President Barack Obama will announce on Friday a major overhaul of a controversial National Security Agency program that collects vast amounts of basic telephone call data on foreigners and Americans, a senior Obama administration official said.
In an 11 a.m. (1600 GMT) speech at the Justice Department, Obama will say he is ordering a transition that will significantly change the handling of what is known as the telephone “metadata” program from the way the NSA currently handles it.
Obama’s move is aimed at restoring Americans’ confidence in U.S. intelligence practices and caps months of reviews by the White House in the wake of damaging disclosures about U.S. surveillance tactics from former U.S. spy agency contractor Edward Snowden.
In a nod to privacy advocates, Obama will say he has decided that the government should not hold the bulk telephone metadata, a decision that could frustrate some intelligence officials.
In addition, he will order that effectively immediately, “we will take steps to modify the program so that a judicial finding is required before we query the database,” said the senior official, who revealed details of the speech on condition of anonymity.
While a presidential advisory panel had recommended that the bulk data be controlled by a third party such as the telephone companies, Obama will not offer a specific proposal for who should store the data in the future.
Obama has asked Attorney General Eric Holder and the intelligence community to report back to him before the program comes up for reauthorization on March 28 on how to preserve the necessary capabilities of the program, without the government holding the metadata.
“At the same time, he will consult with the relevant committees in Congress to seek their views,” the official said.
Obama is balancing public anger at the disclosure of intrusion into Americans’ privacy with his commitment to retain policies he considers critical to protecting the United States.
The official said Obama believes the bulk data program is important to countering terrorist threats but that “we can and should be able to preserve those capabilities while addressing the privacy and civil liberties concerns that are raised by the government holding this meta-data.”
People familiar with the administration’s deliberations say Obama also is expected to agree to other reforms, such as greatly scaling back spying on foreign leaders and putting a public advocate on the secretive Foreign Intelligence Surveillance Court.
TELEPHONE DATA
But the revelation that the NSA had been collecting vast amounts of telephone metadata on both foreigners and Americans, which had been done in secret for years, became the Snowden disclosure that generated the most heated domestic U.S. political controversy and led to the introduction of conflicting bills in Congress.
The Intelligence committees of both the Senate and House had signaled that they believed current telephone metadata arrangements, under which the data is collected and held by the NSA for five years, should remain in place.
But both the Senate and House Judiciary committees had approved bills that would eliminate domestic metadata collection entirely.
The presidential advisory panel that submitted its recommendations to Obama late last year said collecting telephone metadata, which shows which numbers call which other numbers, and the time and length of calls, should be taken out of NSA control and handed to a third party, such as the phone companies themselves.
Intelligence officials for some time had been circulating secret proposals for having the data stored by phone companies or a non-profit group, and some officials had signaled publicly that NSA might have to accept changes.
Other officials have privately argued that if the system were changed, the NSA should still have instant, direct, online access to the data.
Citing recent breaches of credit card and personal data suffered by Target stores, government officials opposed to changes in the current arrangements for metadata collection argue that the review panel’s proposals would make Americans’ phone data less, rather than more secure.
Members of the review panel met with top administration officials on Wednesday to discuss the president’s speech.
COMBATING TERRORISM
Obama has been under pressure from the intelligence community and key lawmakers to avoid tampering with programs they see as vital to thwarting terrorism plots.
“We believe the program is legal. I am hopeful it’s sustained by the president, maybe in slightly different form,” said Democratic Senator Dianne Feinstein, chair of the Senate Intelligence Committee and an important voice in the NSA debate.
Snowden leaked secrets about mass collection of telephone data and other secret eavesdropping programs to newspapers before fleeing to Hong Kong and then to Moscow. Journalists with access to Snowden’s materials say there are many more disclosures to come.
When the Snowden disclosures first appeared last June, Obama said, “We’ve struck the right balance” between the desire for information and the need to respect Americans’ privacy.
But after a disclosure of U.S. eavesdropping on German Chancellor Angela Merkel’s mobile phone, he called for “additional constraints” on American surveillance practices.
Privacy advocates have been appealing for greater protections for Americans’ constitutional right to privacy. Some privacy advocates will doubtless be pleased by Obama’s plan but other NSA critics may say the president did not go far enough.
“While we welcome the president’s acknowledgement that reforms must be made, we warn the president not to expect thunderous applause for cosmetic reforms. We demand more than the illusion of reform,” said David Segal, executive director of Demand Progress, a civil liberties advocacy organization.
As well as the tension with Germany, the eavesdropping has disrupted relations with some other nations. Brazilian President Dilma Rousseff postponed a state visit to the United States to express her anger over U.S. intrusions in her country.
(Additional reporting by Patricia Zengerle and Richard Cowan, and Noah Barkin in Berlin; Editing by David Storey and Eric Walsh)
Alan Rusbridger accused Westminster of “complacency” about the revelations from Snowden, which have been published in the Guardianover the past six months.
Speaking to the BBC hours before the US president, Barack Obama, was due to give details about reforms to the US spy headquarters, the National Security Agency (NSA), Rusbridger said: “I think one of the problems is that both of the main political parties feel compromised about this. Labour is not keen to get involved because a lot of this stuff was done on their watch.”
He added: “I think there is a degree of complacency here. There has been barely a whisper from Westminster. I think they are closing their eyes and hoping that it goes away. But it won’t go away because it’s impossible to reform the NSA without having a deep knock-on effect on what our own intelligence services do.”
Interviewed on BBC Radio 4’s Today programme, Rusbridger said the oversight mechanisms that were supposed to review the work of Britain’s intelligence agencies had proved to be “laughable”. He said the parliamentary intelligence and security committee, even with the extra money it had received recently, was not up to the job. “I just don’t think they have the technical expertise or the resources,” he said.
Rusbridger added: “What is unprecedented in the last 15 years is the advance of technology. It is completely different from anything that has existed in humankind before.”
Earlier in the programme, William Hague, the foreign secretary, reaffirmed his belief that Britain’s eavesdropping headquarters, GCHQ, had acted within the law when it looked at the content of intercepted messages.
He refused to comment on the Guardian’s latest story from the Snowden files – which shows GCHQ has access to “unwarranted” text messagescollected by the NSA in a programme codenamed Dishfire.
“I am not going to comment on allegations or leaks. I can’t possibly do that,” said Hague.
“But I can say [we have] a very strong system of checks and balances of warrants being required from me or the home secretary to intercept the content of the communications.
“That system is not breached. I have not seen anything to suggest that system has been breached. We have probably the strongest system in the world. Not only do I and the home secretary oversee these things, but we have commissioners who oversee our work and report to the prime minister. No country has a stronger system than that.”
But Rusbridger said Hague had sidestepped the main issue.
Dishfire collects so-called “metadata”, which can be analysed with fewer legal restraints. Yet expert after expert had admitted metadata was as valuable as content to intelligence analysts, said Rusbridger, because it allows analysts to build up a picture of your whereabouts and your relationships.
“There is not much distinction between metadata and content,” he said.
“[Hague] talked about being within the law on content. This isn’t content. This is metadata, which politicians make out as very harmless. This is not just billing data. The world has moved on. What people can tell through metadata is almost everything about you.
“Contrary to what William Hague said the documents say, the NSA likes working here because of the light legal regime here.”
Rusbridger also questioned the claims of Britain’s security chiefs that the Guardian’s revelations had undermined national security and – in the words of the head of MI6, Sir John Sawers – left al-Qaida rubbing its hands in glee.
Rusbridger said the claim was “theatrical … but there was no evidence attached”.
The NSA has made extensive use of its text message database to extract information on people under no suspicion of illegal activity. Photograph: Dave Thompson/PA
The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents.
The untargeted collection and storage of SMS messages – including their contacts – is revealed in a joint investigation between the Guardian and the UK’s Channel 4 News based on material provided by NSA whistleblower Edward Snowden.
The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of “untargeted and unwarranted” communications belonging to people in the UK.
The NSA program, codenamed Dishfire, collects “pretty much everything it can”, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets.
The NSA has made extensive use of its vast text message database to extract information on people’s travel plans, contact books, financial transactions and more – including of individuals under no suspicion of illegal activity.
An agency presentation from 2011 – subtitled “SMS Text Messages: A Goldmine to Exploit” – reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as “Prefer” conducted automated analysis on the untargeted communications.
An NSA presentation from 2011 on the agency’s Dishfire program to collect millions of text messages daily. Photograph: Guardian
The Prefer program uses automated text messages such as missed call alerts or texts sent with international roaming charges to extract information, which the agency describes as “content-derived metadata”, and explains that “such gems are not in current metadata stores and would enhance current analytics”.
On average, each day the NSA was able to extract:
• More than 5 million missed-call alerts, for use in contact-chaining analysis (working out someone’s social network from who they contact and when)
• Details of 1.6 million border crossings a day, from network roaming alerts
• More than 110,000 names, from electronic business cards, which also included the ability to extract and save images.
• Over 800,000 financial transactions, either through text-to-text payments or linking credit cards to phone users
The agency was also able to extract geolocation data from more than 76,000 text messages a day, including from “requests by people for route info” and “setting up meetings”. Other travel information was obtained from itinerary texts sent by travel companies, even including cancellations and delays to travel plans.
A slide on the Dishfire program describes the ‘analytic gems’ of collected metadata. Photograph: Guardian
Communications from US phone numbers, the documents suggest, were removed (or “minimized”) from the database – but those of other countries, including the UK, were retained.
The revelation the NSA is collecting and extracting personal information from hundreds of millions of global text messages a day is likely to intensify international pressure on US president Barack Obama, who on Friday is set to give his response to the report of his NSA review panel.
While US attention has focused on whether the NSA’s controversial phone metadata program will be discontinued, the panel also suggested US spy agencies should pay more consideration to the privacy rights of foreigners, and reconsider spying efforts against allied heads of state and diplomats.
In a statement to the Guardian, a spokeswoman for the NSA said any implication that the agency’s collection was “arbitrary and unconstrained is false”. The agency’s capabilities were directed only against “valid foreign intelligence targets” and were subject to stringent legal safeguards, she said.
The ways in which the UK spy agency GCHQ has made use of the NSA Dishfire database also seems likely to raise questions on the scope of its powers.
While GCHQ is not allowed to search through the content of messages without a warrant – though the contents are stored rather than deleted or “minimized” from the database – the agency’s lawyers decided analysts were able to see who UK phone numbers had been texting, and search for them in the database.
The GCHQ memo sets out in clear terms what the agency’s access to Dishfire allows it to do, before handling how UK communications should be treated. The unique property of Dishfire, it states, is how much untargeted or unselected information it stores.
“In contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of unselected SMS traffic,” it states (emphasis original). “This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.”
It later explains in plain terms how useful this capability can be. Comparing Dishfire favourably to a GCHQ counterpart which only collects against phone numbers that have specifically been targeted, it states “Dishfire collects pretty much everything it can, so you can see SMS from a selector which is not targeted”.
The document also states the database allows for broad, bulk searches of keywords which could result in a high number of hits, rather than just narrow searches against particular phone numbers: “It is also possible to search against the content in bulk (e.g. for a name or home telephone number) if the target’s mobile phone number is not known.”
Analysts are warned to be careful when searching content for terms relating to UK citizens or people currently residing in the UK, as these searches could be successful but would not be legal without a warrant or similar targeting authority.
However, a note from GCHQ’s operational legalities team, dated May 2008, states agents can search Dishfire for “events” data relating to UK numbers – who is contacting who, and when.
“You may run a search of UK numbers in DISHFIRE in order to retrieve only events data,” the note states, before setting out how an analyst can prevent himself seeing the content of messages when he searches – by toggling a single setting on the search tool.
Once this is done, the document continues, “this will now enable you to run a search without displaying the content of the SMS, especially useful for untargeted and unwarranted UK numbers.”
A separate document gives a sense of how large-scale each Dishfire search can be, asking analysts to restrain their searches to no more than 1,800 phone numbers at a time.
An NSA slide on the ‘Prefer’ program reveals the program collected an average of 194 million text messages a day in April 2011. Photograph: Guardian
The note warns analysts they must be careful to make sure they use the form’s toggle before searching, as otherwise the database will return the content of the UK messages – which would, without a warrant, cause the analyst to “unlawfully be seeing the content of the SMS”.
The note also adds that the NSA automatically removes all “US-related SMS” from the database, so it is not available for searching.
A GCHQ spokesman refused to comment on any particular matters, but said all its intelligence activities were in compliance with UK law and oversight.
But Vodafone, one of the world’s largest mobile phone companies with operations in 25 countries including Britain, greeted the latest revelations with shock.
“It’s the first we’ve heard about it and naturally we’re shocked and surprised,” the group’s privacy officer and head of legal for privacy, security and content standards told Channel 4 News.
“What you’re describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won’t go beyond the law and comply with due process.
“But what you’re describing is something that sounds as if that’s been circumvented. And for us as a business this is anathema because our whole business is founded on protecting privacy as a fundamental imperative.”
He said the company would be challenging the UK government over this. “From our perspective, the law is there to protect our customers and it doesn’t sound as if that is what is necessarily happening.”
The NSA’s access to, and storage of, the content of communications of UK citizens may also be contentious in the light of earlier Guardian revelations that the agency was drafting policies to facilitate spying on the citizens of its allies, including the UK and Australia, which would – if enacted – enable the agency to search its databases for UK citizens without informing GCHQ or UK politicians.
The documents seen by the Guardian were from an internal Wikipedia-style guide to the NSA program provided for GCHQ analysts, and noted the Dishfire program was “operational” at the time the site was accessed, in 2012.
The documents do not, however, state whether any rules were subsequently changed, or give estimates of how many UK text messages are collected or stored in the Dishfire system, or from where they are being intercepted.
In the statement, the NSA spokeswoman said: “As we have previously stated, the implication that NSA’s collection is arbitrary and unconstrained is false.
“NSA’s activities are focused and specifically deployed against – and only against – valid foreign intelligence targets in response to intelligence requirements.
“Dishfire is a system that processes and stores lawfully collected SMS data. Because some SMS data of US persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of SMS data in Dishfire.
“In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.”
The agency draws a distinction between the bulk collection of communications and the use of that data to monitor or find specific targets.
A spokesman for GCHQ refused to respond to any specific queries regarding Dishfire, but said the agency complied with UK law and regulators.
“It is a longstanding policy that we do not comment on intelligence matters,” he said. “Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.”
GCHQ also directed the Guardian towards a statement made to the House of Commons in June 2013 by foreign secretary William Hague, in response to revelations of the agency’s use of the Prism program.
“Any data obtained by us from the US involving UK nationals is subject to proper UK statutory controls and safeguards, including the relevant sections of the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act,” Hague told MPs.
Olduvaiblog: Musings on the coming collapse 