Friday, June 7, 2013

The National Security Agency and Your Privacy - A Backgrounder

Unfortunately for the National Security Agency, the light of day appears to have been shed on its activities, particularly as they relate to collecting communications data.  For many of us who do not live in the United States, the NSA is an unknown agency of the U.S. government.  I hope that I can shed a bit of light on this agency in this posting, particularly on the NSA policy regarding the collection of data on American citizens.

The NSA is one of the most secret members of the United States government's intelligence services.  The key cryptologic activities of the United States go back to the War for American Independence, however, it was only when radio communications were used in the First World War, that the U.S. Army began to derive substantial intelligence from foreign radio communications.  By 1917, the U.S. Army had created a Cipher Bureau in its Military Intelligence Division, using it to assist in extracting intelligence from foreign diplomatic communications.  When the Cipher Bureau closed down after funding was withdrawn in 1929, the U.S. Army recruited a few civilians and began to train Army officers in cryptology, forming the Signal Intelligence Service which became the Signal Security Agency during World War Two.  After hostilities ended, changes to the system were needed and, on November 4, 1952, the Secretary of Defense, acting under orders from the President, issued a directive that established the NSA. 

Here is the first page of the formerly top secret memo from President Harry S. Truman to the Secretaries of State and Defense that outlines the formation of the new intelligence agency dated October 24, 1952:

The Director of the new agency was to be appointed for a four year term and would be designated by the Secretary of Defense after consultation with the Joint Chiefs of Staff.  The Director was to serve for a minimum four-year term and had to be a career commissioned officer of the armed services with at least a three star ranking.

Here is a screen capture from the same document showing the original mission of the NSA, noting that COMINT stands for Communications Intelligence:

As it stands now, the National Security Agency/Central Security Service (CSS - codemaking and codebreaking elements of the armed forces) act to "lead the U.S. government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances."  The purpose of IA is to prevent foreign nations from gaining access to classified national security documents.  SIGINT collects, processes and disseminates intelligence information from foreign signals to support military operations and defeat terrorists all consistent with American laws and the protection of privacy and civil liberties.

The NSA's current Director is General Keith Alexander, U.S. Army.  The exact number of NSA employees is difficult to ascertain, however, here is an aerial photograph showing the NSA's headquarters in Fort Meade, Maryland:

Here is a screen capture from Google Earth showing the huge number of parking spaces surrounding the building suggesting that there are thousands of employees at this single facility:

Just in case you were curious, here's a link to what appears to be an NSA employees handbook from 1994 which includes the following paragraphs:

If you follow the link to the bottom of the document, you will even find secure and non-secure telephone numbers for various facets of the NSA including a number for the NSA's Alcohol Rehabilitation Program!

Now, let’s move to the current issues that face the NSA.  The big deal about the latest news on the NSA's activities is the potential for spying on American citizens, a claim denied by President Obama.  As background, an NSA internal memo from July 1993 looks at United States Signal Intelligence Directive 18 (USSID18) which states:

1.1 (U) The Fourth Amendment to the United States Constitution protects all U.S. persons anywhere in the world and all persons within the United States from unreasonable searches and seizures by any person or agency acting on behalf of the U.S. Government. The Supreme Court has ruled that the interception of electronic communications is a search and seizure within the meaning of the Fourth Amendment. It is therefore mandatory that signals intelligence (SIGINT) operations be conducted pursuant to procedures which meet the reasonableness requirements of the Fourth Amendment.

1.2 (U) In determining whether United States SIGINT System (USSS) operations are "reasonable," it is necessary to balance the U.S. Government's need for foreign intelligence information and the privacy interests of persons protected by the Fourth Amendment. Striking that balance has consumed much time and effort by all branches of the United States government. The results of that effort are reflected in the references listed in Section 2 below. Together, these references require the minimization of U.S. person information collected, processed, retained or disseminated by the USSS. The purpose of this document is to implement these minimization requirements.

1.3 (U) Several themes run throughout this USSID. The most important is that intelligence operations and the protection of constitutional rights are not incompatible. It is not necessary to deny legitimate foreign intelligence collection or suppress legitimate foreign intelligence information to protect the Fourth Amendment rights of U.S. persons.

Here is the NSA's policy on collecting data about American citizens:

“3.1 (U) The policy of the USSS is to TARGET or COLLECT only FOREIGN COMMUNICATIONS.* The USSS will not intentionally COLLECT communications to, from or about U.S. PERSONS or persons or entities in the U.S. except as set forth in this USSID. If the USSS inadvertently COLLECTS such communications, it will process, retain and disseminate them only in accordance with this USSID.”

Here are the exceptions (and there are quite a few), noting that parts of the document have been redacted:

4.1 (S-CCO) Communications which are known to be to, from or about U.S. PERSONS oxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx not be intentionally intercepted. [1 line redacted.]
a. With the approval of the United States Foreign Intelligence Surveillance Court under the conditions outlined in Annex A of this USSID.

b. With the approval of the Attorney General of the United States, if:
(1) The COLLECTION is directed against the following:
(a) Communications to or from U.S. PERSONS outside of the UNITED STATES, or
(b) International communications to, from, [1 line redacted.]
(c) Communications which are not to or from but merely about U.S. PERSONS (wherever located).
(2) The person is an AGENT OF A FOREIGN POWER, and
(3) The purpose of the COLLECTION is to acquire significant FOREIGN INTELLIGENCE information.

c. With the approval of the Director, National Security Agency/Chief, Central Security Service (DIRNSA/CHCSS), so long as the COLLECTION need not be approved by the Foreign Intelligence Surveillance Court or the Attorney General, and
(1) The person has CONSENTED to the COLLECTION by executing one of the CONSENT forms contained in Annex H, or
(2) The person is reasonably believed to be held captive by a FOREIGN POWER or group engaged in INTERNATIONAL TERRORISM, or
(3) The TARGETED [3 lines redacted.]
(4) [3 lines redacted.]
(5) [5 lines redacted.]
(a) A non-U.S. PERSON located outside the UNITED STATES, or
(b) [1 line redacted.]
(6) Copies of approvals granted by DIRNSA/CHCSS under these provisions will be retained in the Office of the General Counsel for review by the Attorney General.

d. Emergency Situations
(1) In emergency situations, DIRNSA/CHCSS may authorize the COLLECTION of information to, from or about a U.S. PERSON who is outside the UNITED STATES when securing the prior approval of the Attorney General is not practical because:
(a) The time required to obtain such approval would result in the loss of significant FOREIGN INTELLIGENCE and would cause substantial harm to the national security.
(b) A person's life or physical safety is reasonably believed to be in immediate danger.
(c) The physical security of a defense installation or government property is reasonably believed to be in immediate danger.
(2) In those cases where DIRNSA/CHCSS authorizes emergency COLLECTION, except for actions taken under paragraph c.(1)(b) above, DIRNSA/CHCSS shall find that there is probably cause that the TARGET meets one of the following criteria:
(a) A person who, for or on behalf of a FOREIGN POWER, is engaged in clandestine intelligence activities (including covert activities intended to affect the political or governmental process), sabotage, or INTERNATIONAL TERRORISM activities, or activities in preparation for INTERNATIONAL TERRORISM activities; or who conspires with, or knowingly aids and abets a person engaging in such activities.
(b) A person who is an officer or employee of a FOREIGN POWER.
(c) A person unlawfully acting for, or pursuant to the direction of, a FOREIGN POWER. The mere fact that a person's activities may benefit or further the aims of a FOREIGN POWER is not enough to bring that person under this subsection, absent evidence that the person is taking direction from, or acting in knowing concert with, the FOREIGN POWER.
(d) A CORPORATION or other entity that is owned or controlled directly or indirectly by a FOREIGN POWER.
(e) A person in contact with, or acting in collaboration with, an intelligence or security service of a foreign power for the purpose of providing access to information or material classified by the United States to which such person has access.
(3) In all cases where emergency collection is authorized, the following steps shall be taken:
(a) The General Counsel will be notified immediately that the COLLECTION has started.
(b) The General Counsel will initiate immediate efforts to obtain Attorney General approval to continue the collection. If Attorney General approval is not obtained within seventy two hours, the COLLECTION will be terminated. If the Attorney General approves the COLLECTION, it may continue for the period specified in the approval.”

From what I can understand, it appears that either FISC or the Attorney General of the United States can grant an exemption to the “not spying on Americans rule”.  Basically, if the NSA deems that they need to spy on you because it's an "emergency", you're toast.  If they accidentally gather data on you, because they believe that someone's life is in danger, they can.  If they deem that the physical security of a government property is under threat, you're a target.

That said, in case you were looking for gainful employment and don't mind a bit of snooping, here is a link that will provide you with information regarding your new career at the NSA.

1 comment:

  1. Interesting article with a lot of different points and ideas. I personally like the government physical security in Honolulu, HI .