If you thought the USA Freedom Act and its limits to bulk phone data collection were going to mean the end of NSA surveillance revelations, well, surprise!
Classified documents surfaced by Edward Snowden and analyzed by ProPublica and the New York Times indicate that the Obama administration broadened the National Security Agency’s programs to surveil international Internet traffic as a way of looking for malicious hacker activity.
The documents include two memos by Justice Department lawyers that authorize the NSA to monitor Internet cables within the United States for malware, suspicious URLs, and other information about international attacks and techniques. All without warrants. Pro Publica explains:
The Justice Department allowed the agency to monitor only addresses and “cybersignatures”—patterns associated with computer intrusions—that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers.
ProPublica reports that the NSA has such a broad scope for online surveillance because the agency may not be able to identify at first whether a bad actor originates from a nation state (the NSA’s area of investigation) or a criminal gang (outside the agency’s scope). The agency can also record huge troves of Americans’ data if it discovers an attack, because it is allowed to record whatever a hacker is obtaining.
Officials told ProPublica that monitoring Americans’ international Web traffic is crucial for spotting bad actors at both the individual and nation-state level. But privacy advocates are raising concerns, as they do with any broad surveillance measure that hasn’t been publically debated and doesn’t have legal oversight in the form of case-by-case warrants or other approvals.
In March, the American Civil Liberties Union (along with the Wikimedia Foundation and numerous other groups) announced that it was suing the NSA over Internet traffic surveillance. Speaking about the new documents, ACLU staff attorney Patrick Toomey said, “It confirms what we already knew about the government monitoring international communications extremely extensively, [but] it’s searching through communications for more things than it ever acknowledged before.”