The Wall Street Journal published an important investigation last week, reporting that the National Security Agency (NSA) has direct access to many key telecommunications switches around the country and “has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans.” Notably, NSA officials repeatedly refused to talk about this story on their conference call with reporters the next day. Instead the Director of National Intelligence and the NSA released a statement about the story later that evening.
If you read the statement quickly, it seems like the NSA is disputing the WSJ story. But on careful reading, they actually do not deny any of it. As we’ve shown before, often you have to carefully parse NSA statements to root out deception and misinformation, and this statement is no different. They’ve tried to deflect an accurate story with their same old word games. Here’s a breakdown:
The NSA does not sift through and have unfettered access to 75% of United States online communications…The report leaves readers with the impression that the NSA is sifting through as much as 75% of the United States online communications, which is simply not true.
Of course, the Wall Street Journal never says the NSA “sifts through” 75% of US communications. They reported the NSA’s system “has the capacity to reach roughly 75% of all U.S. Internet traffic.” The new term “sift” is undefined, but regardless of what the NSA is “not doing” to 75% of Americans’ emails, they do have the technical capacity to search through it for key words—which the NSA does not deny.
In its foreign intelligence mission, and using all its authorities, NSA “touches” about 1.6%, and analysts look at 0.00004% of the world’s Internet traffic.
See what they did there? The Wall Street Journal was talking about US-only communications traffic, not the world’s total Internet traffic. The vast majority of the world’s Internet traffic is video—streaming and downloads. According to a study done by Cisco, video made up more than half of all web traffic in 2012—and that excludes peer-to-peer sharing. By 2017, they predict 90% of all Internet traffic will be video.
As Jeff Jarvis aptly documented, the NSA can vacuum up an extraordinary percentage of the world’s (and American) communications while only touching 1.6% of total Internet traffic.
Oh, and that 0.00004%? That math may be wrong too. The Atlantic Wire double-checked the NSA’s numbers when they first used that stat and determined the NSA’s math was off by an order of magnitude – it actually searches ten times more than they say they do.1
The assistance from the providers, which is compelled by the law, is the same activity that has been previously revealed as part of Section 702 collection and PRISM.
First, notice that they are conflating PRISM—which involves collection from Internet companies like Facebook—with the “upstream” collection the Wall Street Journal reports on: telecommunications companies like AT&T that give the NSA direct access to the fiber optic cables that all Internet traffic travels over. Here’s the NSA’s own leaked graphic explaining the difference:
Second, siphoning off large portions of Internet traffic directly from the Internet backbone is not “compelled by law.” In fact, as EFF argued in court for years, the telecoms’ participation in this program with the NSA was both illegal and unconstitutional. Obviously, they knew it, because that’s why Congress passed retroactive immunity for companies like AT&T in 2008. But that immunity only extended to the telecom, and EFF’s case against the ongoing illegal surveillance continues.
Section 702 specifically prohibits the intentional acquisition of any communications when all parties are known to be inside the US.
Yes, Section 702 prohibits the intentional acquisition of US communications, but once US communications are in an NSA database—which happens often—the NSA can search them without a warrant, as documents recently published by the Guardian revealed. Unknown or anonymous people are assumed to be foreign, meaning many US people will be caught up in the dragnet.
The law specifically prohibits targeting a US citizen without an individual court order based on a showing of probable cause.
We’ve previously dissected the NSA’s warped definition of “target”, where they only have to be 51% sure the person they’re spying on is foreign. Additionally, a host of loopholes exist that allow the NSA to keep US communications if they’re encrypted, if there’s evidence of a crime, and more.
And as the New York Times reported on its front page two weeks ago, officials admit the NSA is “searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country” under the guise of looking for information about targets, not just communications to targets.
If that communications involves a US person, NSA must follow Attorney General and FISA court approved “minimization procedures” to ensure the Agency protects the privacy of US persons.
Those “minimization procedures” do not ensure that the NSA protects privacy. Rather, they are woefully inadequate, primarily concerned with minimizing the amount of data to be removed from the database, and expanding on the circumstances under which the NSA can keep the data and share it with other agencies.
So there you have it: how the NSA pretends to deny a media report without denying it at all. We are still awaiting an honest account of the NSA’s capabilities. Tell your representative to demand an independent investigation today.
- 1. In response to the Atlantic, the NSA said the figure is nevertheless valid, because “classified information that goes into the number is more complicated than what’s in your calculation.”
Share this: || Join EFF