By Julia Angwin and Jeff Larson/ProPublica, Charlie Savage/New York Times, and Henrik Moltke/Special to ProPublica
This story was co-published with the New York Times.
Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.
In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad – including traffic that flows to suspicious Internet addresses or contains malware, the documents show.
The Justice Department allowed the agency to monitor only addresses and “cybersignatures” – patterns associated with computer intrusions – that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers.
The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.
While the Senate passed legislation this week limiting some of the NSA’s authority, it involved provisions in the U.S.A. Patriot Act and did not apply to the warrantless wiretapping program.
Government officials defended the NSA’s monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate.
The NSA’s activities run “smack into law enforcement land,” said Jonathan Mayer, a cybersecurity scholar at Stanford Law School who has researched privacy issues and who reviewed several of the documents. “That’s a major policy decision about how to structure cybersecurity in the U.S. and not a conversation that has been had in public.”
It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion – a foreign government or a criminal gang – and the NSA is supposed to focus on foreign intelligence, not law enforcement.
The government can also gather significant volumes of Americans’ information – anything from private e-mails to trade secrets and business dealings – through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it.
One internal NSA document notes that agency surveillance activities through “hacker signatures pull in a lot.” Brian Hale, the spokesman for the Office of the Director of National Intelligence, said, “It should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies.” He added that “targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose.”
The effort is the latest known expansion of the NSA’s warrantless surveillance program, which allows the government to intercept Americans’ cross-border communications if the target is a foreigner abroad. While the NSA has long searched for specific e-mail addresses and phone numbers of foreign intelligence targets, the Obama administration three years ago started allowing the agency to search its communications streams for less-identifying Internet protocol addresses or strings of harmful computer code.
The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans’ rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations.
The NSA also started the warrantless wiretapping program, which caused an outcry when it was disclosed in 2005. In 2008, under the FISA Amendments Act, Congress legalized the surveillance program so long as the agency targeted only noncitizens abroad. A year later, the new Obama administration began crafting a new cybersecurity policy – including weighing whether the Internet had made the distinction between a spy and a criminal obsolete.
“Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical,” the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA’s internal files.
About that time, the documents show, the NSA – whose mission includes protecting military and intelligence networks against intruders – proposed using the warrantless surveillance program for cybersecurity purposes. The agency received “guidance on targeting using the signatures” from the Foreign Intelligence Surveillance Court, according to an internal newsletter.
In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments.
That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a “huge collection gap against cyberthreats to the nation” because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location or pretend to be someone else.
So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any “malicious cyberactivity,” even if it did not yet know who was behind the attack.
The newsletter described the further expansion as one of “highest priorities” of the NSA director, Gen. Keith B. Alexander. However, a former senior intelligence official said that the government never asked the court to grant that authority.
Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments.
To carry out the orders, the FBI negotiated in 2012 to use the NSA’s system for monitoring Internet traffic crossing “chokepoints operated by U.S. providers through which international communications enter and leave the United States,” according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau’s “cyberdata repository” in Quantico, Virginia.
The disclosure that the NSA and the FBI have expanded their cybersurveillance adds a dimension to a recurring debate over the post-Sept. 11 expansion of government spying powers: Information about Americans sometimes gets swept up incidentally when foreigners are targeted, and prosecutors can use that information in criminal cases.
Citing the potential for a copy of data “exfiltrated” by a hacker to contain “so much” information about Americans, one NSA lawyer suggested keeping the stolen data out of the agency’s regular repository for information collected by surveillance so that analysts working on unrelated issues could not query it, a 2010 training document showed. But it is not clear whether the agency or the FBI has imposed any additional limits on the data of hacking victims.
In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims’ data acquired during investigations, but also said it continually reviewed its policies “to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes.”
None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change.
“The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it,” Obama said.
Laura Poitras contributed reporting.
–
For more coverage, read ProPublica’s previous reporting on the NSA’s efforts to break encryption, our NSA Programs Chart and the agency’s spying operations on cell phone apps.
–
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.
–
Previously:
* Court: NSA Phone Program Illegal.
* The Chicago Connection To The Hidden Intelligence Breakdowns Behind The Mumbai Attacks.
* Human Rights Watch Sues DEA Over Bulk Collection Of American’s Telephone Records.
* U.S. Secretly Tracked Billions Of Calls For Decades.
* Amnesty International Joins ACLU, Wikimedia In Lawsuit To Stop Mass Surveillance Program.
* Stop Spying On Wikipedia Users.
* EFF Wins Battle Over Secret Legal Opinions On Government Spying.
* The NSA’s “U.S. Corporate Partners.”
* I Fight Surveillance.
* Illegal Spying Below.
* Smith vs. Obama.
* EFF Sues NSA Over FOIA.
* Stand Against Spying.
* The NSA Revelations All In One Chart.
* U.S. Supreme Court Limits Cell Phone Searches.
* EFF To Court: There’s No Doubt The Government Destroyed NSA Spying Evidence.
* House Committee Puts NSA On Notice Over Encryption Standards.
* Which Tech Companies Help Protect You From Government Data Demands?
* Lawsuit Demands DOJ Release More Secret Surveillance Court Rulings.
* Human Rights Organizations To Foreign Ministers: Stop Spying On Us.
* What The Proposed NSA Reforms Wouldn’t Do.
* Technologists Turn On Obama.
* Dear Supreme Court: Set Limits On Cell Phone Searches.
* EFF Fights National Security Letter Demands On Behalf Of Telecom, Internet Company.
* Eighth-Grader Schools The NSA.
* You Know Who Else Collected Metadata? The Stasi.
* Today We Fight Back.
* The Day We Fight Back.
* FAQ: The NSA’s Angry Birds.
* Jon Stewart: The Old Hope-A-Dope.
* Four Blatantly False Claims Obama Has Made About NSA Surveillance.
* EFF To DOJ In Lawsuit: Stop Pretending Information Revealed About NSA Over Last Seven Months Is Still A Secret.
* Judge On NSA Case Cites 9/11 Report, But It Doesn’t Actually Support His Ruling.
* Edward Snowden’s Christmas Message.
* Jon Stewart: Obama Totally Lying About NSA Spying.
* Presidential Panel To NSA: Stop Undermining Encryption.
* The NSA Is Coming To Town.
* 60 Minutes We Can’t Get Back.
* Why Care About The NSA?
* NSA Surveillance Drives Writers To Self-Censor.
* Filed: 22 Firsthand Accounts Of How NSA Surveillance Chilled The Right To Association.
* Claim On ‘Attacks Thwarted’ By NSA Spreads Despite Lack Of Evidence.
* Obama Vs. The World.
* How A Telecom Helped The Government Spy On Me.
* UN Member States Asked To End Unchecked Surveillance.
* Government Standards Agency: Don’t Follow Our Encryption Guidelines Because NSA.
* Five More Organizations Join Lawsuit Against NSA.
* A Scandal Of Historic Proportions.
* Item: NSA Briefing.
* The Case Of The Missing NSA Blog Post.
* The NSA Is Out Of Control.
* Patriot Act Author Joins Lawsuit Against NSA.
* Obama’s Promises Disappear From Web.
* Why NSA Snooping Is A Bigger Deal In Germany.
* Item: Today’s NSA Briefing.
* NSA Briefing: It Just Got Worse (Again).
* Song of the Moment: Party at the NSA.
* It Not Only Can Happen Here, It Is Happening Here.
* What NSA Transparency Looks Like.
* America’s Lying About Spying: Worse Than You Think.
* Obama Continues To Lie His Ass Off About The NSA.
* The Surveillance Reforms Obama Supported Before He Was President.
* America’s Spying: Worse Than You Think.
* Has The U.S. Government Lied About Its Snooping? Let’s Go To The Videotape.
* Who Are We At War With? That’s Classified.
* Six Ways Congress May Reform NSA Snooping.
* NSA Says It Can’t Search Its Own E-Mails.
* Does The NSA Tap That?
* Obama Explains The Difference Between His Spying And Bush’s Spying.
* FAQ: What You Need To Know About The NSA’s Surveillance Programs.
* NSA: Responding To This FOIA Would Help “Our Adversaries”.
* Fact-Check: The NSA And 9/11.
* The NSA’s Black Hole: 5 Things We Still Don’t Know About The Agency’s Snooping.
* Defenders Of NSA Surveillance Citing Chicago Case Omit Most Of Mumbai Plotter’s Story.
* Obama’s War On Truth And Transparency.
* ProPublica’s Guide To The Best Stories On The Growing Surveillance State.
–
See also:
* Jimmy Carter: America’s Shameful Human Rights Record.
* James Goodale: Only Nixon Harmed A Free Press More.
* Daniel Ellsberg: Obama Has Committed Impeachable Offenses.
* Paul Steiger: Why Reporters In The U.S. Now Need Protection.
–
Comments welcome.
Posted on June 4, 2015