How 'multi-communication transactions' helped the NSA spy on Americans
In response to EFF's Freedom of Information Act request, the government released today the 2011 FISA Court opinion (redacted) that found part of the National Security Agency's "upstream collection" to be illegal and unconstitutional. Upstream collection is when the NSA gets a copy of Internet traffic as it flows through major telecommunications hubs, and searches through for "selectors," like an email address or a keyword.
In a press conference call on the newly declassified court opinion, the Office of the Director of National Intelligence (ODNI) revealed new information about the way the NSA treated what it calls "multi-communication transactions." Such MCTs were at the heart of the illegal collection that went on from 2008 to 2011, resulting in wholesale collection of tens of thousands of domestic communications without a warrant. But what, exactly, is an MCT?
Responding to a question from New York Times journalist Charlie Savage, ODNI gave the following example of one type of MCT:
... there's a certain kind of communication that is referred to in the opinion as a "multi-communication transaction," where there are several communications bundled together. I can give you one example of that, but I really don't want to talk in great detail because it can get into operational sensitivities.
One example of this is if you have a webmail email account, like Gmail or Hotmail or something like that, you know that when you go and you open up your email program, you will get a screenshot of some number of emails that are sitting in your inbox. In the case of my server, what I get is the date of the email, the sender, the subject line, and the size of the email message. But I may get 15 of them at one time.
Those are all transmitted across the Internet as one communication, even though there are 15 separate emails mentioned in them. And for technological reasons, NSA was not capable of breaking those down into their -- and still is not capable -- of breaking those down into their individual components.
So if you had a situation where one of those emails may have referenced your targeted email in the subject line, for example, you'd nonetheless collect the whole inbox list together. It's like a screenshot. You don't get the whole email, you'd get what's ever popping up on your screen at the time, that comes as one communication.
On occasion, some of those might prove to be wholly domestic. For example, if you are targeting a foreign person, and that foreign person is in communication with a U.S. person, you can get all of that U.S. person's screenshot. So there may be other communications that are between U.S. persons, which are wholly domestic communications, which we're not allowed to collect under section 702. So, that's the brief executive summary of the problem, which NSA discovered and brought to the court's attention.
I'll go on to say that the court -- a brief summary of the court's ruling, they found that because it was technologically impossible to prevent this from happening, the collection of this communication was not problematic. But what was problematic was the fact that the court felt that NSA's procedures for identifying and purging wholly domestic communications needed to be beefed up. And that's what was done.
This is likely not the only type of MCT involved in the NSA spying program.
Today's call was on background, and the agency requested that the names of its representatives not be published. Several recordings have been posted online, and an excerpt from one audio recording, featuring ODNI's explanation but excluding the name of the speaker, is linked here.
This story was originally published by the Electronic Frontier Foundation.