New revelations that the NSA has continued to secretly suck up information associated with domestic phone calls are not only a reminder that Bush era surveillance programs live on (albeit with slightly more judicial oversight) under the Obama administration — they are an opportunity to consider the very real possibility that the NSA is also collecting a similar treasure trove of non-communications content data related to email. Information like email senders and recipients and time stamps is often seen by the government as analogous to the type of phone metadata Verizon was ordered to turn over and under the Foreign Information Surveillance Act (FISA) re-authorization, that data and possibly more could be gathered with the same type of secret order.
Here’s why this might already be happening:
Email information was gathered in the Bush era warrantless wiretapping program. According to the initial New York Times reporting that exposed Bush’s warrantless wiretapping program, not only calls, but “international e-mail messages of hundreds, perhaps thousands, of people inside the United States” were also intercepted. According to summary from the Electronic Frontier Foundation (EFF) and testimony from a former AT&T; technician, a “splitter” was installed at his place of work that created a complete copy of the internet traffic received — email, browsing requests, etc –- and diverted to a room controlled by the NSA.
The NSA is building the intelligence community’s largest data center out in the Utah desert. Set to go online this September, the Data center, will consume $40 million worth of electricity per year and have a data storage and processing capacity that would enable it to break down encryption and keep logs of all internet traffic in the United States. In April, officials commenting on speculation about the data centers said “one of the biggest misconceptions about NSA is that we are unlawfully listening in on, or reading emails of, U.S. citizens,” but that statement explicitly does not say that is not collecting non-communications content data. As Kashmir Hill of Forbes discovered, the data center also doesn’t like visitors, especially those wielding cameras.
The Administration won’t reveal how many Americans’ emails the NSA has collected and reviewed without a warrant. This implies that FISA has been used to intercept the content of email communications on a broader scale than currently known and may be evidence that the agency would not have a problem with the dragnet collection non-content data. And Members of Congress have said the bulk data collected by the NSA under the Patriot Act go further than the public knows, or would be comfortable with. Sen. Ron Wyden (D-OR) and Sen. Mark Udall (D-CO) wrote in 2012 letter to Attorney General Eric Holder, “We believe most Americans would be stunned to learn the details of how these secret court opinions have interpreted section 215 of the Patriot Act.”
The NSA has a history of data hoarding, and officials acknowledge it engaged in “overcollection” of email information in the past — including email content. In 2009, the New York Times reported the NSA had intercepted phone calls and emails in a way that went beyond its legal authority to do so as part of a “significant and systemic” process. This again goes beyond non-content communications, suggesting that the collection of this kind of data would not be seen as a significant privacy invasion by the agency. John V. Parachini, director of the Intelligence Policy Center at the RAND Corp, says the NSA “collects an amount of information equivalent to the store of knowledge housed at the Library of Congress” every six hours.
Of course, none of this is hard evidence that the NSA is participating in the type of dragnet data siphoning the Guardian leak reveals they were gathering about domestic phone calls from Verizon. But considering the stated goal of that program to sift through vast amounts of data to make national security connections and the increasing reliance of society on the internet for communications, it seems like it would be an unlikely oversight on the NSA’s behalf if they weren’t pursuing similar surveillance capabilities over email.