WASHINGTON — The National Security Agency has been mining for several years its massive collections of email and phone call data to create extensive graphs of some Americans’ social connections that can include associates, travel companions and their locations, according to The New York Times.
The social graphing began in 2010 after the NSA lifted restrictions on the practice, according to an internal January 2011 memorandum, the Times reported online Saturday. It based its article on documents obtained by former NSA contractor Edward Snowden and interviews with officials.
The graphing, or contact chaining, is conducted using details about phone calls and e-mails, known as “metadata,” but does not involve the communications’ content, according to the documents cited by the Times. It is supposed to be done for foreign intelligence purposes only, the documents state, but that category is extremely broad and may include everything from data about terrorism and drug smuggling to foreign diplomats and economic talks.
The revelation is the latest in a string of disclosures that began in June, when The Washington Post and the British newspaper the Guardian broke stories, based on Snowden’s documents about the NSA’s PRISM program, which collects digital communications from U.S. Internet companies, and about the collection of call-detail records from U.S. phone companies.
Snowden’s disclosures and the subsequent declassification of records by Director of National Intelligence James Clapper Jr. and the nation’s secretive Foreign Intelligence Surveillance Court have sparked widespread concern over the scope of the NSA’s surveillance and whether it appropriately balances Americans’ privacy rights with national security.
The NSA did not provide an immediate response to the Times article.
“This report confirms what whistleblowers have been saying for years: The NSA has been monitoring virtually every aspect of Americans’ lives – their communications, their associations, even their locations,” said Jameel Jaffer, deputy legal director of the American Civil Liberties Union.
Senior government officials, including the NSA’s director, Gen. Keith Alexander, have repeatedly asserted that the NSA’s surveillance programs are lawful and have been authorized by the surveillance court, Congress or both.
But according to the Times, the decision to lift the restriction on analyzing Americans’ communications was made in secret, without review by the intelligence court, which oversees the government’s wiretap applications under the Foreign Intelligence Surveillance Act. The policy shift was intended to help the agency “discover and track” links between intelligence targets overseas and people in the United States, the 2011 memo said.
According to documents the Times cited, the NSA can augment the data with material from public, commercial and other sources, including bank codes, Facebook profiles, airline passenger manifests and GPS location information.
NSA officials declined to tell the Times how many Americans have been caught up in the data mining, and the documents do not reveal that.
Because of concerns about intruding on Americans’ privacy, the computer analysis of such data had previously been permitted only for foreigners, the Times reported.
But as of 2010, the NSA was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every email address, phone number or other identifier, the 2011 memo stated.
The social graphs do not make use of the huge database of collected phone call records that Snowden revealed in June, the “bulk records” program, the Times reported.
The newspaper said the documents do not specify which databases were being mined.
An NSA spokeswoman told the Times that the legal justification for the policy was a 1979 Supreme Court ruling that Americans had no legitimate expectation of privacy in numbers dialed because that information is conveyed to a third party – the phone company. Based on that ruling, the Justice Department and the Pentagon in 2008 decided it was permissible to create contact chains using Americans’ metadata, such as phone numbers dialed, the Times reported.
The ACLU’s Jaffer called the government’s reasoning “outlandish,” saying that the 1979 ruling involved “surveillance of one person rather than everyone.”
William Binney, a former NSA technical director turned whistleblower, has long warned of the NSA’s mining of data to create social graphs. He alleged that it started in the second week of October 2001, in the wake of the Sept. 11, 2001, terrorist attacks, and that it took place on a massive scale.