How the NSA Could Search Its Database for Your Name — and Get a Result

This article is from the archive of our partner .

From the first Edward Snowden leak reported by The Guardian, a key question has been whether or not the National Security Agency has the technical and legal ability to collect and search communications involving Americans not linked to terror activity. In its latest story, The Guardian takes a step closer to "yes" — but it's hardly a clear path.

What the outlet is reporting is a nuanced footnote from one of the Snowden documents. It reads, in The Guardian's summary:

"While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."

The key part is in bold. Translated, it says that names and identifiers (email addresses, for example) for citizens can be used for a search of the NSA's database. Which basically completes the last mile of the road to surveillance of American citizens. And appears to be the first time evidence of that happening has emerged.

Recommended Reading

The most obvious caveat to that claim is the continuation of that quote: "until an effective oversight process has been developed," analysts aren't allowed to run those searches. The Guardian doesn't know if such a process has been developed; therefore, it doesn't know whether or not such searches have taken place or legally can.

To fill that gap, The Guardian turns to Senator Ron Wyden of Oregon, a longstanding opponent of the NSA's surveillance and a prominent member of the Senate Intelligence Committee. Wyden tells the paper:

"Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."

That, The Guardian notes, comports with Wyden's dispute earlier this year, in which Wyden critiqued a fact sheet from the NSA for inaccurately articulating how it could collect information on Americans.

Let's assume that the "effective oversight process" exists. Here, then, is how the NSA can search for communication you have sent over the internet.

1. It gathers your communication. Legally, if you're in the United States, the NSA is not allowed to add your emails and internet activity to its database. But it could anyway, for one of the following reasons:

  • You are communicating with someone outside of the United States who is targeted by the NSA.
  • You are communicating with someone who communicated with an NSA target.
  • … Or someone who communicated with that person, or someone who communicated with that person.
  • You mention a targeted individual's name or email address or some other identifier in communication with someone outside the United States.
  • The NSA feels 51 percent sure you're not in the United States.
  • The NSA otherwise "accidentally" acquires your information.

In other words: There are a lot of ways in which that can happen.

2. Your data becomes part of its indexing system. For example, your information is searchable as part of XKeyscore.

3. An analyst, under the oversight process, searches for your name or email address.

And that's it. The NSA has collected data on an American citizen – under its well-wrung definition. The NSA is spying on you.

Again, the path may be complete, but it is also shrouded in shadow. If this has ever happened, or the extent to which it could happen, are far from clear.

If there's one thing we're confident of at this point, though: additional clarity will come eventually.

Photo: NSA Chief Keith Alexander. (AP)

This article is from the archive of our partner The Wire.