Article Lead Image

I asked the NSA for its file on me, and here’s what I got back

When I sent the NSA a formal request through the Freedom of Information Act, the agency acted like I was a total newbie at this stuff.

 

Kevin Collier

Tech

Posted on Aug 16, 2013   Updated on Jun 1, 2021, 8:59 am CDT

I can’t shake the feeling that the National Security Agency thinks I’m a chump.

I mean, I’ve written a lot about them. I’ve talked to their media contacts. I’ve been denied clarifications. I’ve pored over their press releases and page after page of NSA documents that former contractor Edward Snowden took from them and leaked to the Guardian‘s Glenn Greenwald.

Yet when I sent the NSA a formal request through the Freedom of Information Act, asking what the agency had collected on me through two big programs—a telephone metadata collection program and PRISM—they acted like I was a total newbie at this stuff.

Metadata collection refers to tracking every phone call in the United States and pairing it with call times and durations. The government openly admits this practice now, though it insists nobody’s name gets attached to those numbers. On the other hand, they say PRISM—the ability to tap American companies like Google for their users’ communications—can only be used on foreigners. These were the first two programs to be leaked, though we’ve since learned of much bigger ones, XKeyscore and Fairview in particular.

Soon after Snowden’s revelations, I filed my FOIA request through Jonathan Corbett’s incredible My NSA Records site, which the NSA has since asked him to cease.

“Although these two programs have been publicly acknowledged,” the NSA wrote to me a few weeks later, “details about them remain classified and/or protected from release by statutes to prevent harm to the national security of the United States.”

Oh, really? I’m skeptical that my country’s national security will be threatened if the agency share what its got on me. The NSA clarified:

“Our adversaries are likely to evaluate all public responses related to these programs,” the NSA continued. “Were we to provide positive or negative responses to requests such as yours, our adversaries’ compilation of the information provided would reasonably be expected to cause exceptionally grave damage to the national security.”

In a pre-Snowden world, I might have bought that. But I’ve been drawing conclusions from Snowden’s disclosures, and the NSA’s own admissions, and some members of Congress’s statements, for a while now. I’ve been putting those pieces together, and the NSA certainly hasn’t asked me to stop.

As for the question of whether any of the NSA’s individual data collection programs is vital for national security, our knowledge is still limited, and it’s impossible to make a truly educated call. NSA chief Keith Alexander has claimed these programs have helped stop more than 50 terror attacks worldwide; plenty of others have convincingly argued that they actually didn’t play a crucial role.

My response from the agency involved a lot of that kind of complete and total question dodging. Like when it said “any positive or negative response … would allow our adversaries to accumulate information and draw conclusions about NSA’s technical capabilities, sources, and methods.” 

All this secrecy, even though Snowden’s revelations about NSA surveillance have turned into the biggest hard news story of 2013, the NSA has admitted the practices, and primary documents about various programs are readily available on the Internet. It’s reminiscent of how the Army blocked access to the Guardian so soldiers wouldn’t see the information Snowden released, even though nearly everybody else in the world could. 

But it wasn’t until page two that I got to the truly frustrating stuff. In trying to assure me that it wouldn’t actually look at my phone calls stored in their databases, the NSA claimed: 

“NSA cannot review any metadata unless strict requirements are met, i.e., the data may be queried only when there is a reasonable suspicion, based on specific facts, that a phone number is associated with a foreign terrorist organization.”

About that: The NSA has admitted, separately, that it employs a practice called “contact chaining.” That means that if one of their targets calls someone, who in turn calls someone else, who in turn calls you, agency’s checking you out.

“But I’m probably not even three degrees away from a terrorist!” you might cry. Doesn’t matter. You just have to be what the NSA calls a “target,” or person of interest. And thanks to Snowden, we know the agency has a rather broad definition of what constitutes a target, like you’re in the same online phone directory—the Yellow Pages, perhaps?—as another target. Anyone who’s worked for any foreign government is on the list. So is anyone who tries to use standard, legal techniques to avoid being tracked online—like using the Tor browser.

•••

“As you may also be aware,” the NSA wrote to me, “there has been considerable speculation about two NSA intelligence programs in the press/media.”

I am aware of that, because I contributed to that speculation. Of the 702 program—a term the FBI has used interchangeably with PRISM at least once, though everybody in the government seems to go to great pains to not ever actually say “PRISM”—I wrote in June that it was likely a program that automated court orders for surveillance. 

Now, I’m not so sure. It remains quite confusing: The actual content of those NSA slides says PRISM gives the NSA “direct access” to companies like Gmail, but the NSA has said that it’s a multi-step process, authorized by the Federal Intelligence Surveillance Act (FISA), that goes through real courts each time. 

I’ve also written about the 215 program, a part of the Patriot Act that authorizes the NSA to collect metadata on each and every American. The government says that means phone records: every number called, the time of the call, and how long you talked. The government says that it used to track Americans’ emails in the same way but hasn’t since 2011.

That’s what the government’s admitted, not speculation. But I have speculated that the government keeps a similar database of where everyone is via their cell phone. I don’t have explicit proof, but I can put two and two together. If it existed, such a location-tracking program would be classified and hidden, as the phone metadata collection program was until Snowden revealed it. Sen. Ron Wyden, who I’ve previously lauded as one of the world’s most important Internet activists, keeps winking and nudging that that exact program is in place.

Wyden has been on the Senate Intelligence Committee since before 9/11, so he’s certainly in a position to access that classified knowledge. Americans “will be stunned and they will be angry” when they learn how the Patriot Act has been interpreted, he’s said. Oh, and he keeps awkwardly stopping his speeches that warn Americans to be paranoid, then reminding listeners that “most of us here have a computer in our pocket that potentially can be used to track and monitor us 24/7.”

Though it took two and a half pages to do so, the NSA denied my application. “[Y]our request is denied because the fact of the existence or non-existence of responsive records is a currently and properly classified matter,” it wrote.

Oh. Thanks anyway, NSA.

This is the full letter, if you care to read it:

NSA FOIA response

Photo by Kevin Collier, remix by Jason Reed

Share this article
*First Published: Aug 16, 2013, 10:00 am CDT