NSA says it looks at tiny fraction of Web traffic
Security agency released rare document on policies Friday
Says it "touches" 1.6% of Web traffic, reads .00004%
On the same day that President Barack Obama spoke to the press about possible surveillance reforms—and released a related white paper on the subject—the National Security Agency came out with its own rare, publicly-released, seven-page document (PDF), essentially justifying its own practices.
The entire document is dated August 9, 2013, and has no attributable names or contact details on it. Its most striking portion? A separate block of text on page six, which states:
“According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world’s traffic in conducting their mission—that’s less than one part in a million. Put another way, if a standard basketball court represented the global collection would be represented by an area smaller than a dime on that basketball court.”
And, nearly directly below that section, the NSA presents its strongest categorical denial of using foreign partners to circumvent American law:
“NSA partners with well over 30 different nations in order to conduct its foreign intelligence mission. In every case, NSA does not and will not use a relationship with a foreign intelligence service to ask that service to do what NSA is itself prohibited by law from doing. These partnerships are an important part of the US and allied defense against terrorists, cyber threat actors, and others who threaten our individual and collective security. Both parties to these relationships benefit.”
The document begins by referencing the September 11, 2001 attacks on New York and Washington, DC, and notes that the NSA “did not have the tools or the database to search to identify [terorrist] connections and share them with the FBI.” The NSA then argues: “We do not need to sacrifice civil liberties for the sake of national security; both are integral to who we are as Americans. NSA can and will continue to conduct its operations in a manner that respects both.”
And how, pray tell, might an American’s e-mail be accidentally swept up in a dragnet that is ostensibly targeting a foreign suspect?
“For example, a US person might be courtesy copied on an e-mail to or from a legitimate foreign target, or a person in the US might be in contact with a known terrorist target. In those cases, minimization procedures adopted by the Attorney General in consultation with the Director of National Intelligence and approved by the Foreign Intelligence Surveillance Court are used to protect the privacy of the US person. These minimization procedures control the acquisition, retention, and dissemination of any U.S. person information incidentally acquired during operations conducted pursuant to Section 702.”
Of course, also on Friday, The Guardian published an excerpt from a document leaked by Edward Snowden showing that the NSA has the ability to search Americans’ e-mails—but apparently restrains itself from doing so. The document also notes Section 215 of the Foreign Intelligence Surveillance Act—the business records provision—is what gives the the government the authority to capture telephony metadata.
At the end of the document, the NSA also argues that it has adequate oversight from a number of government agencies—Bruce Schneier probably would disagree with that—and also is able to police itself.
As the NSA concludes:
“In addition to NSA’s compliance safeguards, NSA personnel are obligated to report when they believe NSA is not, or may not be, acting consistently with law, policy, or procedure. This self-reporting is part of the culture and fabric of NSA. If NSA is not acting in accordance with law, policy, or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to constantly improve.”
This report originally appeared on ArsTechnica.