That is foreign surveillance targets if it wasn’t clear from the outset.
Regardless, the end result remains the same.
NSA spying will come to an end on American people who send messages about targets that are foreigners.
And the American people can thank the FISA court for reigning in some of NSA’s powers.
Now, there is a slight restriction to what the NSA can and cannot collect.
To be honest, NSA brought this on itself on its own.
Because it just would not stop the incidental collection of data on the American people.
So it makes sense that someone had to step in and do something about it.
The NSA calls it the upstream collection system.
What does this system do?
It basically taps the vast resources of the internet traffic along with user searches.
But what for?
It does that to identify content based selectors which end up helping the NSA identify surveillance targets.
But now all that will change.
Because the NSA will not be able to check the American people and all of their online traffic for the purpose of its “selector” system.
The only information NSA will be able to scrap off from the messages of American people is if it is present in the “to” and/or “from” fields of their messages.
A spokesperson from the National Security Agency made the announcement today and said that the NSA would cease the previous practice of upstream collection of online user messages which American citizens send to other people.
As mentioned before, the only messages we’re (or the NSA) is talking about here are those which are not directed towards NSA intelligence collection’s targets.
Some of these messages are also referred to as “selectors” and they are used for targets that are present in the body of the message that is sent or received.
According to the official statement made, the National Security Agency will no longer engage in that practice.
The practice of upstream collection of data was authorized in the year 2008.
It was authorized under the National Security Agency’s understanding of Section 702 of the document known as the Foreign Intelligence Surveillance Act, or FISA.
What Does The NSA Statement Actually Say?
The statement could not be more clearly.
Basically, it says that after a comprehensive review of the mission needs of the agency and the current technological constraints along with the United States person privacy interested and certain other difficulties in implementation, the National Security Agency had decided that it would stop some of the activities that it conducted under Section 702.
The agency spokesperson also said that these new changes were designed to retain the upstream collection system that provided the greatest value to the national security while these changes reduced the changes that the National Security Agency would acquire communications of US persons or other who were not in direct contact with one of the National Security Agency’s foreign intelligence targets.
Are The New Changes Official?
More or less yes.
The new changes have become part of the new Federal Intelligence Surveillance Court order.
And as indicated earlier, these changes have narrowed down the scope, the authorized one in any case, of National Security Agency’s surveillance powers and programs.
The Congress has scrutinized the upstream data collection program in the past and had ramped up its scrutiny in the last several years.
There are many reasons, some of which we’ll discuss later in the post.
For now, the Congress has got its plate full with considerations on the renewal of the said Foreign Intelligence Surveillance Act.
Truth be told, the NSA’s upstream data collection program was a painful spot with the FISA, Federal Intelligence Surveillance Court as well.
But this wasn’t the case from the beginning.
The issue got its due attention only in 2011 when the NSA divulged that the agency “incidentally” amassed a huge number of emails from the American citizens.
Back then, the NSA gave the reason that it was just the way their upstream data collection program worked.
The NSA also said that it was also because of the way that ISPs, internet service providers, bundled American citizens’ email traffic between each other.
How Does The NSA Collect Information?
This topic could alone take a book or two.
But we’ll discuss the collection methods that are pertinent to this issue alone.
According to the National Security Agency, it collects intelligence from American citizens’ internet communications in two ways.
One is the downstream method (the agency itself calls it the name downstream method).
What is this downstream method of collecting data?
The downstream method isn’t particularly a new method on its own.
It is basically a new branded version of the older PRISM program.
That is if you believe the stuff that former NSA contractor Edward Snowden leaked in the form of documents back in the day.
How is the downstream collection carried out?
The program is carried out by first going to internet service providers and then obtaining required access to targeted individuals’ accounts that are present there.
What about the second method of collecting data?
The second method is called the upstream data collection method.
This term is mostly used to describe a method that involved the direct collection of online user messages that are scraped from online internet traffic.
The upstream data collection method carries out the above-mentioned tasks and activities through a system which is known as the Xkeyscore.
Rachel Brand, who is a member of the independent intelligence community known as the Privacy and Civil Liberties Oversight Board, recently (back in last May in fact) revealed to some members of the Senate Judiciary Committee about how the upstream data collection program from the NSA actually worked.
Without going into too many details, Rachel said that the upstream data collection program only worked through the coerced assistance of entities such as the electronic communications providers which operated as the internet’s backbone.
The Xkeyscore System
The Xkeyscore system consumes a duplicated stream of online internet data that is live.
It does that through things that are called as network nexus points.
Moreover, the program then uses a collection of online software workers which are rules-based.
These then search the online internet packets for relevant selectors.
What are selectors then?
Selectors are basically the specific data that can identify foreign individuals that the NSA analysts have configured the system to track down through the available data associated with online internet traffic.
The information related to these identifiers can sometimes include the following,
- The foreign targeted individuals’ name
- his/her all known used email addresses
- All internet protocol address
- Information regarding the specific types of internet web browser cookies
- Any other type of digital fingerprints that are associated with eh foreign targeted individual’s online accounts and used devices.
Remember when we talked about things called Xkeyscore workers?
If yes, then we also told you that these were basically rules-based software processes.
Anyway, these Xkeyscore rules-based software worker processes can do some amazing things.
Amazing things like search through tons of internet traffic that is duplicated at the same time as it passes through the online network nexus points.
Moreover, these Xkeyscore workers process these online internet packets in real time and then check them for data related to foreign targeted individual’s specific mentioned above.
More On Selectors
Where can the National Security Agency find these selectors?
Most of the time these selectors are present specifically in areas such as the address field (the to and/or from we mentioned before) of any given online user message.
More worryingly though, sometimes these selectors can be found in the body of the online user message itself.
Perhaps it should be mentioned that message from foreign targeted individuals and to foreign targeted individuals obviously fall under the permission granted by the FISA court to the National Security agency.
The problem arises when other online user messages that contain the above-mentioned selectors in the content of their body get pulled in the NSA systems.
That results in the NSA looking at communications between American citizens that basically have little or absolutely nothing to do with the actual objectives of the surveillance program.
Sometimes these messages are also known as “about” messages.
The reason why it is true most of the time is not because of the NSA though.
It is because of how giant email providers work.
As mentioned before, email providers often bundled online messages traffic in order to send it between each other.
The Upstream Collection System
Now we know that the upstream data collection system and selectors did not just grab messages that had the above-identified selectors in their content.
They basically pulled out an entire bundle of online user messages that were present in a given message stream where a selector was identified to be present within.
To the NSA’s credit, the National Security Agency did bring up this issue with the FISA court in the year 2011 and discussed the problem with the FISA court.
Resultantly a judge from the FISA court ruled that, this type of data collection clearly violated the Fourth Amendment rights of American citizens.
Of course, the only American citizens the judge was talking about there were the ones whose messages got “pulled” in by the NSA collection programs, albeit in error.
NSA And FISA Court Agreement
The FISA court and the National Security Agency came to an agreement which allowed the National Security Agency to continue with its data collection program but only if the bundled online user messages were set aside in a, what they called, special repository.
These special repositories will then be analyzed by NSA analysts.
The NSA analysts could then search these bundled messages for those online user messages that were relevant to the collection program.
Of course, the analysts had to make sure that they did not expose the content of other messages.
As we now know, that agreement didn’t quite work.
Because it became difficult for some NSA analysts to search the messages in a way that did not compromise the spirit of the aforementioned agreement between the NSA and the FISA court.
And perhaps that is the reason that in a recent official statement, the NSA somewhat acknowledged this problem.
The NSA spokesperson said that the National Security Agency reported many inadvertent compliance incidents that were related to queries involving American citizen information in Section 702 upstream internet connection.
The statement further read that although those incident were not willful, the agency was in fact required to report them to both the congress and the FISA court.
Which the NSA did.
Moreover, the official statement said, that the FISA court issued two extensions of the government’s renewal application.
This was done in order to receive more information from the government about the issue identified by the NSA and the government’s scheme/strategy on how to solve the problem.
In The End
The authorization given to the NSA by the FISA court is now about to expire.
And the NSA has just admitted that the reported problems did not get resolved.
At least not to the level anyone expected.
And hence the NSA is now dropping those “about” messages we talked about before.
That also means, the agency will no longer collect those type of messages that involved American citizens’ online message traffic.
This could also mean lots of other things.
For one, the NSA will have to deal with the fact that now some information might get lost.
Information such as any direct communication between identified intelligence targets.
As mentioned before, this will happen because of the limits that have been put on the National Security Agency’s modern interception technologies.
The NSA Wants To Come Clean
The NSA certainly doesn’t want to hide anything.
Anything it deems as not detrimental to its objectives that is.
Why do we say that?
Because the NSA recently reported that the agency was unable to absolutely eliminate the problem of the collection about message communications from its programs such as the upstream 702 collection program.
Why was it unable to do that?
Because of the limits of existing interception technology.
The NSA said that it couldn’t eliminate the aforementioned problems without letting some of the relevant direct communications to and/or from identified foreign targeted individual intelligence targets, slip by.
The NSA statement also said that the same limitation on its interception technology still remains today as well.
Nevertheless, the agency said, the NSA acknowledges that considering the factors noted before, the new changes do indeed represent a responsible and careful approach.
And that is the need of the hour as well.