3 October 2011, ODNI: FISC: Re Government's Ex Parte Submission of Reauthorization Certifications (Memorandum Opinion, Order) (PDF)
NSA gathered thousands of Americans e-mails before court ordered it to revise its tactics
By Ellen Nakashima
For several years, the National Security Agency unlawfully gathered tens of thousands of e-mails and other electronic communications between Americans as part of a now-revised collection method, according to a 2011 secret court opinion. 
The redacted 85-page opinion, which was declassified by U.S. intelligence officials  on Wednesday, states that, based on NSA estimates, the spy agency may have been collecting as many as 56,000 "wholly domestic" communications each year.
In a strongly worded opinion, the chief judge of the Foreign Intelligence Surveillance Court expressed consternation at what he saw as a pattern of misleading statements by the government and hinted that the NSA possibly violated a criminal law against spying on Americans.
"For the first time, the government has now advised the court that the volume and nature of the information it has been collecting is fundamentally different from what the court had been led to believe," John D. Bates, then the surveillance court's chief judge, wrote in his Oct. 3, 2011, opinion.
The court, which meets in secret, oversees the Foreign Intelligence Surveillance Act, the law authorizing such surveillance in the United States. It has been criticized by some as a "rubber stamp" for the government, but the opinion makes clear the court does not see itself that way.
Bates's frustration with the government's lack of candor extended beyond the program at issue to other NSA surveillance efforts.
"The court is troubled that the government's revelations regarding NSA's acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program," Bates wrote in a scathing footnote.
The Washington Post reported last week  that the court had ruled the collection method unconstitutional. The declassified opinion sheds new light on the volume of Americans' communications that were obtained by the NSA and the nature of the violations, as well as the FISA court's interpretation of the program.
The release  marks the first time the government has disclosed a FISA court opinion in response to a Freedom of Information Act lawsuit. The lawsuit was brought a year ago by the Electronic Frontier Foundation, a privacy group.
"It's unfortunate it took a year of litigation and the most significant leak in American history to finally get them to release this opinion," said foundation staff attorney Mark Rumold, "but I'm happy that the administration is beginning to take this debate seriously."
The pressure to release the opinion was heightened by a series of recent revelations about government surveillance based on documents leaked to The Washington Post and Britain's Guardian newspaper by former NSA contractor Edward Snowden.
Over the past 2-1/2 months, those revelations have reignited a national debate on the balance between privacy and security, and President Obama has promised  to assuage concerns about government overreach, in part through more transparency.
The document was released along with several others related to a controversial collection program approved by Congress in 2008 under Section 702 of the FISA Amendments Act. Through that program, the NSA may target for collection the e-mails and phone calls of foreigners "reasonably believed" to be overseas.
Under Section 702, the NSA collects more than 250 million Internet communications each year, the opinion said. The vast majority -- 91 percent -- are obtained from Internet providers such as Google, Yahoo and AOL through a program code-named PRISM. 
At issue here was the less voluminous "upstream" collection that takes place as communications flow across Internet hubs -- not from service providers such as Google. Under that program, the NSA diverted international data passing through fiber-optic cables  in the United States into a repository where the material could be stored temporarily for processing and for the selection of foreign communications, rather than domestic ones. But in practice, because of technological difficulties, the NSA was unable to filter out the "wholly domestic" communications between Americans.
Officials stressed that it was the NSA that brought the collection method to the court's attention as part of its regular reporting process. "This was not in any respect an intentional or wholesale breach of privacy of American persons," Robert S. Litt III, the general counsel for the Office of the Director of National Intelligence, told reporters Wednesday.
Still, Bates noted that it was not until May 2011 -- several years after Section 702 was approved -- that the NSA told the court that its upstream collection of Internet communications may contain entire Internet "transactions" not related to the target. In other words, the agency may be collecting e-mails between two Americans or people inside the United States in violation of FISA.
In June 2011, the NSA informed Bates that an Internet transaction may be a single communication or it may include "multiple discrete communications," including those that are not to, from or about a target. That means instead of one e-mail, a string of Americans' e-mails could be inadvertently picked up. "That revelation fundamentally alters the Court's understanding of the scope of the collection conducted pursuant to Section 702," Bates said.
"By expanding its Section 702 acquisitions to include the acquisition of Internet transactions through its upstream collection, NSA has, as a practical matter, circumvented the spirit of [the law]," Bates wrote. "NSA's knowing acquisition of tens of thousands of wholly domestic communications through its upstream collection is a cause of concern for the court."
He ordered the collection to stop until the NSA could propose an acceptable remedy. In November 2011, Bates signed an order approving the fix, which included a new technical means to segregate transactions most likely to contain U.S. persons' communications and reducing the retention period from five to two years.
In April 2012, the NSA decided to conduct a purge of all upstream data collected since Section 702's inception in 2008, senior intelligence officials said. They could not estimate the quantity, but one official said it was "lots." Said another: "It would have been everything."
The newly released opinion also reflects Bates's frustration with the court's inability to independently verify the NSA's assertions, a sentiment underscored in a recent statement made to The Post by the current chief judge, Reggie B. Walton. 
Because of the "sheer volume" of transactions acquired by the NSA, "any meaningful review of the entire body of the transactions" was not feasible, Bates wrote. "As a result, the court cannot know for certain the exact number" of wholly domestic communications but was reliant on the NSA's samples of data. "Even if the court accepts the validity of conclusions derived from statistical analyses, there are significant hurdles in assessing NSA's upstream collection," he wrote.
He also stated in a footnote that the government's revelations about the scope of the NSA's upstream collection "implicate" a law that criminalizes unauthorized electronic surveillance. He said that he would address that issue in a separate order.
In another footnote, he also noted that in March 2009 the court concluded that its authorization of the NSA's bulk collection of Americans' phone-call records was "premised on a flawed depiction of how the NSA" uses the data. He also wrote: "This misperception by the FISC existed from the inception of its authorized collection in May 2006, buttressed by repeated inaccurate statements made in the government's submissions, and despite a government-devised and court-mandated oversight regime."
In that program, which was disclosed through a document leaked by Snowden to the Guardian, the NSA amasses a database of hundreds of millions of Americans' phone-call records. That includes numbers dialed and the time and duration of calls -- also known as metadata -- but no content.
Bates continued: "Contrary to the government's repeated assurances, NSA had been routinely running queries of the metadata using querying terms that did not meet the required standard. . . . The Court concluded that this requirement had been 'so frequently and systematically violated that it can fairly be said that this critical element of the overall . . . regime has never functioned effectively.' "
The Electronic Frontier Foundation sued after Sen. Ron Wyden (D-Ore.) got the Office of the Director of National Intelligence to acknowledge in July 2012 that the NSA's surveillance had at least once violated the Constitution.
"The FISA Court has noted that this collection violates the spirit of the law, but the government has failed to address this concern in the two years since this ruling was issued," Wyden said Wednesday. "This ruling makes it clear that FISA Section 702, as written, is insufficient to adequately protect the civil liberties and privacy rights of law-abiding Americans and should be reformed."
 http://www.dni.gov/files/documents/DNI Clapper Section 702 Declassification Cover Letter.pdf