NSA said to have broader Net reach than previously thought

The National Security Agency's surveillance network reaches further into the U.S. Internet backbone than previously reported, according to The Wall Street Journal.

Though the agency has limited authority to conduct surveillance of U.S. citizens, it has built a system that can reach 75 percent of all U.S. Internet traffic, sources tell the Journal. Built in conjunction with telecommunications companies, the system can retain the written contents of e-mails sent between citizens in the U.S., the report said.

Documents released by former NSA contractor Edward Snowden have described programs with a narrower reach, such as acquiring phone records and stored metadata. The newly revealed programs demonstrate that the agency has the ability to track almost any online activity, the Journal reported.

The NSA responded by saying it places as much emphasis on the privacy of U.S. citizens as it does on defending their safety.

"NSA's signals intelligence mission is centered on defeating foreign adversaries who aim to harm the country," the agency said in a statement to CNET. "We defend the United States from such threats while fiercely working to protect the privacy rights of U.S. persons. It's not either/or. It's both."

(Editor's note: The agency later issued a statement saying that media reports based on the Journal's article "provide an inaccurate and misleading picture of NSA's collection programs." See the update note at the bottom of this article.)

A few months ago, Internet companies strenuously denied accusations they had allowed the NSA direct access to their servers. However, the Journal's report describes the program as working this way: "The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence."

This seems to mirror the claims of Mark Klein, who worked as an AT&T technician for over 22 years. Klein disclosed in 2006 that he met with NSA officials and witnessed domestic Internet traffic being "diverted" through a "splitter cabinet" to a secure room in one of the company's San Francisco facilities where only NSA-cleared technicians were allowed to work.

The latest revelation emerges a little more than a week after the NSA claimed to review only a small faction of Internet traffic on a daily basis. In an unsigned document, the foreign surveillance agency said it "touches" only 1.6 percent of daily Internet traffic, likening the amount of data it selects to review to a dime placed on a basketball court.

Update, 9:30 p.m. PT: Adds NSA statement.

Update, August 22 at 10:20 a.m. PT: In a joint statement issued late Wednesday, the NSA and the Office of the Director of National Intelligence said media reports based on the Journal's article "provide an inaccurate and misleading picture of NSA's collection programs."

"Press reports based on an article published in [the] Wall Street Journal mischaracterize aspects of NSA's data collection activities conducted under Section 702 of the Foreign Intelligence Surveillance Act," the statement read. "The NSA does not sift through and have unfettered access to 75 percent of the United States' online communications."

Here's the complete statement (and here's a PDF):

Joint Statement from the Office of the Director of National Intelligence and the National Security Agency

21 August 2013

Press reports based on an article published in today's Wall Street Journal mischaracterize aspects of NSA's data collection activities conducted under Section 702 of the Foreign Intelligence Surveillance Act. The NSA does not sift through and have unfettered access to 75 percent of the United States' online communications.

The following are the facts:

• Media reports based upon the recent Wall Street Journal (WSJ) article regarding NSA's foreign intelligence activities provide an inaccurate and misleading picture of NSA's collection programs, but especially with respect to NSA's use of Section 702 of the Foreign Intelligence Surveillance Act (FISA).

• The reports leave readers with the impression that NSA is sifting through as much as 75 percent of the United States' online communications, which is simply not true.

• In its foreign intelligence mission, and using all its authorities, NSA "touches" about 1.6 percent, and analysts only look at 0.00004 percent, of the world's internet traffic.

• The assistance from the providers, which is compelled by the law, is the same activity that has been previously revealed as part of Section 702 collection and PRISM.

• FISA is designed to allow the U.S. Government to acquire foreign intelligence while protecting the civil liberties and privacy of Americans.

- Section 702 specifically prohibits the intentional acquisition of any communications when all parties are known to be inside the U.S.
- The law specifically prohibits targeting a U.S. citizen without an individual court order based on a showing of probable cause.
- The law only permits NSA to obtain information pursuant to Section 702 in accordance with orders and procedures approved by the Foreign Intelligence Surveillance Court.

• When conducting 702 FISA surveillance, the only information NSA obtains results from the use of specific identifiers (for example email addresses and telephone numbers) used by non-U.S. persons overseas who are believed to possess or receive foreign intelligence information.

- Foreign terrorists sometimes communicate with persons in the U.S. or Americans overseas. In targeting a terrorist overseas who is not a U.S. person, NSA may get both sides of a communication. If that communication involves a U.S. person, NSA must follow Attorney General and FISA Court approved "minimization procedures" to ensure the Agency protects the privacy of U.S. persons.

• The collection under FISA section 702 is the most significant tool in the NSA collection arsenal for the detection, identification, and disruption of terrorist threats to the U.S. and around the world.