Amidst the myriad of PRISM and FISA-related data collection leaks, rumors, denouncements, and sources, it was mentioned that the security agency takes steps to avoid collecting any more information on US citizens than necessary, something that has been expounded on today with two leaked top-secret documents. The documents were sent to The Guardian, which published them whole.
If you need a refresher course on PRISM and the related subjects, we've got it all laid out for you. This latest leak shows documents dated and signed by AG Eric Holder in July of 2009, which were then submitted to the Foreign Intelligence Surveillance Court, more commonly called FISA. Within the documents are details on how the NSA data collection methods attempt to reduce how much information it pulls on US citizens while targeting those from elsewhere.
First the good parts of what the documents reveal - rather than being able to wholesale pull all the data it wants, as some reports have suggested, the NSA must follow a series of checks and regulations. We already knew this. But what we didn't know was how specifically these things related to data gathered on US citizens, which was revealed by the documents.
The National Security Agency is required to, first and foremost, take "extensive steps" to verify whether the targets of its surveillance are located outside of the United States. Should data end up gathered on a US citizen, that data must be destroyed once identified as such. And finally, the mass call records gathered by the NSA are used to aid in identifying which persons are US citizens/residents, weeding them out of the data collection pull.
Now the less-than-awesome part: information pulled by the NSA, even if it could have information in it about a US citizen, can be kept for up to half a decade. In addition, information originating domestically can be both kept and used if it is "inadvertently" gathered. And as we mentioned, it allows for information to be gathered from "U.S. based machines" to assess whether a target is from the US, hence the phone records being monitored.
Furthermore, it is agency-based analysts who look at the targets and make decisions regarding them, such as whether they're acceptable for monitoring purposes. Though they are required to communicate with superiors and are subjected to reviews by audit teams, there are no lawyers or outside personnel involved in the matter.
SOURCE: The Guardian