NSA Has ‘No Idea’ How Many American Citizens It’s Spying On

Lawmakers, who are being asked to approve FBI access to wiretapped data, want some basic answers first.

The National Security Agency (NSA) is watching the electronic communications of hundreds of millions people, allegedly to find foreign threats. But before Congress reauthorizes laws allowing this, it has a question:

How many Americans are caught up in the government’s digital dragnets?

The answer, says National Intelligence Director James Clapper, is that we have no idea. “We’re looking at several options right now, none of which are optimal,” said Clapper at a press briefing in Washington DC recently. Security officials argue that analyzing the dataset would mean even more intrusions upon Americans’ privacy. “Many people find that unsatisfactory, but that is a fact,” says Clapper.

Members of Congress are definitely not satisfied. Four years of prompting by US senators Ron Wyden and Mark Udall to nail down the number of Americans whose phone calls and emails are being collected has produced little. The senators, along with colleagues, wrote an exasperated letter (pdf) to Clapper stating, “We are not asking you for an exact count. Today, our request is simply for a rough estimate.”

Fueling the controversy, the NSA says it wants to start sharing raw communications data it collects with domestic law enforcement such as the FBI. That conflicts with intelligence agencies’ assertions that its programs are strictly to target foreigners. “Our employees are trained to not look for US persons,” NSA privacy and civil liberties officer Rebecca Richards told The Hill in March. “We’re not interested in those US persons. We’re trying to look away from those.”

Yet a secret 2015 court ruling (pdf) unsealed this week shows that warrantless spying has already been formally approved by the Foreign Intelligence Surveillance Courts for general criminal investigations in the US, says the Electronic Frontier Foundation. These revelations have prompted dozens of advocacy groups to write intelligence officials that they are (again) circumventing constitutional protections and “pose new threats to the privacy and civil liberties of ordinary Americans”.

The worries focus on two core programs first revealed publicly by former CIA contractor Edward Snowden: PRISM and Upstream. These vast electronic listening programs - authorized by Section 702 of the Foreign Intelligence Surveillance Act -collect, sift and deposit much of the world’s electronic telecommunications in US government databases. Nominally targeting non-US citizens, the system pulls data from hundreds of millions of people’s Internet communications, many of whom, the NSA admits, are Americans.

Each program works differently, which adds to the difficulty of figuring out how many people are being caught up in the surveillance. PRISM allows the NSA to retrieve data directly from US companies like Google, Facebook, and Microsoft through negotiated data-sharing contracts. Security analyst Ashkan Soltani mapped out how the system might work based on available information. The NSA sends a request for data; employees pull target emails, text and video chats, photographs, and other data, and then pass it along to the NSA for analysis. “Upstream” is a program that taps even more data by intercepting undersea fiber-optic cables that carry “about 80%” of the world’s traffic. This allows the US government to eavesdrop on foreign communications over US networks and detect suspicious patterns in the metadata.

Yet the political enthusiasm for this type of surveillance is waning. Last year, Congress passed the USA Freedom Act in an overwhelming bipartisan vote that halted the NSA’s bulk collection of phone metadata of US citizens, such as phone numbers, call length and time. The vote marked the first time Congress has restricted government surveillance since the September 11 attacks in 2001.

DefenseOne:

« Modern Fiction: A Novel Is Required Reading At The Pentagon
Less Than a Quarter of Businesses Are Ready To Resist A Cyberattack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Kaseya

Kaseya

Kaseya Traverse enables you to get to the bottom of problems quickly via root cause analysis, across Cloud, on-premise, hybrid Cloud, virtualized and distributed IT environments.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

Engineering Ingegneria Informatica

Engineering Ingegneria Informatica

Ingegneria Informatica is a leading Italian provider of Information Technology consulting, services and solutions including cyber security.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

Drainware

Drainware

Drainware is an innovative solution designed to replace legacy traditional AV and deliver advanced protection pre and post-infection to your endpoints.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.