Technology

Surveillance watchdog turns to online spying

by Kate Tummarello 03/19/14 08:11 PM ET

The group tasked with oversight of U.S. government surveillance is turning its attention to online spying.

At a Wednesday public meeting, the group — the Privacy and Civil Liberties Oversight Board — heard from intelligence community representatives as it prepares a report on the U.S. government’s Internet surveillance programs.

{mosads}Earlier this year, the oversight board released a report focused on the National Security Agency’s controversial program that collects information about phone calls between Americans who are not tied to terrorist activities.

The board said that program — which first came to light last year based on leaks from former NSA contractor Edward Snowden — did not have a legal foundation, posed “serious” privacy threats and had demonstrated “only limited value.”

The surveillance oversight board is turning its attention to similarly controversial online surveillance programs that intelligence agencies conduct under Section 702 of the Foreign Intelligence Surveillance Act (FISA), including the “PRISM” program that collects information from Internet companies and the “upstream collection” program, which allows the NSA to collect information by intercepting traffic traveling along Internet cables.

The group — led by Chairman David Medine — said Wednesday that it would release its report on those programs in late spring or early summer.

The intelligence officials that testified at Wednesday’s meeting stressed to the oversight board that the online surveillance programs do not constitute “bulk collection.”

It’s “targeted collection rather than bulk collection,” Robert Litt, general counsel at the Office of the Director of National Intelligence, said.

Bulk collection is “getting a whole bunch of communications, hanging on to them and then figuring out what you want,” Litt said. “This is not that.”

Members of the oversight board pushed the intelligence officials to explain how the intelligence community handles information it “incidentally” collects about Americans who are afforded constitutional protections regarding searches.

The programs are aimed at “foreign targets who are outside of the United States,” Litt said.

That incidental collection has always been an understood byproduct of these programs, he said.

“Congress knew full well when it passed 702 that incidental collection … would occur when they’re in communications with valid foreign targets.”

Brad Wiegmann, deputy assistant attorney general at the Justice Department’s National Security Division, pointed to agencies’ minimization and targeting procedures.

“Those procedures are all designed to protect those U.S. persons whose information might be incidentally collected,” he said, and they’re “procedures that the courts have found protect U.S. privacy.”

NSA General Counsel Rajesh De challenged the idea that the standard for determining how likely a target is to be located outside of the U.S. is too lax.

He cited NSA training materials telling analysts that they cannot consider targets to be reasonably outside of the U.S. if a majority of factors indicate that they are.

Analysts have to consider the weight and relevance of those individual factors, he said. “It’s not a majority test; it is a totality of the circumstances test.”

The officials also pushed back on the idea that intelligence agencies should have to get additional permission to access the information it has collected through its Section 702 programs.

Patricia Wald, a member of the oversight board, asked if intelligence analysts should have to get permission to access the information it collects through online surveillance programs.

She compared querying the database of online surveillance material to querying the database of data collected from the sweeping phone records program, which requires reasonable and articulable suspicion.

She asked if online surveillance data should meet the same standard, “since 702 has actually got the content” of communications.

Litt pointed to the findings of previous commissions tasked with examining intelligence failures surrounding terrorist attacks.

“Every one of those commissions has found that we need to eliminate barriers to make use of the information we lawfully have,” he said.

Requiring analysts to seek permission before accessing the online surveillance programs’ data is “more than a question of inconvenience, it’s a question of practicability,” Litt said.