An Illustration Of How The NSA Misleads The Public Without Technically Lying
September 2, 2013 by Electronic Frontier Foundation
This article, written by activist Trevor Timm, originally appeared on the Electronic Frontier Foundation website on Aug. 29.
The Wall Street Journal published an important investigation on Aug. 20, reporting that the National Security Agency (NSA) has direct access to many key telecommunications switches around the country and “has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans.” Notably, NSA officials repeatedly refused to talk about this story on their conference call with reporters the next day. Instead, the Director of National Intelligence and the NSA released a statement about the story later that evening.
If you read the statement quickly, it seems like the NSA is disputing the WSJ story. But on careful reading, the NSA actually does not deny any of it. As we’ve shown before, often you have to carefully parse NSA statements to root out deception and misinformation, and this statement is no different. The NSA has tried to deflect an accurate story with its same old word games. Here’s a breakdown:
The NSA does not sift through and have unfettered access to 75% of United States online communications…The report leaves readers with the impression that the NSA is sifting through as much as 75% of the United States online communications, which is simply not true.
Of course, The Wall Street Journal never says the NSA “sifts through” 75 percent of U.S. communications. It reported that the NSA’s system “has the capacity to reach roughly 75% of all U.S. Internet traffic.” The NSA’s new term, “sift,” is undefined; but regardless of what the NSA is doing or not doing to 75 percent of Americans’ emails, it does have the technical capacity to search through it for key words — which it does not deny.
In its foreign intelligence mission, and using all its authorities, NSA “touches” about 1.6%, and analysts look at 0.00004% of the world’s Internet traffic.
See what the NSA did there? The Wall Street Journal was talking about U.S.-only communications traffic, not the world’s total Internet traffic. The vast majority of the world’s Internet traffic is video-streaming and downloads. According to a study done by Cisco, video made up more than half of all Web traffic in 2012 — and that does not include peer-to-peer sharing. By 2017, Cisco predicts 90 percent of all Internet traffic will be video.
As Jeff Jarvis aptly documented, the NSA can vacuum up an extraordinary percentage of the world’s (and American) communications while touching only 1.6 percent of total Internet traffic.
Oh, and that 0.00004 percent? That math may be wrong, too. The Atlantic Wire double-checked the NSA’s numbers when it first used that stat and determined the NSA’s math was off by an order of magnitude; it actually searches 10 times more than the NSA says it does.1
The assistance from the providers, which is compelled by the law, is the same activity that has been previously revealed as part of Section 702 collection and PRISM.
First, notice that the NSA is conflating PRISM, which involves collection from Internet companies like Facebook, with the “upstream” collection The Wall Street Journal reports on: telecommunications companies like AT&T that give the NSA direct access to the fiber optic cables that all Internet traffic travels over. Here’s the NSA’s own leaked graphic explaining the difference:
Second, siphoning off large portions of Internet traffic directly from the Internet backbone is not “compelled by law.” In fact, as the Electronic Frontier Foundation argued in court for years, the telecoms’ participation in this program with the NSA was both illegal and unConstitutional. Obviously, they knew it, because that’s why Congress passed retroactive immunity for companies like AT&T in 2008. But that immunity only extended to the telecom, and EFF’s case against the ongoing illegal surveillance continues.
Section 702 specifically prohibits the intentional acquisition of any communications when all parties are known to be inside the U.S.
Yes, Section 702 prohibits the intentional acquisition of U.S. communications, but once U.S. communications are in an NSA database — which happens often — the NSA can search them without a warrant, as documents recently published by The Guardian revealed. Unknown or anonymous people are assumed to be foreign, meaning many U.S. people will be caught up in the dragnet.
The law specifically prohibits targeting a U.S. citizen without an individual court order based on a showing of probable cause.
We’ve previously dissected the NSA’s warped definition of “target.” NSA agents have to be only 51 percent sure the person they’re spying on is foreign. Additionally, a host of loopholes exist that allow the NSA to keep U.S. communications if they’re encrypted, if there’s evidence of a crime and more.
And as The New York Times reported on its front page on Aug. 8, officials admit the NSA is “searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country” under the guise of looking for information about targets, not just communications to targets.
If that communications involves a US person, NSA must follow Attorney General and FISA court [Foreign Intelligence Surveillance Court] approved “minimization procedures” to ensure the Agency protects the privacy of US persons.
Those “minimization procedures” do not ensure that the NSA protects privacy. Rather, they are woefully inadequate, primarily concerned with minimizing the amount of data to be removed from the database and expanding on the circumstances under which the NSA can keep the data and share it with other agencies.
So there you have it: how the NSA pretends to deny a media report without denying it at all. We are still awaiting an honest account of the NSA’s capabilities. Tell your representative to demand an independent investigation today.
- 1. In response to The Atlantic, the NSA said the figure is nevertheless valid, because “classified information that goes into the number is more complicated than what’s in your calculation.”