence, after inflation, to more than $70 billion annually. More people have “top secret” clearances than live in the District of Columbia — and it was inevitable that there would be some rogues among them. When everything is classified, the system loses credibility, transparency and accountability.

The war on terror led us to fight wars in Iraq and Afghanistan, achieving few obvious gains but costing thousands of American lives. For every jihadi we killed, we appear to have created several new ones.

As a Chinese saying goes, we lifted up a rock and dropped it on our own feet.

When he took office, President Obama seemed likely to reorient security policy. He did, indeed, bring troops back from Iraq and, after a misconceived “surge” in Afghanistan, is winding down our presence there.

But, over all, his security policy is surprisingly similar to President Bush’s: Guantánamo remains an affront to our values and the world’s, N.S.A. spying programs continue in force, drone strikes have been stepped up, and the White House has tried to curb serious public conversation about drones, spying and cyberwarfare. The Obama administration has prosecuted more whistle-blowers under the Espionage Act than all previous administrations put together.

The latest scandal involving our spying on European leaders is symptomatic of this larger myopia about our strategic interests.

It’s true that some of the outrage in Europe is affected. As Bernard Kouchner, the former foreign minister of France, bluntly noted in a radio interview: “Let’s be honest. We eavesdrop, too. Everyone is listening to everyone else. But we don’t have the same means as the United States, which makes us jealous.”

Still, our eavesdropping seems to have broken German law, as well as the first rule of spying: Don’t get caught.

If President Obama really didn’t know that 35 world leaders were being listened to, something was wrong with intelligence oversight. A former C.I.A. senior official says that before 9/11, that kind of monitoring of world leaders was always cleared by the White House.

“Anything with senior government officials or heads of state was checked quite carefully, at least with the national security adviser, if not the president,” the official told me.

Yet, since 9/11, our security policy has been on autopilot: If we can spy on Merkel, let’s do it! If we can use a drone to kill a suspected terrorist, go for it! If we can keep people indefinitely in Guantánamo, why not?

Our hubris has undercut America’s greatest foreign policy advantage: our soft power. In Pakistan, for example, our drone strikes have removed some dangerous militants. But drone strikes deeply antagonized the Pakistani people, tarnishing our image and reducing our leverage in a pivotal country. Our drones damaged our own influence in Pakistan more than the Taliban’s.

As David Rohde of Reuters puts it: “The United States obsession with Al Qaeda is doing more damage to the nation than the terrorist group itself.”

Richard Haass, the president of the Council on Foreign Relations, notes that the majority of Europeans today have no memory of the Cold War and that, as a result, we have less leeway today to antagonize our allies. “This is a different geopolitical era,” he said. “We can’t assume that people are for us.”

Yes, there is still a place for drones, for spying on allies, for the N.S.A. But they need to be subjected to scrutiny, context and brakes, as they were before 9/11.

Commercial aviation would be safer if we were all required to fly stark naked. But we accept trade-offs — such as clothing — and thus some small risk. In the same way, it’s time to pause for a breath in the security realm and start examining the trade-offs, rather than just doing things because we can.

    The Spies Who Loved to Damage Our Reputation, NYT, 30.10.2013,






N.S.A. Said to Tap

Google and Yahoo Abroad


October 30, 2013


WASHINGTON — The National Security Agency and its British counterpart have apparently tapped the fiber-optic cables connecting Google’s and Yahoo’s overseas servers and are copying vast amounts of email and other information, according to accounts of documents leaked by the former agency contractor Edward J. Snowden.

In partnership with the British agency known as Government Communications Headquarters, or GCHQ, the N.S.A. has apparently taken advantage of the vast amounts of data stored in and traveling among global data centers, which run all modern online computing, according to a report Wednesday by The Washington Post. N.S.A. collection activities abroad face fewer legal restrictions and less oversight than its actions in the United States.

Google and Yahoo said on Wednesday that they were unaware of government accessing of their data links. Sarah Meron, a Yahoo spokeswoman, said that the company had not cooperated with any government agency for such interception, and David Drummond, Google’s chief legal officer, expressed outrage.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links,” Mr. Drummond said in a statement. “We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

In a statement, the N.S.A. did not directly address the claim that it had penetrated the companies’ overseas data links. But it emphasized that it was focused on “foreign” intelligence collection — not domestic — and pushed back against the notion that it was collecting abroad to “get around” legal limits imposed by domestic surveillance laws. It also said it was “not true” that it collects “vast quantities” of Americans’ data using that method.

Companies like Google that operate Internet services — including email, online document and photo storage and search queries — send huge amounts of data through fiber-optic lines between their data centers around the world. Those data centers are kept highly secure using heat-sensitive cameras and biometric authentication, and companies believed the data flowing among centers was secure. But Google said last month that it began the process of encrypting this internal traffic before reports of N.S.A. spying leaked during the summer, and accelerated the effort since then. Google security executives were suspicious that outside parties, like governments, could tap into the cables, but did not have hard evidence that the spying was occurring, according to three people briefed on Google’s security efforts who spoke on condition of anonymity.

The N.S.A. could physically install a device that clips on the cable and listens to electric signals, or insert a splitter in the cable through which data would travel, said Nicholas McKeown, an expert in computer networking and a professor at Stanford. Or, he said, someone with remote login access to the cable’s switch or router could also redirect data flowing through the cables.

Level 3 is a company that provides these cables for Google, according to a person briefed on Google’s infrastructure who was not authorized to speak publicly.

In a statement, Level 3 said: “We comply with the laws in each country where we operate. In general, governments that seek assistance in law enforcement or security investigations prohibit disclosure of the assistance provided.”

In July, the company denied a German television report that it had cooperated with American intelligence agencies to spy on German citizens using its network. The New York Times reported in September that for at least three years, GCHQ had been working to gain access to traffic in and out of data centers operated by Google, Yahoo, Facebook and Microsoft’s Hotmail. The program, described as having been developed in close collaboration with the N.S.A., was said to have achieved “new access opportunities” into Google’s systems by 2012, according to GCHQ documents provided by Mr. Snowden. But it was not clear what that meant.

The Post said that under a system code-named Muscular, GCHQ was storing data taken in from the interception in a rolling three- to five-day “buffer,” during which the two agencies decoded it and filtered out information they wanted to keep.

It also reported that the N.S.A. was using about 100,000 “selectors” as its search term filters — more than twice as many, it said, as the agency has been using from its Prism program inside the United States. In that program, the agency collects emails, search queries and other online activity of foreigners abroad from Google, Yahoo and other companies through a court-approved process authorized by the FISA Amendments Act of 2008.

GCHQ documents obtained from Mr. Snowden by The Guardian newspaper and shared with The Times reveal an intense focus over several years by British spies on the development of Muscular and a closely related project code-named Incenser. The documents suggest that both programs are to a large extent driven by N.S.A. intelligence needs and are highly prized by the Americans.

In November 2010, the British wrote that “Muscular/Incenser has significantly enhanced the amount of benefit that the N.S.A. derive from our special source accesses.” Those projects in some cases provide data that are unavailable from any other source, one document said, “highlighting the unique contribution we are now making to N.S.A., providing insights into some of their highest priority targets.”

In its article, The Post described a January document as saying that the N.S.A.’s headquarters in Fort Meade, Md., was taking in more than 180 million records a month from the project. It also reported that briefing documents said collection from Yahoo and Google had produced important intelligence leads against hostile foreign governments.

The Post published an N.S.A. slide labeled “Current efforts — Google” with a hand-drawn sketch showing that traffic flowed between Google’s data centers in “clear text,” because encryption was added only at the front-end server that interfaced with users’ computers and mobile devices. This notation included a smiley face.

The Post also published speaker notes from a presentation about Muscular. It included a reference to a February proposal to stop collecting Yahoo email account archives flowing through what it describes as a “lucrative” access point on what is apparently a fiber-optic cable linking Yahoo’s overseas servers and its servers on United States soil.

As The Post published its story, the director of the N.S.A., Gen. Keith B. Alexander, was being interviewed at a cybersecurity conference. He flatly denied a slightly garbled account of The Post story as “factually inaccurate,” but it was not clear that he understood that The Post was reporting infiltration of data links between overseas servers.

“There’s no evidence that they are actually breaking into servers,” said Alex Stamos, a security consultant at Artemis Internet, a security firm based in San Francisco. “But they are right outside Google and Yahoo’s data centers taking data that those companies believed was protected.”


Charlie Savage reported from Washington,

and Claire Cain Miller and Nicole Perlroth from San Francisco.

James Glanz contributed reporting from New York,

and John Markoff from San Francisco.

    N.S.A. Said to Tap Google and Yahoo Abroad, NYT, 30.10.2013,






Spying Known at Top Levels,

Officials Say


October 29, 2013
The New York Times


WASHINGTON — The nation’s top spymaster said on Tuesday that the White House had long been aware in general terms of the National Security Agency’s overseas eavesdropping, stoutly defending the agency’s intelligence-gathering methods and suggesting possible divisions within the Obama administration.

The official, James R. Clapper Jr., the director of national intelligence, testified before the House Intelligence Committee that the N.S.A. had kept senior officials in the National Security Council informed of surveillance it was conducting in foreign countries. He did not specifically say whether President Obama was told of these spying efforts, but he appeared to challenge assertions in recent days that the White House had been in the dark about some of the agency’s practices.

Mr. Clapper and the agency’s director, Gen. Keith B. Alexander, vigorously rejected suggestions that the agency was a rogue institution, trawling for information on ordinary citizens and leaders of America’s closest allies, without the knowledge of its Washington overseers.

Their testimony came amid mounting questions about how the N.S.A. collects information overseas, with Republicans and Democrats calling for a congressional review, lawmakers introducing a bill that would curb its activities and Mr. Obama poised to impose his own constraints, particularly on monitoring the leaders of friendly nations. At the same time, current and former American intelligence officials say there is a growing sense of anger with the White House for what they see as attempts to pin the blame for the controversy squarely on them.

General Alexander said news media reports that the N.S.A. had vacuumed up tens of millions of telephone calls in France, Italy and Spain were “completely false.” That data, he said, is at least partly collected by the intelligence services of those countries and provided to the N.S.A.

Still, both he and Mr. Clapper said that spying on foreign leaders — even those of allies — was a basic tenet of intelligence tradecraft and had gone on for decades. European countries, Mr. Clapper said, routinely seek to listen in on the conversations of American leaders.

“Some of this reminds me of the classic movie ‘Casablanca’ — ‘My God, there’s gambling going on here,’ ” Mr. Clapper said, twisting the line from the movie uttered by a corrupt French official who feigns outrage at the very activity in which he avidly partakes.

Asked whether the White House knows about the N.S.A.’s intelligence-gathering, including on foreign leaders, Mr. Clapper said, “They can and do.” But, he added, “I have to say that that does not extend down to the level of detail. We’re talking about a huge enterprise here, with thousands and thousands of individual requirements.”

The White House has faced criticism for the N.S.A.’s surveillance practices since the first revelations by a former agency contractor, Edward J. Snowden, in June. But in recent weeks it has struggled to quell a new diplomatic storm over reports that the agency monitored the cellphone of Chancellor Angela Merkel of Germany for more than a decade. White House officials said that the president did not know of that surveillance, but that he has told Ms. Merkel that the United States is not monitoring her phone now and would not in the future.

On Wednesday, a delegation of senior German officials is scheduled to meet at the White House with Mr. Clapper, the president’s national security adviser, Susan E. Rice; his homeland security and counterterrorism adviser, Lisa Monaco; and other officials.

Several current and former American officials said that presidents and their senior national security advisers have long known about which foreign leaders the United States spied on.

“It would be unusual for the White House senior staff not to know the exact source and method of collection,” said Michael Allen, a National Security Council official in the George W. Bush administration and a former staff director for the House Intelligence Committee. “That information helps a policy maker assess the reliability of the intelligence.”

Mr. Allen, the author of book about intelligence reform called “Blinking Red,” said this information often comes to the president during preparation for phone calls or meetings with the foreign leaders.

The White House declined to discuss intelligence policies, pending the completion of a review of intelligence-gathering practices that will be completed in December. But a senior administration official noted that the vast majority of intelligence that made it into Mr. Obama’s daily intelligence briefings focused on potential threats, from Al Qaeda plots to Iran’s nuclear program.

“These are front-burner, first-tier issues,” said the official, who spoke on the condition of anonymity because of the delicacy of the matter. “He’s not getting many briefings on intelligence about Germany.”

Another senior administration official said that Mr. Obama did not generally rely on intelligence reports to prepare for meetings or phone calls with Ms. Merkel.

“He knows her well, he speaks with her regularly and our governments work together every day on a wide range of issues,” said this official, who also spoke on the condition of anonymity because of the diplomatic concerns. “Because we talk so frequently, we know where they stand and they know where we stand on most issues.”

Mr. Clapper and General Alexander got a warm reception from the chairman of the House Intelligence Committee, Representative Mike Rogers, Republican of Michigan, who defended the N.S.A.’s methods and said he had been adequately briefed about its activities.

But elsewhere on Capitol Hill, the outrage among America’s allies was clearly fueling concern.

Senator Dianne Feinstein of California, the chairwoman of the Senate Intelligence Committee and one of the fiercest defenders of American surveillance operations, said Monday that she did “not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers.” Ms. Feinstein said her committee would be conducting a “major review” of the intelligence programs.

Another strong defender of the N.S.A., Speaker John A. Boehner, agreed that “there needs to be review, there ought to be review and it ought to be thorough,” he said. “We’ve got obligations to the American people to keep them safe. We’ve got obligations to our allies around the world.”

“But having said that, we’ve got to find the right balance here,” he added. “We’re imbalanced as we stand here.”

An aide to Mr. Boehner said, “The speaker still believes our surveillance programs save lives, but the president needs to do a better job of managing and explaining them.”

On Tuesday, House Democrats and Republicans introduced a bill that would curb some of the N.S.A.’s practices, including the bulk collection of telephone data inside the United States.

“The picture drawn is one of a surveillance system run amok,” said Representative John Conyers Jr., Democrat of Michigan, a sponsor of the bill. “Our intelligence community has operated without proper congressional oversight or regard for Americans’ privacy and civil liberties.”

Even on the House Intelligence Committee, members sparred over what they had been told by the intelligence agencies about eavesdropping on foreign leaders. Representative Adam B. Schiff, a California Democrat and a senior member of the committee, said that he had first learned about the practice after the recent news media reports.

“Would you consider that a wiretap of a leader of an allied country would be a significant intelligence activity requiring a report to the intelligence committees?” Mr. Schiff asked Mr. Clapper.

Mr. Clapper said the agencies had “lived up to the letter and spirit of that requirement.”

Mr. Schiff disagreed, saying that the agencies had much work to do “to make sure we’re getting the information we need.” He said that disclosures about such eavesdropping could create significant “blowback.”

Mr. Rogers disputed Mr. Schiff’s claim, saying that Mr. Schiff needed to take the time to educate himself about what the committee had been briefed on.

“To make the case that somehow we are in the dark is mystifying to me,” Mr. Rogers said. “It is disingenuous to imply that this committee did not have a full and complete understanding of activities of the intelligence community as was directed under the national intelligence priority framework to include sources and methods.”


Mark Mazzetti contributed reporting.

    Spying Known at Top Levels, Officials Say, NYT, 29.10.2013,






Obama May Ban Spying

on Heads of Allied States


October 28, 2013
The New York Times


WASHINGTON — President Obama is poised to order the National Security Agency to stop eavesdropping on the leaders of American allies, administration and congressional officials said Monday, responding to a deepening diplomatic crisis over reports that the agency had for years targeted the cellphone of Chancellor Angela Merkel of Germany.

The White House informed a leading Democratic lawmaker, Senator Dianne Feinstein of California, of its plans, which grew out of a broader internal review of intelligence-gathering methods, prompted by the leak of N.S.A. documents by a former contractor, Edward J. Snowden.

In a statement on Monday, Ms. Feinstein, chairwoman of the Senate Intelligence Committee, said, “I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers.” Ms. Feinstein, who has been a stalwart defender of the administration’s surveillance policies, said her committee would begin a “major review of all intelligence collection programs.”

The White House said Monday evening that no final decision had been made on the monitoring of friendly foreign leaders. But the disclosure that it is moving to prohibit it signals a landmark shift for the N.S.A., which has had nearly unfettered powers to collect data on tens of millions of people around the world, from ordinary citizens to heads of state, including the leaders of Brazil and Mexico.

It is also likely to prompt a fierce debate on what constitutes an American ally. Prohibiting eavesdropping on Ms. Merkel’s phone is an easier judgment than, for example, collecting intelligence on the military-backed leaders in Egypt.

“We have already made some decisions through this process and expect to make more,” said a spokeswoman for the National Security Council, Caitlin M. Hayden, adding that the review would be completed in December.

Disclosure of the White House’s proposed action came after the release on Monday afternoon of Ms. Feinstein’s statement, in which she asserted that the White House had told her it would cease all intelligence collection in friendly countries. That statement, senior administration officials said, was “not accurate,” but they acknowledged that they had already made unspecified changes in surveillance policy and planned further changes, particularly in the monitoring of government leaders.

The administration will reserve the right to continue collecting intelligence in friendly countries that pertains to criminal activity, potential terrorist threats and the proliferation of unconventional weapons, according to several officials. It also appeared to be leaving itself room in the case of a foreign leader of an ally who turned hostile or whose actions posed a threat to the United States.

The crossed wires between the White House and Ms. Feinstein were an indication of how the furor over the N.S.A.’s methods is testing even the administration staunchest defenders.

Aides said the senator’s six-paragraph statement reflected exasperation at the N.S.A. for failing to keep the Intelligence Committee fully apprised of such politically delicate operations as eavesdropping on the conversations of friendly foreign leaders.

“She believes the committee was not adequately briefed on the details of these programs, and she’s frustrated,” said a committee staff member, who spoke on the condition of anonymity. “In her mind, there were salient omissions.”

The review that Ms. Feinstein announced would be “a major undertaking,” the staff member said.

The White House has faced growing outrage in Germany and among other European allies over its surveillance policies. Senior officials from Ms. Merkel’s office and the heads of Germany’s domestic and foreign intelligence agencies plan to travel to Washington in the coming days to register their anger.

They are expected to ask for a no-spying agreement similar to what the United States has with Britain, Canada, Australia and New Zealand, which are known as the Five Eyes.

The United States has historically resisted such agreements, even with friendly governments, though it explored a similar arrangement with France early in the Obama administration. But officials said they would give the Germans, in particular, a careful hearing.

“We have intel relationships that are already very close,” said a senior official, who spoke on the condition of anonymity because of the delicacy of the subject. “There are other types of agreements you could have: cooperation, limits on intelligence, greater transparency. The countries on the top of the list for those are close European allies.”

The National Security Agency has said it did not inform Mr. Obama of its reported monitoring of Ms. Merkel, which appears to have started in 2002 and was not suspended until sometime last summer after the theft of the N.S.A. data by Mr. Snowden was discovered.

“At that point it was clear that lists of targeted foreign officials may well become public,” said one official, “so many of the interceptions were suspended.”

The N.S.A.’s documentation on Ms. Merkel’s case authorized the agency’s operatives in Germany not only to collect data about the numbers she was calling, but also to listen in on her conversations, according to current and former administration officials.

It was unclear whether excerpts from Ms. Merkel’s conversations appeared in intelligence reports that were circulated in Washington or shared with the White House. Officials said they had never seen information attributed to an intercept of Ms. Merkel’s conversations. But they said it was likely that some conversations had been recorded simply because the N.S.A. had focused on her for so long.

In both public comments and private interchanges with German officials, the Obama administration has refused to confirm that Ms. Merkel’s phone was targeted, though it has said that it is not the subject of N.S.A. action now, and will not be in the future.

The refusal to talk about the past has further angered German officials, who have said the surveillance has broken trust between two close allies. The Germans were particularly angry that the operation appears to have been run from inside the American Embassy or somewhere near it, in the heart of Berlin, steps from the Brandenburg Gate.

None of the officials and former officials who were interviewed would speak directly about the decision to target Ms. Merkel, saying that information was classified. But they said the legal distinction between tapping a conversation and simply collecting telephone “metadata” — essentially the kind of information about a telephone call that would be found on a telephone bill — existed only for domestic telephone calls, or calls involving United States citizens.

To record the conversation of a “U.S. Person,” the intelligence agencies would need a warrant. But no such distinction applies to intercepting the calls of foreigners, on foreign soil — though those intercepts may be a violation of local law.

That means that the intercepts of other world leaders could have also involved both information about the calls and the conversations themselves.

Dennis C. Blair, Mr. Obama’s first director of national intelligence, declined to speak specifically about the Merkel case. But he noted that “in our intelligence relationship with countries like France and Germany, 90 to 95 percent of our activity is cooperative and sharing, and a small proportion is about gaining intelligence we can’t obtain in other ways.”

He said he had little patience for the complaints of foreign leaders. “If any foreign leader is talking on a cellphone or communicating on unclassified email, what the U.S. might learn is the least of their problems.”

In addition to the Germans, European Union officials and members of the European Parliament are descending on Washington to deliver a tough message: The N.S.A.’s surveillance is unacceptable and has eroded trust between the United States and Europe.

“The key message is there is a problem,” said Silvia Kofler, a spokeswoman for the European Union. “We need to re-establish the trust between partners. You don’t spy on partners.”

One potential threat, Ms. Kofler said, was to the negotiation of the Trans-Atlantic Trade and Investment Partnership, one of Mr. Obama’s major trade initiatives. European Union officials, she said, were anxious to keep those talks on track but would require unspecified “confidence-building measures” to restore trust between the two sides.

An administration official said the White House would take these visits seriously, having senior officials from several government agencies and the White House meet with the Germans, though no meetings have yet been scheduled.


Eric Schmitt contributed reporting.

    Obama May Ban Spying on Heads of Allied States, NYT, 28.10.2013,






The White House on Spying


October 28, 2013
The New York Times


The White House response on Monday to the expanding disclosures of American spying on foreign leaders, their governments and millions of their citizens was a pathetic mix of unsatisfying assurances about reviews under way, platitudes about the need for security in an insecure age, and the odd defense that the president didn’t know that American spies had tapped the German chancellor’s cellphone for 10 years.

Is it really better for us to think that things have gone so far with the post-9/11 idea that any spying that can be done should be done and that nobody thought to inform President Obama about tapping the phone of one of the most important American allies?

The White House spokesman, Jay Carney, kept repeating that Mr. Obama ordered a review of surveillance policy a few months ago, but he would not confirm whether that includes the tapping of the cellphone of Chancellor Angela Merkel of Germany, or the collection of data on tens of millions of calls in France, Spain and elsewhere. It’s unlikely that Mr. Obama would have ordered any review if Edward Snowden’s leaks had not revealed the vacuum-cleaner approach to electronic spying. Mr. Carney left no expectation that the internal reviews will produce any significant public accounting — only that the White House might have “a little more detail” when they are completed.

Fortunately, members of Congress have been more aggressive in responding to two broad disclosures. One, that both the Obama and George W. Bush administrations misinterpreted the Patriot Act to permit the collection of metadata on phone calls, emails and text messages of all Americans, whether they were international or domestic. And, second, that the 2008 amendments to the Foreign Intelligence Surveillance Act were being stretched to excuse the routine collection of data from 60 million telephone calls in Spain and 70 million in France over two 30-day periods.

Legislation scheduled to be introduced on Tuesday by Patrick Leahy, Democrat of Vermont, the chairman of the Senate Judiciary Committee, and Representative Jim Sensenbrenner, Republican of Wisconsin, would end the bulk collection of Americans’ communications data.

The administration has said that such data collection is permitted by Section 215 of the Patriot Act, although Mr. Sensenbrenner, who wrote that section, has said it is not. The bill, the U.S.A. Freedom Act, would require that the “tangible things” sought through data collection are “relevant and material to an authorized investigation into international terrorism or clandestine intelligence activities.” They would also have to pertain to a foreign power or its agent, activities of a foreign agent already under investigation or someone in touch with an agent.

Currently, the government conducts metadata collection by periodically vaguely informing a federal court in secret that it is working on security-related issues.

The bill would require a court order in order to search for Americans’ communications in data collected overseas, which falls under the Foreign Intelligence Surveillance Act, and it would restrict “reverse targeting” — targeting a foreigner with the goal of getting information about an American. The bill would not address spying on foreigners, including such abuses as in the Merkel affair. Those activities are governed by a presidential order that is secret and certain to remain so.

We are not reassured by the often-heard explanation that everyone spies on everyone else all the time. We are not advocating a return to 1929 when Secretary of State Henry Stimson banned the decryption of diplomatic cables because “gentlemen do not read each other’s mail.” But there has long been an understanding that international spying was done in pursuit of a concrete threat to national security.

That Chancellor Merkel’s cellphone conversations could fall under that umbrella is an outgrowth of the post-9/11 decision by President Bush and Vice President Dick Cheney that everyone is the enemy, and that anyone’s rights may be degraded in the name of national security. That led to Abu Ghraib, torture at the secret C.I.A. prisons, warrantless wiretapping of American citizens, grave harm to international relations, and the dragnet approach to surveillance revealed by the Snowden leaks.

    The White House on Spying, NYT, 28.10.2013,






N.S.A. Snooping and the Damage Done


October 25, 2013
The New York Times


President Obama spent this week trying to persuade America’s close allies, France and Germany, that the National Security Agency’s extensive eavesdropping in those countries is under adequate control. He was not entirely successful. His efforts to reassure President François Hollande of France and Chancellor Angela Merkel of Germany seem to have been as incomplete as the explanations the administration has given to the American public about the agency’s excessive domestic surveillance.

The German government learned this week that the newsmagazine Der Spiegel had new evidence (presumably via information leaked by Edward Snowden) that the N.S.A. had monitored Ms. Merkel’s cellphone. On Monday, Le Monde reported that the agency had gathered data on more than 70 million phone calls and messages inside France within one 30-day period, suggesting a surveillance program that went well beyond any legitimate tracking of international terrorists.

Mr. Obama sought to assure Ms. Merkel that her phone was not being monitored now and would not be in the future, but he seemed to indicate nothing about past monitoring. David Sanger and Mark Mazzetti reported in The Times on Friday that Germany has evidence of monitoring going back to the George W. Bush administration.

The Guardian also reported this week that the phone conversations of at least 35 world leaders were monitored by the N.S.A. in 2006, according to an agency memo leaked by Mr. Snowden. The N.S.A. apparently encouraged American diplomats and officials to provide phone numbers to be added to the surveillance program. Would it be surprising if foreign leaders now became much more restrictive about sharing their numbers with United States officials?

Such surveillance undermines the trust of allies and their willingness to share the kind of confidential information needed to thwart terrorism and other threats. When the N.S.A. violates French or German law, law enforcement agencies in those nations cooperate with the agency at their own risk. There is also the more subtle damage done by the feeling that the United States plays by its own rules and respects neither the sovereignty nor the political sensibilities of some of its closest democratic allies.

Broad data collection programs by the United States government also harm the efforts of American Internet companies to market their services internationally by casting doubt on their ability to protect privacy. Such companies face heavy legal pressures from the N.S.A. and other intelligence agencies to make private data available for government scrutiny.

And there is new pressure on European governments to seek stricter data protection in negotiations for a Transatlantic Trade and Investment Partnership, with the eavesdropping reports souring the political climate for these talks.

European leaders are not naïve about the realities of international snooping. American security is built on the strength and reliability of its international alliances. These should not be put at risk merely because the N.S.A. now has the capacity to monitor more communications in more places than ever.

A good way out of this mess would be for Washington to take up the proposal made Friday by Germany and France to negotiate a formal pact that would set mutually acceptable surveillance guidelines. The next steps must come from Mr. Obama. He should move beyond unpersuasive and vague pledges to balance security against privacy, to substantive guidelines that limit the overreaching of N.S.A. surveillance programs abroad and at home.

    N.S.A. Snooping and the Damage Done, NYT, 25.10.2013,






New Leaks, New Repercussions


October 22, 2013
The New York Times


Stunning new details continue to emerge from Edward Snowden’s leaks about the vast electronic data mining carried out by the National Security Agency, setting off one diplomatic aftershock after another.

The latest was spurred by reports in Le Monde this week that the agency had gained access to the records of more than 70 million calls inside France in one 30-day period. The American ambassador was summoned to the French Foreign Ministry for an explanation; President François Hollande told President Obama by telephone that the data sweep was “unacceptable,” and the matter has already become an issue in a visit to Paris by Secretary of State John Kerry intended to focus on Syria.

Previous reports based on Mr. Snowden’s information have alleged American eavesdropping on Germany, Britain, Brazil, Mexico, European Union offices and European diplomatic missions. More revelations are likely.

The Obama administration’s response has been that the United States seeks to gather foreign intelligence as other nations do. That is not in dispute, and no doubt much of the public indignation by France and other governments is largely rhetorical. Le Monde reported in July that the French intelligence agency has its own extensive electronic surveillance operation. Nor is there much dispute that intelligence is necessary to protect citizens against terrorists and other enemies.

But the very scale of America’s clandestine electronic operations appears to be undercutting America’s “soft power” — its ability to influence global affairs through example and moral leadership. Brazil has complained about the reach of American surveillance, while the European Parliament has revived an effort to enact privacy legislation that could impose restrictions on American Internet providers and further complicate talks on a trans-Atlantic trade and investment agreement.

Mr. Kerry said the United States was working to find a balance between protecting privacy and providing security in a dangerous world. Mr. Obama has pledged to review electronic intelligence gathering, as well as the institutions charged with judicial and political oversight, a vow he must honor given the scope of the N.S.A.’s operations.

The fact is that most nations practice electronic surveillance and that citizens everywhere surrender personal data voluntarily to digital services and social networks. That is why free countries must place stern limits on the security institutions allowed to function in the shadows.

    New Leaks, New Repercussions, NYT, 22.10.2013,






N.S.A. Gathers Data

on Social Connections of U.S. Citizens


September 28, 2013
The New York Times


WASHINGTON — Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.

The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor.

The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.

N.S.A. officials declined to say how many Americans have been caught up in the effort, including people involved in no wrongdoing. The documents do not describe what has resulted from the scrutiny, which links phone numbers and e-mails in a “contact chain” tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest.

The new disclosures add to the growing body of knowledge in recent months about the N.S.A.’s access to and use of private information concerning Americans, prompting lawmakers in Washington to call for reining in the agency and President Obama to order an examination of its surveillance policies. Almost everything about the agency’s operations is hidden, and the decision to revise the limits concerning Americans was made in secret, without review by the nation’s intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the “misuse” of such information without adequate safeguards.

An agency spokeswoman, asked about the analyses of Americans’ data, said, “All data queries must include a foreign intelligence justification, period.”

“All of N.S.A.’s work has a foreign intelligence purpose,” the spokeswoman added. “Our activities are centered on counterterrorism, counterproliferation and cybersecurity.”

The legal underpinning of the policy change, she said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ “metadata,” which includes the timing, location and other details of calls and e-mails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court.

N.S.A. officials declined to identify which phone and e-mail databases are used to create the social network diagrams, and the documents provided by Mr. Snowden do not specify them. The agency did say that the large database of Americans’ domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have previously acknowledged that the agency has done limited analysis in that database, collected under provisions of the Patriot Act, exclusively for people who might be linked to terrorism suspects.)

But the agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata. They spoke only on the condition of anonymity because the information was classified.

The concerns in the United States since Mr. Snowden’s revelations have largely focused on the scope of the agency’s collection of the private data of Americans and the potential for abuse. But the new documents provide a rare window into what the N.S.A. actually does with the information it gathers.

A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.

The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation’s adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say.

Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.

“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George Washington University. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”

The N.S.A. had been pushing for more than a decade to obtain the rule change allowing the analysis of Americans’ phone and e-mail data. Intelligence officials had been frustrated that they had to stop when a contact chain hit a telephone number or e-mail address believed to be used by an American, even though it might yield valuable intelligence primarily concerning a foreigner who was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A. officials also wanted to employ the agency’s advanced computer analysis tools to sift through its huge databases with much greater efficiency.

The agency had asked for the new power as early as 1999, the documents show, but had been initially rebuffed because it was not permitted under rules of the Foreign Intelligence Surveillance Court that were intended to protect the privacy of Americans.

A 2009 draft of an N.S.A. inspector general’s report suggests that contact chaining and analysis may have been done on Americans’ communications data under the Bush administration’s program of wiretapping without warrants, which began after the Sept. 11 attacks to detect terrorist activities and skirted the existing laws governing electronic surveillance.

In 2006, months after the wiretapping program was disclosed by The New York Times, the N.S.A.’s acting general counsel wrote a letter to a senior Justice Department official, which was also leaked by Mr. Snowden, formally asking for permission to perform the analysis on American phone and e-mail data. A Justice Department memo to the attorney general noted that the “misuse” of such information “could raise serious concerns,” and said the N.S.A. promised to impose safeguards, including regular audits, on the metadata program. In 2008, the Bush administration gave its approval.

A new policy that year, detailed in “Defense Supplemental Procedures Governing Communications Metadata Analysis,” authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court had ruled that metadata was not constitutionally protected, N.S.A. analysts could use such information “without regard to the nationality or location of the communicants,” according to an internal N.S.A. description of the policy.

After that decision, which was previously reported by The Guardian, the N.S.A. performed the social network graphing in a pilot project for 1 ½ years “to great benefit,” according to the 2011 memo. It was put in place in November 2010 in “Sigint Management Directive 424” (sigint refers to signals intelligence).

In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists.

Analysts were warned to follow existing “minimization rules,” which prohibit the N.S.A. from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a “U.S. person” — a citizen or legal resident — for actual eavesdropping.

The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked.

The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign.

The overall volume of metadata collected by the N.S.A. is reflected in the agency’s secret 2013 budget request to Congress. The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion “record events” daily and making them available to N.S.A. analysts within 60 minutes.

The spending includes support for the “Enterprise Knowledge System,” which has a $394 million multiyear budget and is designed to “rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale,” according to a 2008 document. The data is automatically computed to speed queries and discover new targets for surveillance.

A top-secret document titled “Better Person Centric Analysis” describes how the agency looks for 94 “entity types,” including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith, hasFather, sentForumMessage, employs.”

A 2009 PowerPoint presentation provided more examples of data sources available in the “enrichment” process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas.

At a Senate Intelligence Committee hearing on Thursday, General Alexander was asked if the agency ever collected or planned to collect bulk records about Americans’ locations based on cellphone tower data. He replied that it was not doing so as part of the call log program authorized by the Patriot Act, but said a fuller response would be classified.

If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.

One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency’s collection, the data in question was “being buffered for possible ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”


James Risen reported from Washington and New York.

Laura Poitras, a freelance journalist, reported from Berlin.

    N.S.A. Gathers Data on Social Connections of U.S. Citizens, NYT, 28.9.2013,






N.S.A. Foils Much Internet Encryption


September 5, 2013
The New York Times


The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached).

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”

Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.

“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.

“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”


A Vital Capability

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A.

Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools.

The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.

“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of an American Civil War battle. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.


Ties to Internet Companies

When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to a Web address.

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the acronym for signals intelligence, the technical term for electronic eavesdropping.

By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by exploiting security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.

Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Some companies have been asked to hand the government the encryption keys to all customer communications, according to people familiar with the government’s requests.

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.

That proposal met a backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global technology edge.

By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.

Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.

A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document warned.

Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.

Google, Yahoo, Microsoft and Facebook have pressed for permission to reveal more about the government’s requests for cooperation. One e-mail encryption company, Lavabit, closed rather than comply with the agency’s demands for customer information; another, Silent Circle, ended its e-mail service rather than face such demands.

In effect, facing the N.S.A.’s relentless advance, the companies surrendered.

Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”


John Markoff contributed reporting.

    N.S.A. Foils Much Internet Encryption, NYT, 5.9.2013,






A Weak Agenda on Spying Reform


August 9, 2013
The New York Times


President Obama, who seems to think the American people simply need some reassurance that their privacy rights are intact, proposed a series of measures on Friday that only tinker around the edges of the nation’s abusive surveillance programs.

He said he wants “greater oversight, greater transparency, and constraints” on the mass collection of every American’s phone records by the National Security Agency. He didn’t specify what those constraints and oversight measures would be, only that he would work with Congress to develop them. But, in the meantime, the collection of records will continue as it has for years, gathering far more information than is necessary to fight terrorism.

He said he wants an adversary to challenge the government’s positions at the secret Foreign Intelligence Surveillance Court, a long-needed reform that would allow the court’s federal judges to hear more than one point of view in approving targets and security policy. But if those arguments remain closed to the public — and the president did not suggest otherwise — then it will be impossible to evaluate whether the change has had any effect. At a minimum, he could have urged the court to release unclassified summaries of its opinions when possible.

Finally, he announced that the N.S.A. would hire a civil liberties and privacy officer and create a Web site about its mission, and that a task force would review the nation’s surveillance technologies. These measures, however, are unlikely to have a real effect on intelligence gathering.

Fundamentally, Mr. Obama does not seem to understand that the nation needs to hear more than soothing words about the government’s spying enterprise. He suggested that if ordinary people trusted the government not to abuse their privacy, they wouldn’t mind the vast collection of phone and e-mail data.

Bizarrely, he compared the need for transparency to showing his wife that he had done the dishes, rather than just telling her he had done so. Out-of-control surveillance is a bit more serious than kitchen chores. It is the existence of these programs that is the problem, not whether they are modestly transparent. As long as the N.S.A. believes it has the right to collect records of every phone call — and the administration released a white paper Friday that explained, unconvincingly, why it is perfectly legal — then none of the promises to stay within the law will mean a thing.

If all Mr. Obama is inclined to do is tweak these programs, then Congress will have to step in to curb these abuses, a path many lawmakers of both parties are already pursuing. There are bills pending that would stop the bulk collection of communications data, restricting it to those under suspicion of terrorism. Other measures would require the surveillance court to make public far more of its work. If the president is truly concerned about public anxiety, he can vocally support legislation to make meaningful changes, rather than urging people to trust him that the dishes are clean.

    A Weak Agenda on Spying Reform, NYT, 9.8.2013,






Threats Test Obama’s

Balancing Act on Surveillance


August 9, 2013
The New York Times


WASHINGTON — President Obama has said he wants eventually to scale back drone strikes and steer the country away from a single-minded focus on counterterrorism. But in response to a vague yet ominous terror warning in recent days, his administration shut down nearly two dozen American embassies and consulates and waged an intense drone campaign in Yemen.

American officials speak of the need for vigorous debate about controversial National Security Agency programs revealed by Edward J. Snowden, and Mr. Obama on Friday promised greater accountability to keep the surveillance state in check. Yet his underlying message was clear: the expansive monitoring of telephone and electronic communications would continue because the safety of the country depended on it.

America’s war on terrorism may one day end, as Mr. Obama said in a speech in May, but until that happens the president has given every indication that it will be fought in much the same way it has for nearly 12 years. Even Mr. Obama’s promise of more transparency appeared to fail an instant test during his Friday news conference. Asked about the flurry of American drone strikes in Yemen, which have been reported by every news outlet, Mr. Obama demurred.

“I will not have a discussion about operational issues,” he said.

Mr. Obama, who ran for office in 2008 against what he described as the excesses of counterterrorism under President George W. Bush, has occasionally expressed ambivalence about drone strikes and aggressive surveillance. But with Republicans ever ready to pounce with accusations that he has made the country less safe, he has declined to abandon any of the tools used by his predecessor, with the sole exception of the brutal interrogation methods once used by the C.I.A.

The government’s striking response to the reported terror threat in recent days has coincided with a wave of unprecedented skepticism about the N.S.A.’s sweeping surveillance programs since Mr. Snowden’s disclosures.

When Mr. Snowden began releasing secret documents two months ago, Mr. Obama said he welcomed a debate on the trade-offs of N.S.A. surveillance and privacy. But the debate has grown far larger than administration officials anticipated, with lawmakers of both parties in Congress and half of Americans in polls calling for curbs on the agency.

On Thursday, two small companies providing secure e-mail to customers added their voices. Lavabit and Silent Circle announced that they would shut down their e-mail services rather than give in to what they suggested was government pressure to make customers’ messages available to the N.S.A.

In a message on his Web site, Ladar Levison, the founder of Lavabit, said he was forced “to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit.”

He said he was prohibited by law from explaining what had happened over the last six weeks, but the suggestion was that he was fighting a government demand for access to the e-mail of one or more customers.

Mr. Snowden’s disclosures have had a continuing, even escalating impact as journalists have continued to pore over them. On Thursday, for instance, The New York Times wrote that the N.S.A. was examining all e-mail messages in and out of the country and searching them for clues associated with terrorism or foreign intelligence.

On Friday, The Guardian, the British newspaper that has published many of Mr. Snowden’s revelations, wrote about a clause in N.S.A. rules that permits the agency to search for Americans’ names and identifying information in data about foreign targets gathered from large Internet companies.

In his remarks on Friday, Mr. Obama said he was satisfied that the N.S.A. programs were both necessary and respectful of Americans’ privacy. He acknowledged the “instinctive bias of the intelligence community to keep everything very close.” But he said he had urged America’s spies to err on the side of making more details public.

“Let’s just put the whole elephant out there, and examine what’s working,” he said.

On Friday evening, the State Department announced that nearly all of the embassies and consulates that had been closed this week would reopen on Sunday — with only the American Embassy in Sana, Yemen, remaining closed. The consulate in Lahore, Pakistan, will also stay closed, the result of what American officials said is a different threat from the one that had forced the closing of the other diplomatic posts.

With intelligence agencies try trying to piece together information about a terror plot allegedly discussed in recent weeks between senior Qaeda operatives, American drones delivered a flurry of missile strikes throughout Yemen.

Eight strikes have been carried out in Yemen in the past two weeks, a ferocious rate of drone attacks rivaled only by the two-week period after a suicide bomber killed seven C.I.A. employees at a base in Afghanistan in December 2009.

During his speech at National Defense University in May, President Obama said that targeted killing operations needed to be tightly constrained. The United States only carries out strikes against terrorists who pose a “continuing and imminent threat” to Americans, the president said, and only when it is determined it would be impossible to detain them, rather than kill them.

And, Mr. Obama said, “before any strike is taken, there must be near-certainty that no civilians will be killed or injure — the highest standard we can set.”

It is yet unknown who exactly was killed in Yemen during the past two weeks. Therefore, it is hard to judge the recent strikes against those standards the president laid out in May. Specifically, did the dozens of people reportedly killed all pose a “direct and imminent threat”? And, with American officials fearing that an attack could happen at any moment, just how much care was taken before each strike to determine that no civilians were in the missiles’ path?

At the very least, this extraordinary period of killing operations in Yemen has revealed just how much the president’s stated inclination to be more judicious about drone strikes is tested in a period of perceived crisis.

Striking a balance between liberty and security is a leitmotif in many of President Obama’s speeches, and on Friday he spoke of “rebalancing” the ledger after the demands of more than a decade of war.

But the changes he announced on Friday were incremental rather than radical — more of what he referred to as “tightening the bolts” rather than dismantling the machine itself.


Mark Mazzetti reported from Washington,

and Scott Shane from New York.

    Threats Test Obama’s Balancing Act on Surveillance, NYT, 9.8.2013,






President Moves

to Ease Worries on Surveillance


August 9, 2013
The New York Times


WASHINGTON — President Obama on Friday sought to take control of the roiling debate over the National Security Agency’s surveillance practices, releasing a more detailed legal justification for domestic spying and calling for more openness and scrutiny of the N.S.A.’s programs to reassure a skeptical public that its privacy is not being violated.

“It’s right to ask questions about surveillance, particularly as technology is reshaping every aspect of our lives,” Mr. Obama said, adding: “It’s not enough for me, as president, to have confidence in these programs. The American people need to have confidence in them as well.”

But at a time when leaks by the former N.S.A. contractor Edward J. Snowden have exposed the agency’s expansive spying both inside the United States and abroad to an unprecedented degree of scrutiny, Mr. Obama showed no inclination to curtail secret surveillance efforts. Rather, he conceded only a need for greater openness and safeguards to make the public “comfortable” with them.

In meeting threats to the country, Mr. Obama said, “we have to strike the right balance between protecting our security and preserving our freedoms.” And while he said that the programs were valuable and that he was confident they had not been abused, he acknowledged that people “may want to jigger slightly” that balance.

Mr. Obama made his remarks at a wide-ranging news conference on the eve of his departure for a week’s vacation. He responded to questions on issues like the coming appointment of a new Federal Reserve chairman, the carrying out of his health care law, his relationship with President Vladimir V. Putin of Russia, and the current status of Al Qaeda. But he began with a lengthy statement about surveillance, and that was the focus of the nearly hourlong news conference.

Critics of the electronic spying brought to light by Mr. Snowden’s leaks said the president’s approach was insufficient. Anthony D. Romero, the executive director of the American Civil Liberties Union, said that a program that collects records of every domestic phone call — which Mr. Obama made clear he intends to keep — must be shut down.

“What’s clear is that these surveillance programs have gone much further than the president or Congress have ever admitted,” Mr. Romero said. “These initial recommendations from Obama today, albeit welcome, are too little too late. They are not sufficient to address serious concerns about possible violations of the law and about dragnet surveillance.”

A spokesman for Speaker John A. Boehner, Republican of Ohio, urged Mr. Obama not to let such criticism undermine the N.S.A.’s fundamental capabilities.

“Transparency is important, but we expect the White House to insist that no reform will compromise the operational integrity of the program,” said the spokesman, Brendan Buck. “That must be the president’s red line, and he must enforce it. Our priority should continue to be saving American lives, not saving face.”

A clear theme of Mr. Obama’s remarks was that he believed that the public’s understanding of the surveillance programs had been distorted. He portrayed some of Mr. Snowden’s leaks as having been reported in “the most sensationalized manner possible” and parceled out to “maximize attention” in “dribs and in drabs, sometimes coming out sideways.” The result has been misimpressions not merely among the American public, he said, but around the world — a reference to the widespread international criticism of the United States over reports of its surveillance policies.

“If you are the ordinary person and you start seeing a bunch of headlines saying ‘U.S. Big Brother looking down on you, collecting telephone records, etc.,’ well, understandably people would be concerned,” he said, while also addressing some of his reassurances to those abroad.

“To others around the world, I want to make clear once again that America is not interested in spying on ordinary people,” he said. “Our intelligence is focused above all on finding the information that’s necessary to protect our people and, in many cases, protect our allies. It’s true we have significant capabilities. What’s also true is we show a restraint that many governments around the world don’t even think to do.”

In an effort to rebuild public trust, Mr. Obama said he wanted to work with Congress to modify the phone log program, but in what he said would be an “appropriate” way. He listed as examples of those steps establishing more oversight and auditing how the database is used.

The president also threw his support behind a proposal to change the procedures of the secret court that approves electronic spying under the Foreign Intelligence Surveillance Act, saying an adversarial lawyer should make arguments opposing the Justice Department when the court is considering whether to approve broad surveillance programs.

The administration also released a 22-page unclassified “white paper” explaining in greater detail why the government believes that its bulk collection of domestic phone logs is lawful. At the same time, the N.S.A. released a seven-page paper outlining its role and authorities. The agency is creating a full-time civil liberties and privacy officer, Mr. Obama said, and next week it will open a Web site designed to explain itself better to the public.

“We can and must be more transparent,” Mr. Obama said.

In addition, Mr. Obama announced the creation of a task force that will include outside intelligence specialists and civil liberties advocates to advise the government about how to balance security and privacy as improving computer technology makes it possible to gather ever more information about people’s private lives.

In response to a reporter’s question, Mr. Obama obliquely acknowledged the terrorism alert in the Middle East that in recent days has prompted the withdrawals of embassy staff members in Yemen and other countries. He was asked how to square the apparent threat from Al Qaeda with his previous portrayals of the core of the group as severely weakened.

Mr. Obama said that the original Al Qaeda — the tightly organized, hierarchical group that was capable of “spectacular homeland attacks” like the ones on Sept. 11, 2001 — was indeed “decimated.” But its regional affiliates still pose a “destabilizing and disruptive” threat on the scale of potentially driving “a truck bomb into an embassy wall,” he said.

“We’ve got to continue to be vigilant and go after known terrorists who are potentially carrying out plots,” he said, adding: “This is an ongoing process. We are not going to completely eliminate terrorism. What we can do is to weaken it and to strengthen our partnerships in such a way that it does not pose the kind of horrible threat that we saw on 9/11.”

The news conference also dwelled on Mr. Snowden’s obtaining temporary refugee status in Russia, and the cooling relationship with the Putin government over that and several other issues, including the conflict in Syria and Russia’s crackdown on gay rights. Earlier in the week, Mr. Obama canceled a planned summit meeting with Mr. Putin in Moscow.

While Mr. Obama said he opposed calls to boycott the 2014 Winter Olympics in Russia, he acknowledged “emerging differences” with his Russian counterpart.

Asked whether the steps on surveillance he was taking amounted to a vindication of Mr. Snowden’s leaks, Mr. Obama rejected that notion. He said that Mr. Snowden should have gone to the Congressional intelligence committees with any concerns he had about surveillance, rather than “putting at risk our national security and some very vital ways that we are able to get intelligence that we need to secure the country.”

“I don’t think Mr. Snowden was a patriot,” Mr. Obama said.

    President Moves to Ease Worries on Surveillance, NYT, 9.8.2013,






Breaking Through Limits on Spying


August 8, 2013
The New York Times


Apparently no espionage tool that Congress gives the National Security Agency is big enough or intrusive enough to satisfy the agency’s inexhaustible appetite for delving into the communications of Americans. Time and again, the N.S.A. has pushed past the limits that lawmakers thought they had imposed to prevent it from invading basic privacy, as guaranteed by the Constitution.

It was bad enough in 2008 when Congress allowed the agency to spy without a warrant on e-mails and text messages between Americans and foreign targets of an investigation. That already strained the Fourth Amendment’s protections against illegal searches, but lawmakers decided it was justified as part of a terror investigation.

It turns out, as Charlie Savage revealed in The Times on Thursday, that the N.S.A. went far beyond those boundaries. Instead, it copies virtually all overseas messages that Americans send or receive, then scans them to see if they contain any references to people or subjects the agency thinks might have a link to terrorists.

That could very well include innocent communications between family members expressing fears of a terror attack. Or messages between an editor and a reporter who is covering international security issues. Or the privileged conversation between a lawyer and a client who is being investigated.

Data collection on this scale goes far beyond what Congress authorized, and it clearly shreds a common-sense understanding of the Fourth Amendment. It’s as if the government were telling its citizens not to even talk about security issues in private messages or else they will come to the attention of the nation’s spies. “By injecting the N.S.A. into virtually every crossborder interaction, the U.S. government will forever alter what has always been an open exchange of ideas,” said Jameel Jaffer, the deputy legal director of the American Civil Liberties Union.

Obama administration officials justified this unwarranted expansion of surveillance powers with the usual hairsplitting arguments over semantics. It’s not “bulk collection” of messages if the messages aren’t stored, they said (even if every message is analyzed by supercomputers as it is sent). It’s legitimate to search through conversations “about” a target, even if the target isn’t part of the conversation. Naturally, the Foreign Intelligence Surveillance Court approved these half-baked assertions with a secret opinion.

The disclosure of this practice makes it more urgent than ever that Congress clamp down on what is unquestionably the bulk collection of American communications and restrict it to clear targets of an investigation. Despite President Obama’s claim this week that “there is no spying on Americans,” the evidence shows that such spying is greater than the public ever knew.

    Breaking Through Limits on Spying, NYT, 8.8.2013,






N.S.A. Said to Search

Content of Messages to and From U.S.


August 8, 2013
The New York Times


WASHINGTON — The National Security Agency is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials.

The N.S.A. is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, a practice that government officials have openly acknowledged. It is also casting a far wider net for people who cite information linked to those foreigners, like a little used e-mail address, according to a senior intelligence official.

While it has long been known that the agency conducts extensive computer searches of data it vacuums up overseas, that it is systematically searching — without warrants — through the contents of Americans’ communications that cross the border reveals more about the scale of its secret operations.

It also adds another element to the unfolding debate, provoked by the disclosures of Edward J. Snowden, the former N.S.A. contractor, about whether the agency has infringed on Americans’ privacy as it scoops up e-mails and phone data in its quest to ferret out foreign intelligence.

Government officials say the cross-border surveillance was authorized by a 2008 law, the FISA Amendments Act, in which Congress approved eavesdropping on domestic soil without warrants as long as the “target” was a noncitizen abroad. Voice communications are not included in that surveillance, the senior official said.

Asked to comment, Judith A. Emmel, an N.S.A. spokeswoman, did not directly address surveillance of cross-border communications. But she said the agency’s activities were lawful and intended to gather intelligence not about Americans but about “foreign powers and their agents, foreign organizations, foreign persons or international terrorists.”

“In carrying out its signals intelligence mission, N.S.A. collects only what it is explicitly authorized to collect,” she said. “Moreover, the agency’s activities are deployed only in response to requirements for information to protect the country and its interests.”

Hints of the surveillance appeared in a set of rules, leaked by Mr. Snowden, for how the N.S.A. may carry out the 2008 FISA law. One paragraph mentions that the agency “seeks to acquire communications about the target that are not to or from the target.” The pages were posted online by the newspaper The Guardian on June 20, but the telltale paragraph, the only rule marked “Top Secret” amid 18 pages of restrictions, went largely overlooked amid other disclosures.

To conduct the surveillance, the N.S.A. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border. The senior intelligence official, who, like other former and current government officials, spoke on condition of anonymity because of the sensitivity of the topic, said the N.S.A. makes a “clone of selected communication links” to gather the communications, but declined to specify details, like the volume of the data that passes through them.

Computer scientists said that it would be difficult to systematically search the contents of the communications without first gathering nearly all cross-border text-based data; fiber-optic networks work by breaking messages into tiny packets that flow at the speed of light over different pathways to their shared destination, so they would need to be captured and reassembled.

The official said that a computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them. The remaining communications, the official said, are deleted; the entire process takes “a small number of seconds,” and the system has no ability to perform “retrospective searching.”

The official said the keyword and other terms were “very precise” to minimize the number of innocent American communications that were flagged by the program. At the same time, the official acknowledged that there had been times when changes by telecommunications providers or in the technology had led to inadvertent overcollection. The N.S.A. monitors for these problems, fixes them and reports such incidents to its overseers in the government, the official said.

The disclosure sheds additional light on statements intelligence officials have made recently, reassuring the public that they do not “target” Americans for surveillance without warrants.

At a House Intelligence Committee oversight hearing in June, for example, a lawmaker pressed the deputy director of the N.S.A., John Inglis, to say whether the agency listened to the phone calls or read the e-mails and text messages of American citizens. Mr. Inglis replied, “We do not target the content of U.S. person communications without a specific warrant anywhere on the earth.”

Timothy Edgar, a former intelligence official in the Bush and Obama administrations, said that the rule concerning collection “about” a person targeted for surveillance rather than directed at that person had provoked significant internal discussion.

“There is an ambiguity in the law about what it means to ‘target’ someone,” Mr. Edgar, now a visiting professor at Brown, said. “You can never intentionally target someone inside the United States. Those are the words we were looking at. We were most concerned about making sure the procedures only target communications that have one party outside the United States.”

The rule they ended up writing, which was secretly approved by the Foreign Intelligence Surveillance Court, says that the N.S.A. must ensure that one of the participants in any conversation that is acquired when it is searching for conversations about a targeted foreigner must be outside the United States, so that the surveillance is technically directed at the foreign end.

Americans’ communications singled out for further analysis are handled in accordance with “minimization” rules to protect privacy approved by the surveillance court. If private information is not relevant to understanding foreign intelligence, it is deleted; if it is relevant, the agency can retain it and disseminate it to other agencies, the rules show.

While the paragraph hinting at the surveillance has attracted little attention, the American Civil Liberties Union did take note of the “about the target” language in a June 21 post analyzing the larger set of rules, arguing that the language could be interpreted as allowing “bulk” collection of international communications, including of those of Americans.

Jameel Jaffer, a senior lawyer at the A.C.L.U., said Wednesday that such “dragnet surveillance will be poisonous to the freedoms of inquiry and association” because people who know that their communications will be searched will change their behavior.

“They’ll hesitate before visiting controversial Web sites, discussing controversial topics or investigating politically sensitive questions,” Mr. Jaffer said. “Individually, these hesitations might appear to be inconsequential, but the accumulation of them over time will change citizens’ relationship to one another and to the government.”

The senior intelligence official argued, however, that it would be inaccurate to portray the N.S.A. as engaging in “bulk collection” of the contents of communications. “ ‘Bulk collection’ is when we collect and retain for some period of time that lets us do retrospective analysis,” the official said. “In this case, we do not do that, so we do not consider this ‘bulk collection.’ ”

Stewart Baker, a former general counsel for the N.S.A., said that such surveillance could be valuable in identifying previously unknown terrorists or spies inside the United States who unwittingly reveal themselves to the agency by discussing a foreign-intelligence “indicator.” He cited a situation in which officials learn that Al Qaeda was planning to use a particular phone number on the day of an attack.

“If someone is sending that number out, chances are they are on the inside of the plot, and I want to find the people who are on the inside of the plot,” he said.

The senior intelligence official said that the “about the target” surveillance had been valuable, but said it was difficult to point to any particular terrorist plot that would have been carried out if the surveillance had not taken place. He said it was one tool among many used to assemble a “mosaic” of information in such investigations. The surveillance was used for other types of foreign-intelligence collection, not just terrorism investigations, the official said.

There has been no public disclosure of any ruling by the Foreign Intelligence Surveillance Court explaining its legal analysis of the 2008 FISA law and the Fourth Amendment as allowing “about the target” searches of Americans’ cross-border communications. But in 2009, the Justice Department’s Office of Legal Counsel signed off on a similar process for searching federal employees’ communications without a warrant to make sure none contain malicious computer code.

That opinion, by Steven G. Bradbury, who led the office in the Bush administration, may echo the still-secret legal analysis. He wrote that because that system, called EINSTEIN 2.0, scanned communications traffic “only for particular malicious computer code” and there was no authorization to acquire the content for unrelated purposes, it “imposes, at worst, a minimal burden upon legitimate privacy rights.”

    N.S.A. Said to Search Content of Messages to and From U.S., NYT, 8.8.2013,






Senate Panel Presses N.S.A.

on Phone Logs


July 31, 2013
The New York Times


WASHINGTON — Senators of both parties on Wednesday sharply challenged the National Security Agency’s collection of records of all domestic phone calls, even as the latest leaked N.S.A. document provided new details on the way the agency monitors Web browsing around the world.

At a Senate Judiciary Committee hearing, the chairman, Patrick J. Leahy, Democrat of Vermont, accused Obama administration officials of overstating the success of the domestic call log program. He said he had been shown a classified list of “terrorist events” detected through surveillance, and it did not show that “dozens or even several terrorist plots” had been thwarted by the domestic program.

“If this program is not effective it has to end. So far, I’m not convinced by what I’ve seen,” Mr. Leahy said, citing the “massive privacy implications” of keeping records of every American’s domestic calls.

At the start of the hearing, the Obama administration released previously classified documents outlining the rules for how the domestic phone records may be accessed and used by intelligence analysts. And as senators debated the program, The Guardian published on its Web site a still-classified 32-page presentation, apparently downloaded by Edward J. Snowden, the former N.S.A. contractor, that describes a separate surveillance activity by the agency.

Called the XKeyscore program, it apparently gives N.S.A. analysts access to virtually any Internet browsing activity around the world, data that is being vacuumed up from 150 foreign sites.

Together, the new disclosures provided additional details on the scope of the United States government’s secret surveillance programs, which have been dragged into public view and public debate by leaks from Mr. Snowden, who remains stranded in a Moscow airport.

The hearing came a week after the House voted narrowly to defeat an amendment to shut down the N.S.A.’s domestic phone record tracking program. The 217-to-205 vote was far closer than expected, and it — along with shifting poll numbers — suggested that momentum against the domestic program was building. In recent days even some of the most outspoken supporters of the program have said they are open to adjusting it.

The Obama administration has been trying to build public support for its surveillance programs, which trace back to the Bush administration, by arguing that they are subject to strict safeguards and court oversight and that they have helped thwart as many as 54 terrorist events. That figure, Mr. Leahy emphasized, relies upon conflating another program that allows surveillance targeted at noncitizens abroad, which has apparently been quite valuable, with the domestic one.

Still, Senator Dianne Feinstein, the California Democrat who is chairwoman of the Senate Intelligence Committee, said she supported overhauling the program but keeping it in place because it generates information that might prevent attacks.

John C. Inglis, the deputy director of the N.S.A., said there had been 13 investigations in which the domestic call tracking program made a “contribution.” He cited two discoveries: that several men in San Diego were sending money to a terrorist group in Somalia, and that a suspect who was already under scrutiny in a subway bomb plot was using a different phone.

Robert S. Litt, the top lawyer in the Office of the Director of National Intelligence, testified that the Obama administration was also “open to re-evaluating this program” to create greater public confidence that it protects privacy while “preserving the essence of the program.” Administration officials have emphasized that the program collects only so-called metadata, and not the contents of phone calls.

Still, the top Republican on the committee, Senator Charles E. Grassley of Iowa, asked skeptical questions about the legal basis for the program while criticizing the director of national intelligence, James Clapper, for making inaccurate statements to Congress about it in March. Mr. Clapper has since apologized.

“Nothing can excuse this kind of behavior from a senior administration official of any administration, especially on matters of such grave importance,” Mr. Grassley said.

A series of slides describing XKeyscore, dated 2008, make it clear that the security agency system is collecting a huge amount of data on Internet activity around the globe, from chats on social networks to browsing of Web sites and searches on Google Maps. The volume of data is so vast that most of it is stored for only three days, although metadata — information showing logins and server activity, but not content — is stored for a month. Several of the pages were redacted by The Guardian.

Some of the servers the agency uses are run by foreign intelligence services of friendly nations, including Britain, Australia, Canada and New Zealand, but other servers may be on the soil of countries unaware the agency is mining Internet “pipes” on their soil. Some of the harvesting of data takes place on the coasts of the United States, and along the Mexican border. Most sites are in Europe, the Middle East, and along the borders of India, Pakistan, and China.

The intelligence analysts search for terrorist cells by looking at “anomalous events” — someone searching in German from Pakistani sites, or an Iranian sending an encrypted Microsoft Word file. But one slide says the system can be used to identify anyone “searching the Web for suspicious stuff.”

The presentation says the system enables analysts to identify and pursue leads even if they do not yet know the name, or the e-mail address, of a suspect. “A large amount of time spent on the Web is performing actions that are anonymous,” it explains.

One example of how analysts might use the system is to search for whenever someone has started up a “virtual private network” in a particular country of interest; the networks are pipelines that add greater security to online communications. N.S.A. analysts are able to use the system to extract the activity retrospectively from “raw unselected bulk traffic,” the documents say, and then decrypt it to “discover the users.”

The agency said its surveillance of the Internet was part of its “lawful foreign signals intelligence collection” and not “arbitrary and unconstrained.” The chairman of the House Intelligence Committee, Representative Mike Rogers, and the ranking Democrat, C. A. Dutch Ruppersberger, said, “The program does not target American citizens.”

The XKeyscore presentation claimed the program had generated intelligence that resulted in the capture of more than 300 terrorists. By contrast, the documents released by the government about the domestic phone log program were more abstract.

They included briefing papers to Congress from 2009 and 2011 about the “very large scale” logging of Americans’ calling records — along with a related program that logged Americans’ e-mails, and that was shut down later in 2011 — portraying the programs as providing a vital and important capability.

But Senator Ron Wyden, an Oregon Democrat on the Senate Intelligence Committee who has been a leading critic of the bulk collection programs, said the program had been shut down because officials were unable “to provide evidence to support the claims” of operational value. Mr. Wyden has also questioned the utility of the phone log program.

The new documents also included an April “primary order” by the Foreign Intelligence Surveillance Court that supported orders requiring phone companies to turn over all customer records. It said the government may access the records only when there are “facts giving rise to a reasonable, articulable suspicion” that the number to be searched is associated with terrorism.

However, it said that the results of each inquiry are then placed in a “corporate store” that analysts may search without any such limits. Intelligence officials have separately said that search results include not just a target’s phone records, but also exponentially larger sets of the records of people in as many as three concentric circles around the target.

    Senate Panel Presses N.S.A. on Phone Logs, NYT, 31.7.2013,






The Criminal N.S.A.


June 27, 2013
The New York Times


THE twin revelations that telecom carriers have been secretly giving the National Security Agency information about Americans’ phone calls, and that the N.S.A. has been capturing e-mail and other private communications from Internet companies as part of a secret program called Prism, have not enraged most Americans. Lulled, perhaps, by the Obama administration’s claims that these “modest encroachments on privacy” were approved by Congress and by federal judges, public opinion quickly migrated from shock to “meh.”

It didn’t help that Congressional watchdogs — with a few exceptions, like Senator Rand Paul, Republican of Kentucky — have accepted the White House’s claims of legality. The leaders of the Senate Intelligence Committee, Dianne Feinstein, Democrat of California, and Saxby Chambliss, Republican of Georgia, have called the surveillance legal. So have liberal-leaning commentators like Hendrik Hertzberg and David Ignatius.

This view is wrong — and not only, or even mainly, because of the privacy issues raised by the American Civil Liberties Union and other critics. The two programs violate both the letter and the spirit of federal law. No statute explicitly authorizes mass surveillance. Through a series of legal contortions, the Obama administration has argued that Congress, since 9/11, intended to implicitly authorize mass surveillance. But this strategy mostly consists of wordplay, fear-mongering and a highly selective reading of the law. Americans deserve better from the White House — and from President Obama, who has seemingly forgotten the constitutional law he once taught.

The administration has defended each of the two secret programs. Let’s examine them in turn.

Edward J. Snowden, the former N.S.A. contract employee and whistle-blower, has provided evidence that the government has phone record metadata on all Verizon customers, and probably on every American, going back seven years. This metadata is extremely revealing; investigators mining it might be able to infer whether we have an illness or an addiction, what our religious affiliations and political activities are, and so on.

The law under which the government collected this data, Section 215 of the Patriot Act, allows the F.B.I. to obtain court orders demanding that a person or company produce “tangible things,” upon showing reasonable grounds that the things sought are “relevant” to an authorized foreign intelligence investigation. The F.B.I. does not need to demonstrate probable cause that a crime has been committed, or any connection to terrorism.

Even in the fearful time when the Patriot Act was enacted, in October 2001, lawmakers never contemplated that Section 215 would be used for phone metadata, or for mass surveillance of any sort. Representative F. James Sensenbrenner Jr., a Wisconsin Republican and one of the architects of the Patriot Act, and a man not known as a civil libertarian, has said that “Congress intended to allow the intelligence communities to access targeted information for specific investigations.” The N.S.A.’s demand for information about every American’s phone calls isn’t “targeted” at all — it’s a dragnet. “How can every call that every American makes or receives be relevant to a specific investigation?” Mr. Sensenbrenner has asked. The answer is simple: It’s not.

The government claims that under Section 215 it may seize all of our phone call information now because it might conceivably be relevant to an investigation at some later date, even if there is no particular reason to believe that any but a tiny fraction of the data collected might possibly be suspicious. That is a shockingly flimsy argument — any data might be “relevant” to an investigation eventually, if by “eventually” you mean “sometime before the end of time.” If all data is “relevant,” it makes a mockery of the already shaky concept of relevance.

Let’s turn to Prism: the streamlined, electronic seizure of communications from Internet companies. In combination with what we have already learned about the N.S.A.’s access to telecommunications and Internet infrastructure, Prism is further proof that the agency is collecting vast amounts of e-mails and other messages — including communications to, from and between Americans.

The government justifies Prism under the FISA Amendments Act of 2008. Section 1881a of the act gave the president broad authority to conduct warrantless electronic surveillance. If the attorney general and the director of national intelligence certify that the purpose of the monitoring is to collect foreign intelligence information about any non­American individual or entity not known to be in the United States, the Foreign Intelligence Surveillance Court can require companies to provide access to Americans’ international communications. The court does not approve the target or the facilities to be monitored, nor does it assess whether the government is doing enough to minimize the intrusion, correct for collection mistakes and protect privacy. Once the court issues a surveillance order, the government can issue top-secret directives to Internet companies like Google and Facebook to turn over calls, e-mails, video and voice chats, photos, voice­over IP calls (like Skype) and social networking information.

Like the Patriot Act, the FISA Amendments Act gives the government very broad surveillance authority. And yet the Prism program appears to outstrip that authority. In particular, the government “may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States.”

The government knows that it regularly obtains Americans’ protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.

How could vacuuming up Americans’ communications conform with this legal limitation? Well, as James R. Clapper Jr., the director of national intelligence, told Andrea Mitchell of NBC, the N.S.A. uses the word “acquire” only when it pulls information out of its gigantic database of communications and not when it first intercepts and stores the information.

If there’s a law against torturing the English language, James Clapper is in real trouble.

The administration hides the extent of its “incidental” surveillance of Americans behind fuzzy language. When Congress reauthorized the law at the end of 2012, legislators said Americans had nothing to worry about because the surveillance could not “target” American citizens or permanent residents. Mr. Clapper offered the same assurances. Based on these statements, an ordinary citizen might think the N.S.A. cannot read Americans’ e-mails or online chats under the F.A.A. But that is a government ­fed misunderstanding.

A “target” under the act is a person or entity the government wants information on — not the people the government is trying to listen to. It’s actually O.K. under the act to grab Americans’ messages so long as they are communicating with the target, or anyone who is not in the United States.

Leave aside the Patriot Act and FISA Amendments Act for a moment, and turn to the Constitution.

The Fourth Amendment obliges the government to demonstrate probable cause before conducting invasive surveillance. There is simply no precedent under the Constitution for the government’s seizing such vast amounts of revealing data on innocent Americans’ communications.

The government has made a mockery of that protection by relying on select Supreme Court cases, decided before the era of the public Internet and cellphones, to argue that citizens have no expectation of privacy in either phone metadata or in e-mails or other private electronic messages that it stores with third parties.

This hairsplitting is inimical to privacy and contrary to what at least five justices ruled just last year in a case called United States v. Jones. One of the most conservative justices on the Court, Samuel A. Alito Jr., wrote that where even public information about individuals is monitored over the long term, at some point, government crosses a line and must comply with the protections of the Fourth Amendment. That principle is, if anything, even more true for Americans’ sensitive nonpublic information like phone metadata and social networking activity.

We may never know all the details of the mass surveillance programs, but we know this: The administration has justified them through abuse of language, intentional evasion of statutory protections, secret, unreviewable investigative procedures and constitutional arguments that make a mockery of the government’s professed concern with protecting Americans’ privacy. It’s time to call the N.S.A.’s mass surveillance programs what they are: criminal.


Jennifer Stisa Granick is the director of civil liberties

at the Stanford Center for Internet and Society.

Christopher Jon Sprigman is a professor

at the University of Virginia School of Law.

    The Criminal N.S.A., NYT, 27.6.2013,






Obama Calls Surveillance Programs

Legal and Limited


June 7, 2013
The New York Times


WASHINGTON — President Obama offered a robust defense of newly revealed surveillance programs on Friday as more classified secrets spilled into public, complicating a summit meeting with China’s new president focused partly on human rights and cybersecurity.

Mr. Obama departed from his script at a health care event in California to try to reassure Americans that he had not abused government authority by collecting telephone call logs and foreigners’ e-mail messages. But the disclosure hours later of secret contingency planning to target other countries for possible cyberattacks made his get-together with President Xi Jinping later in the day all the more awkward because cyberattacks by the Chinese are high on the American agenda.

The latest of three documents published over three days by the British newspaper The Guardian added to the understanding of the Obama administration’s approach to national security in an age of multifaceted threats and became another factor in the renewed debate over the balance between privacy and security.

The identity of the person who gave those documents to The Guardian and The Washington Post is not known, but The Post has described its source as a career intelligence officer angry at “what he believes to be a gross intrusion on privacy” by the Obama administration.

Once a critic of President George W. Bush’s hawkish policies, Mr. Obama was ready with an explanation for why he has preserved and extended some of them when a reporter asked him at the health care event if he could assure Americans that the government was not building a database of their personal information. “Nobody is listening to your telephone calls,” Mr. Obama said. “That’s not what this program’s about.”

But he argued that “modest encroachments on privacy” were “worth us doing” to protect the country, and he said that Congress and the courts had authorized those programs.

A National Security Agency telephone surveillance program collects phone numbers and the duration of calls, not the content, he said. An Internet surveillance program targets foreigners living abroad, not Americans, he added.

“There are some trade-offs involved,” Mr. Obama said. “I came with a healthy skepticism about these programs. My team evaluated them. We scrubbed them thoroughly.” In the end, he concluded that “they help us prevent terrorist attacks.”

But the disclosures united liberal Democrats and libertarian Republicans in accusing him of abandoning values he once espoused. “We believe the large-scale collection of this information by the government has a very significant impact on Americans’ privacy, whether senior government officials recognize that fact or not,” Senators Ron Wyden of Oregon and Mark Udall of Colorado, both Democrats, wrote in a joint response to the president’s remarks.

Senator Richard J. Durbin, the Senate’s No. 2 Democrat and an Obama ally from Illinois, rebuffed the president’s contention that Congress had been kept abreast of the programs, saying only a handful of top leaders are regularly briefed.

“To say that there’s Congressional approval suggests a level of information and oversight that’s just not there,” he said in an interview. He added that the sort of data mining revealed in recent days “really pushes the role of government to the limit.”

Advocates of Congressional intervention said public pressure could revive legislation to at least force more transparency about the programs. “The timing has never been better to revisit our past decisions,” said Senator Mike Lee, a Utah Republican.

But it was not clear whether there would be a popular backlash to the programs beyond some outrage on Twitter and Facebook, and even critics like Mr. Durbin were skeptical. Many Americans interviewed around the country on Friday shared concerns about their civil liberties but expressed a certain grudging resignation as well.

In Congress, the main vehicle for any changes, a reauthorization of the 1978 law that created the Foreign Intelligence Surveillance Court, passed only last December and is not due for renewal for five years. During the debate last winter, the Senate voted on a bipartisan basis to reject amendments to force transparency or curtail surveillance.

Moreover, beyond Mr. Durbin, Congressional leaders and senior lawmakers on the intelligence committees expressed few qualms. The House speaker, John A. Boehner, Republican of Ohio, said Mr. Obama must be more forceful in explaining the programs but declined to discuss his own position. Senator Harry Reid of Nevada, the Democratic majority leader, dismissed concerns. “Everyone should just calm down and understand this isn’t anything that is brand new,” he said.

Just hours after the president spoke, The Guardian posted online a copy of a classified directive Mr. Obama signed last year laying out conditions under which the president could order cyberattacks against another country, akin to the attacks on Iran’s uranium enrichment plant.

The directive ordered the government to “identify potential targets of national importance” against which offensive cyberoperations “can offer a favorable balance of effectiveness and risk as compared with other instruments of national power.” That means, in essence, that the Pentagon’s Cyber Command and the intelligence agencies would maintain lists of targets around the world that could be damaged more effectively, and more covertly, by a computer attack than by a missile or bomber attack.

As previously reported, the document says only the president can authorize offensive cyberoperations, just as only he can authorize the use of nuclear weapons. The directive also reserves the right to take “anticipatory action against imminent threats” to protect critical infrastructure in the United States, including power utilities, cellphone networks and financial markets.

That raised the possibility that the United States could strike first if it feared a large attack from China or another country. Officials have blamed China for a variety of computer spying and cyberattacks, a subject featured on Mr. Obama’s agenda with Mr. Xi in Southern California.

Josh Earnest, a White House spokesman, said the revelations would not hinder the president’s discussions with Mr. Xi.


David E. Sanger contributed reporting from Washington,

and Jackie Calmes from San Jose, Calif.

    Obama Calls Surveillance Programs Legal and Limited, NYT, 7.6.2013,






U.S. Says It Gathers Online Data Abroad


June 6, 2013
The New York Times


WASHINGTON — The federal government has been secretly collecting information on foreigners overseas for nearly six years from the nation’s largest Internet companies like Google, Facebook and, most recently, Apple, in search of national security threats, the director of national intelligence confirmed Thursday night.

The confirmation of the classified program came just hours after government officials acknowledged a separate seven-year effort to sweep up records of telephone calls inside the United States. Together, the unfolding revelations opened a window into the growth of government surveillance that began under the Bush administration after the terrorist attacks of Sept. 11, 2001, and has clearly been embraced and even expanded under the Obama administration.

Government officials defended the two surveillance initiatives as authorized under law, known to Congress and necessary to guard the country against terrorist threats. But an array of civil liberties advocates and libertarian conservatives said the disclosures provided the most detailed confirmation yet of what has been long suspected about what the critics call an alarming and ever-widening surveillance state.

The Internet surveillance program collects data from online providers including e-mail, chat services, videos, photos, stored data, file transfers, video conferencing and log-ins, according to classified documents obtained and posted by The Washington Post and then The Guardian on Thursday afternoon.

In confirming its existence, officials said that the program, called Prism, is authorized under a foreign intelligence law that was recently renewed by Congress, and maintained that it minimizes the collection and retention of information “incidentally acquired” about Americans and permanent residents. Several of the Internet companies said they did not allow the government open-ended access to their servers but complied with specific lawful requests for information.

“It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States,” James Clapper, the director of national intelligence, said in a statement, describing the law underlying the program. “Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

The Prism program grew out of the National Security Agency’s desire several years ago to begin addressing the agency’s need to keep up with the explosive growth of social media, according to people familiar with the matter.

The dual revelations, in rapid succession, also suggested that someone with access to high-level intelligence secrets had decided to unveil them in the midst of furor over leak investigations. Both were reported by The Guardian, while The Post, relying upon the same presentation, almost simultaneously reported the Internet company tapping. The Post said a disenchanted intelligence official provided it with the documents to expose government overreach.

Before the disclosure of the Internet company surveillance program on Thursday, the White House and Congressional leaders defended the phone program, saying it was legal and necessary to protect national security.

Josh Earnest, a White House spokesman, told reporters aboard Air Force One that the kind of surveillance at issue “has been a critical tool in protecting the nation from terror threats as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.” He added: “The president welcomes a discussion of the trade-offs between security and civil liberties.”

The Guardian and The Post posted several slides from the 41-page presentation about the Internet program, listing the companies involved — which included Yahoo, Microsoft, Paltalk, AOL, Skype and YouTube — and the dates they joined the program, as well as listing the types of information collected under the program.

The reports came as President Obama was traveling to meet President Xi Jinping of China at an estate in Southern California, a meeting intended to address among other things complaints about Chinese cyberattacks and spying. Now that conversation will take place amid discussion of America’s own vast surveillance operations.

But while the administration and lawmakers who supported the telephone records program emphasized that all three branches of government had signed off on it, Anthony Romero of the American Civil Liberties Union denounced the surveillance as an infringement of fundamental individual liberties, no matter how many parts of the government approved of it.

“A pox on all the three houses of government,” Mr. Romero said. “On Congress, for legislating such powers, on the FISA court for being such a paper tiger and rubber stamp, and on the Obama administration for not being true to its values.”

Others raised concerns about whether the telephone program was effective.

Word of the program emerged when The Guardian posted an April order from the secret foreign intelligence court directing a subsidiary of Verizon Communications to give the N.S.A. “on an ongoing daily basis” until July logs of communications “between the United States and abroad” or “wholly within the United States, including local telephone calls.”

On Thursday, Senators Dianne Feinstein of California and Saxby Chambliss of Georgia, the top Democrat and top Republican on the Intelligence Committee, said the court order appeared to be a routine reauthorization as part of a broader program that lawmakers have long known about and supported.

“As far as I know, this is an exact three-month renewal of what has been the case for the past seven years,” Ms. Feinstein said, adding that it was carried out by the Foreign Intelligence Surveillance Court “under the business records section of the Patriot Act.”

“Therefore, it is lawful,” she said. “It has been briefed to Congress.”

While refusing to confirm or to directly comment on the reported court order, Verizon, in an internal e-mail to employees, defended its release of calling information to the N.S.A. Randy Milch, an executive vice president and general counsel, wrote that “the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply.”

Sprint and AT&T have also received demands for data from national security officials, according to people familiar with the requests. Those companies as well as T-Mobile and CenturyLink declined to say Thursday whether they were or had been under a similar court order.

Lawmakers and administration officials who support the phone program defended it in part by noting that it was only for “metadata” — like logs of calls sent and received — and did not involve listening in on people’s conversations.

The Internet company program appeared to involve eavesdropping on the contents of communications of foreigners. The senior administration official said its legal basis was the so-called FISA Amendments Act, a 2008 law that allows the government to obtain an order from a national security court to conduct blanket surveillance of foreigners abroad without individualized warrants even if the interception takes place on American soil.

The law, which Congress reauthorized in late 2012, is controversial in part because Americans’ e-mails and phone calls can be swept into the database without an individualized court order when they communicate with people overseas. While the newspapers portrayed the classified documents as indicating that the N.S.A. obtained direct access to the companies’ servers, several of the companies — including Google, Facebook, Microsoft and Apple — denied that the government could do so. Instead, the companies have negotiated with the government technical means to provide specific data in response to court orders, according to people briefed on the arrangements.

“Google cares deeply about the security of our users’ data,” the company said in a statement. “We disclose user data to government in accordance with the law and we review all such requests carefully. From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘backdoor’ for the government to access private user data.”

While murky questions remained about the Internet company program, the confirmation of the calling log program solved a mystery that has puzzled national security legal policy observers in Washington for years: why a handful of Democrats on the Senate Intelligence Committee were raising cryptic alarms about Section 215 of the Patriot Act, the law Congress enacted after the 9/11 attacks.

Section 215 made it easier for the government to obtain a secret order for business records, so long as they were deemed relevant to a national security investigation.

Section 215 is among the sections of the Patriot Act that have periodically come up for renewal. Since around 2009, a handful of Democratic senators briefed on the program — including Ron Wyden of Oregon — have sought to tighten that standard to require a specific nexus to terrorism before someone’s records could be obtained, while warning that the statute was being interpreted in an alarming way that they could not detail because it was classified.

On Thursday, Mr. Wyden confirmed that the program is what he and others have been expressing concern about. He said he hoped the disclosure would “force a real debate” about whether such “sweeping, dragnet surveillance” should be permitted — or is even effective.

But just as efforts by Mr. Wyden and fellow skeptics, including Senators Richard J. Durbin of Illinois and Mark Udall of Colorado, to tighten standards on whose communications logs could be obtained under the Patriot Act have repeatedly failed, their criticism was engulfed in a clamor of broad, bipartisan support for the program.

“If we don’t do it,” said Senator Lindsey Graham, Republican of South Carolina, “we’re crazy.”

And Representative Mike Rogers, Republican of Michigan and the chairman of the House Intelligence Committee, claimed in a news conference that the program helped stop a significant domestic terrorist attack in the United States in the last few years. He gave no details.

It has long been known that one aspect of the Bush administration’s program of surveillance without court oversight involved vacuuming up communications metadata and mining the database to identify associates — called a “community of interest” — of a suspected terrorist.

In December 2005, The New York Times revealed the existence of elements of that program, setting off a debate about civil liberties and the rule of law. But in early 2007, Alberto R. Gonzales, then the attorney general, announced that after months of extensive negotiation, the Foreign Intelligence Surveillance Court had approved “innovative” and “complex” orders bringing the surveillance programs under its authority.


Reporting was contributed by Eric Schmitt, Jonathan Weisman

and James Risen from Washington;

Brian X. Chen from New York; Vindu Goel, Claire Cain Miller,

Nicole Perlroth, Somini Sengupta

and Michael S. Schmidt from San Francisco;

and Nick Wingfield from Seattle.

    U.S. Says It Gathers Online Data Abroad, NYT, 6.5.2013,






U.S. Is Secretly

Collecting Records of Verizon Calls


June 5, 2013
The New York Times


WASHINGTON — The Obama administration is secretly carrying out a domestic surveillance program under which it is collecting business communications records involving Americans under a hotly debated section of the Patriot Act, according to a highly classified court order disclosed on Wednesday night.

The order, signed by Judge Roger Vinson of the Foreign Intelligence Surveillance Court in April, directs a Verizon Communications subsidiary, Verizon Business Network Services, to turn over “on an ongoing daily basis” to the National Security Agency all call logs “between the United States and abroad” or “wholly within the United States, including local telephone calls.”

The order does not apply to the content of the communications.

Verizon Business Network Services is one of the nation’s largest telecommunications and Internet providers for corporations. It is not clear whether similar orders have gone to other parts of Verizon, like its residential or cellphone services, or to other telecommunications carriers. The order prohibits its recipient from discussing its existence, and representatives of both Verizon and AT&T declined to comment Wednesday evening.

The four-page order was disclosed Wednesday evening by the newspaper The Guardian. Obama administration officials at the F.B.I. and the White House also declined to comment on it Wednesday evening, but did not deny the report, and a person familiar with the order confirmed its authenticity. “We will respond as soon as we can,” said Marci Green Miller, a National Security Agency spokeswoman, in an e-mail.

The order was sought by the Federal Bureau of Investigation under a section of the Foreign Intelligence Surveillance Act, the 1978 law that regulates domestic surveillance for national security purposes, including “tangible things” which the law defines as business records. The provision was expanded by Section 215 of the Patriot Act, which Congress enacted after the 9/11 terrorist attacks.

The order was marked “TOP SECRET//SI//NOFORN,” referring to communications-related intelligence information that may not be released to noncitizens. That would make it among the most closely held secrets in the federal government, and its disclosure comes amid a furor over the Obama administration’s aggressive tactics in its investigations of leaks.

The collection of call logs is set to expire in July unless the court extends it.

The mass collection of communications logs, or calling “metadata,” was believed to be a major component of the Bush administration’s surveillance program that took place without court order under the Foreign Intelligence Surveillance Act. The order would suggest that the government later continued a form of that aspect of the program by bringing it under the Patriot Act.

The disclosure late Wednesday seemed likely to set off a new furor over the scope of government surveillance. Kate Martin of the Center for National Security Studies, a civil liberties advocacy group, said that “absent some explanation I haven’t thought of, this looks like the largest assault on privacy since the N.S.A. wiretapped Americans in clear violation of the law” under the Bush administration. “On what possible basis has the government refused to tell us that it believes that the law authorizes this kind of request?” she said.

For several years, two Democrats on the Senate Intelligence Committee, Senator Ron Wyden of Oregon and Senator Mark Udall of Colorado, have been cryptically warning that the government was interpreting its surveillance powers under that section of the Patriot Act in a way that would be alarming to the public if it knew about it.

“We believe most Americans would be stunned to learn the details of how these secret court opinions have interpreted section 215 of the Patriot Act,” they wrote last year in a letter to Attorney General Eric H. Holder Jr.

They added: “As we see it, there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows. This is a problem, because it is impossible to have an informed public debate about what the law should say when the public doesn’t know what its government thinks the law says.”

A spokesman for Senator Wyden did not respond Wednesday to a request for comment on the Verizon order.

The senators were angry because the Obama administration described Section 215 orders as being similar to a grand jury subpoena for obtaining business records, like a suspect’s hotel or credit card records, in the course of an ordinary criminal investigation. The senators said the secret interpretation of the law was nothing like that.

Section 215 of the Patriot Act made it easier to get an order from the Foreign Intelligence Surveillance Court to obtain business records so long as they were merely deemed “relevant” to a national-security investigation.

The Justice Department has denied being misleading about the Patriot Act. Department officials have acknowledged since 2009 that a secret, sensitive intelligence program is based on the law and that its statements about the matter have been accurate.

The New York Times filed a Freedom of Information Act lawsuit in 2011 seeking access to a report describing the program. But the Obama administration withheld the report as entirely classified, and a federal judge, after declined to order it released.

    U.S. Is Secretly Collecting Records of Verizon Calls, NYT, 5.6.2013,




home Up