NSA responds to “erroneous” data collection reports (full text)

The National Security Agency, in a mass email to press Oct. 31, presumably responding to a recent Washington Post report on the agency’s direct data monitoring of company’s like Google and Yahoo, goes all third-person self-referential on us:

What NSA does is collect the communications of targets of foreign intelligence value, irrespective of the provider that carries them. U.S. service provider communications make use of the same information super highways as a variety of other commercial service providers. NSA must understand and take that into account in order to eliminate information that is not related to foreign intelligence.

Read the rest of the statement:

STATEMENT

Oct. 31, 2013

Recent press articles on NSA’s collection operations conducted under Executive Order 12333 have misstated facts, mischaracterized NSA’s activities, and drawn erroneous inferences about those operations. NSA conducts all of its activities in accordance with applicable laws, regulations, and policies – and assertions to the contrary do a grave disservice to the nation, its allies and partners, and the men and women who make up the National Security Agency.

All NSA intelligence activities start with a validated foreign intelligence requirement, initiated by one or more Executive Branch intelligence consumers, and are run through a process managed by the Office of the Director of National Intelligence. When those requirements are received by NSA, analysts look at the Information Need and determine the best way to satisfy it. That process involves identifying the foreign entities that have the information, researching how they communicate, and determining how best to access those communications in order to get the foreign intelligence information. The analysts identify selectors – e-mail addresses and phone numbers are examples – that help isolate the communications of the foreign entity and task those to collection systems. In those cases where there are not specific selectors available, the analysts will use metadata, similar to the address on the outside of an envelope, to attempt to develop selectors for their targets. Once they have them, they task the selectors to the collection systems in order to get access to the content, similar to the letter inside the envelope.

The collection systems target communications links that contain the selectors, or are to and from areas likely to contain the selectors, of foreign intelligence interest. Seventy years ago, the communications links were shortwave radio transmissions between two points on the globe. Today’s communications flow over technologies like satellite links, microwave towers, and fiber optic cables. Terrorists, weapons proliferators, and other valid foreign intelligence targets make use of commercial infrastructure and services. When a validated foreign intelligence target uses one of those means to send or receive their communications, we work to find, collect, and report on the communication. Our focus is on targeting the communications of those targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to us.

What NSA does is collect the communications of targets of foreign intelligence value, irrespective of the provider that carries them. U.S. service provider communications make use of the same information super highways as a variety of other commercial service providers. NSA must understand and take that into account in order to eliminate information that is not related to foreign intelligence.

NSA works with a number of partners and allies in meeting its foreign-intelligence mission goals, and in every case those operations comply with U.S. law and with the applicable laws under which those partners and allies operate. A key part of the protections that are provided to both U.S. persons and citizens of other countries is the requirement that information be in support of a valid foreign intelligence requirement, and the Attorney General-approved minimization procedures. These limitations protect the privacy of all people and, in particular, to any incidentally acquired communications of U.S. persons. The protections are applied when selectors are tasked to the collection system; when the collection itself occurs; when the collected data are being processed, evaluated, analyzed, and put into a database; and when any reporting of the foreign intelligence is being done. In addition, NSA is very motivated and actively works to remove as much extraneous data as early in the process as possible – to include data of innocent foreign citizens.

—NSA Public Affairs Office

#Articles #news #privacy #NSA