U.S. admits NSA tracked email metadata until 2011
The U.S. has admitted that, for a time, the National Security Agency tracked a vast number of its citizens' emails without a warrant.
That's according to documents that James Clapper, the Director of National Intelligence, declassified Wednesday, all concerning the NSA's practices of collecting the metadata of Americans' conversations. That means details like who you contacted and when, though it doesn't include the actual content of communications.
Clapper drew sharp criticism in early July when he admitted that, contrary to having claimed that it was "completely false" that the NSA collected information on millions of Americans, that he'd forgotten about the metadata collection program. "I apologize," he wrote at the time. "I simply didn't think of Section 215 of the Patriot Act," nodding to the law that made metadata collection legal.
It's been well established since June that the NSA gets the metadata of all American calls made through Verizon, AT&T, and BellSouth. But the practice of getting email metadata, referenced in a 2009 letter to Congressman Silvestre Reyes, is far murkier.
We do know it's expressly legal for the government to collect email and phone metadata. After becoming law under the Patriot Act, it was more recently reauthorized by the Foreign Intelligence Surveillance Act (FISA), which was extended for another five years at the end of 2012.
We don't know, however, exactly how many Americans were targeted. But as a frame of reference, the DNI has described it as "bulk" collection of citizens' emails, and when collecting phone metadata, that means at minimum all Americans who use major phone carriers. "Both of these programs operate on a very large scale," the letter says, though the DNI retracted the details immediately following that claim.
But the DNI says the practice of collecting email metadata has ceased. "The collection of bulk Internet metadata under the authority we described was terminated in 2011," an office of the DNI spokesperson told the Daily Dot. But while the practice was ongoing, according to the letter to Reyes:
The government is authorized to collect similar kinds of information about electronic communications—such as "to" and "from" lines from e-mail and the time an e-mail is sent—excluding the content of the e-mail and the "subject" line.
It's not immediately clear how, exactly, the NSA would have collected such vast details concerning so many emails. Unlike the phone companies, major Internet companies like Yahoo and Google have tried to legally challenge the NSA's collection. The office of the DNI told the Daily Dot that they couldn't immediately provide details of its old methods, and Google didn't respond to immediate request for comment. One possibility is that the data was collected through a much bigger NSA program, which the Guardian also revealed Wednesday. Called Xkeyscore, it can allegedly monitor any Internet user's activity—including email and Facebook chats—in real time.
All three documents had been scheduled to be declassified in the 2030s. It's hard to imagine they would have come out so early had former NSA contractor Edward Snowden not already blown the whistle on the program. In June, The Guardian published a court order, leaked by Snowden, that demanded Verizon turn over the metadata of all its calls to the NSA for a three-month period.
Illustration by Fernando Alfonso III