Facebook to Lift Trump Suspension Tesla Breaks Sales Record Razer Edge Game Handheld MoviePass Beta 'Succession' Season 4 Trailer 'Poker Face' Review This Robot Can Liquify Mental Health Exercises
Want CNET to notify you of price drops and the latest stories?
No, thank you

NSA 'secret backdoor' paved way to U.S. phone, e-mail snooping

Revelations in new document leaked by Edward Snowden appear to be at odds with privacy assurances from President Obama and other officials.

Director of National Intelligence James Clapper, in this file photo from earlier this year, previously claimed that NSA analysts cannot "eavesdrop on domestic communications without proper legal authorization" -- but never elaborated on what "proper legal authorization" means.
Director of National Intelligence James Clapper, in this file photo from earlier this year, previously claimed that NSA analysts cannot "eavesdrop on domestic communications without proper legal authorization" -- but never elaborated on what "proper legal authorization" means.
Getty Images

The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden.

A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans."

That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations.

If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.

FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate.

In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress."

Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."

FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information."

In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.

Another directive signed by Attorney General Eric Holder indicates the NSA can keep encrypted data it intercepts forever -- giving its supercomputers plenty of time in the future to attempt a brute force attack on master encryption keys it's unable to penetrate today. Holder secretly authorized the NSA to retain domestic encrypted data "for a period sufficient to allow thorough exploitation."

Today's disclosures appear to be at odds with what President Obama has said over the last two months in defense of NSA surveillance. "What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama has said.

Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.

Documents that came to light in an Electronic Frontier Foundation lawsuit provide some insight into how the spy agency vacuums up data from telecommunications companies. Mark Klein, who worked as an AT&T technician for more than 22 years, disclosed in 2006 (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians.

AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to Section 702 of the FISA Amendments Act, which Congress renewed in 2012. It says that any civil lawsuit "against any person for providing assistance to an element of the intelligence community...shall be promptly dismissed."

Section 702 of the law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court -- in practice, this means analysts at the NSA and other agencies with intelligence functions -- as long as minimization requirements and general procedures blessed by the court are followed. It's unclear whether the court has approved the "secret backdoor" allowing Americans' e-mail and phone messages to be targeted for domestic surveillance.