Updated The NSA has, in theory, stopped snooping on American citizens' private communications that loosely involve foreigners in some way.
According to the US government today, the spy agency has halted at least some of the surveillance it conducts under the legal fig leaf provided by the 2008 FISA Amendments Act.
This is the law that allows Uncle Sam to rifle through Americans' private emails, phone calls, and other communications, so long as the messages involve a foreigner in some way – such as including an email address or a name belonging to a person of interest in the body of the message. These spying powers were renewed by Congress for five years in 2012, and are thus up for renewal at the end of 2017.
So it seems the NSA has pulled the plug early before Congress could shut it down. The agency was reviewing its so-called Section 702 powers, and has come to the conclusion change is needed now rather than later.
This would not be the first time the NSA has had to tweak its procedures. In 2011, the FISA rules were challenged in court, leading to the agency rewriting its rulebook slightly: it would gather up private communications as usual but hold them in a special silo before agency analysts could examine them. That was supposed to encourage staffers to hunt for specific targets rather than pore over a powerful stream of Americans' personal and sensitive messages. Don't forget, the NSA is not supposed to spy on its own citizens, just foreigners.
Curiously, the agency has persistently stonewalled efforts to find out how many Americans have had their conversations swept up in its surveillance dragnet.
Senator Ron Wyden (D-OR) has been trying for years to get clarification on this point out of the intelligence agencies, with a notable lack of success. He and others in Congress have been looking forward to the FISA renewal debates and committee sessions, but it appears the NSA may have preempted that chance.
"This change ends a practice that could result in Americans' communications being collected without a warrant merely for mentioning a foreign target," Wyden said on Friday in an email to The Register.
"For years, I've repeatedly raised concerns that this amounted to an end run around the Fourth Amendment. This transparency should be commended. To permanently protect Americans' rights, I intend to introduce legislation banning this kind of collection in the future."
That's certainly convenient for the agency, but it's going to have the conspiracy theorists all aflutter, since there is serious interest in certain prominent Americans and their links to foreigners who might influence. Expect spittle-flecked ranting from Alex Jones and his ilk on this one.
Technological factors might also have played a part. With more and more telcos and service providers using encrypted network connections and adopting strong end-to-end encryption – in part due to revelations from Edward Snowden on how deeply NSA signal taps had been set up on their data linkages – it may be that this has made large portions of slurped data useless.
But the NSA being what it is, you can bet that the agency has found other ways to get the information it wants. There's plenty of post-9/11 legislation out there that's full of legal loopholes that the Maryland data miners can exploit to spy on you. ®
Updated to add
The NSA has published a statement on the snooping halt. The agency said:
After considerable evaluation of the program and available technology, NSA has decided that its Section 702 foreign intelligence surveillance activities will no longer include any upstream internet communications that are solely "about" a foreign intelligence target. Instead, this surveillance will now be limited to only those communications that are directly "to" or "from" a foreign intelligence target.
In other words, messages loosely involving foreigners will not be spied on, in theory, and communications directly to and from targets are definitely still Uncle Sam's business. Your mileage may vary.
Two key words stand out: "available technology." That may indicate the NSA is struggling, unable, or unwilling, to decrypt the increasing amount of encrypted message content out there in the world – and instead will rely on metadata, such as who and where the receivers and senders are and when. Or the agents can remotely hijack a target's device to read their messages and spy on them directly, of course.
"In addition, as part of this curtailment, NSA will delete the vast majority of previously acquired upstream internet communications as soon as practicable," the agency added.