NSA Has No Clue How Many Americans it’s Spying On

The National Security Agency is watching the electronic communications of hundreds of millions people, allegedly to find foreign threats. But before Congress reauthorizes laws allowing this, it has a question: How many Americans are caught up in the government’s digital dragnets?

The answer, says National Intelligence Director James Clapper, is that we have no idea.

“We’re looking at several options right now, none of which are optimal,” said Clapper at a press briefing in Washington, D.C., on April 25. Security officials argue that analyzing the dataset would mean even more intrusions upon Americans’ privacy.

“Many people find that unsatisfactory, but that is a fact,” says Clapper.

Members of Congress are definitely not satisfied. Four years (pdf) of prompting by U.S. Sens. Ron Wyden and Mark Udall to nail down the number of Americans whose phone calls and emails are being collected has produced little. The senators, along with colleagues, wrote an exasperated letter (pdf) to Clapper on April 22 stating: “We are not asking you for an exact count. Today, our request is simply for a rough estimate.”

Fueling the controversy, NSA says it wants to start sharing raw communications data it collects with domestic law enforcement such as the FBI. That conflicts with intelligence agencies’ assertions that its programs are strictly to target foreigners.

“Our employees are trained to not look for U.S. persons,” NSA privacy and civil liberties officer, Rebecca Richards, told The Hill in March. “We’re not interested in those US persons. We're trying to look away from those."

Yet, a secret 2015 court ruling (pdf) unsealed this week shows that warrantless spying has already been formally approved by the Foreign Intelligence Surveillance Courts for general criminal investigations in the U.S., says the Electronic Frontier Foundation. These revelations have prompted dozens of advocacy groups to write intelligence officials that they are (again) circumventing constitutional protections and “pose new threats to the privacy and civil liberties of ordinary Americans” (pdf).

The worries focus on two core programs first revealed publicly by former CIA contractor Edward Snowden: PRISM and Upstream. These vast electronic listening programs—authorized by Section 702 of the Foreign Intelligence Surveillance Act—collect, sift and deposit much of the world’s electronic telecommunications in U.S. government databases. Nominally targeting non-U.S. citizens, the system pulls data from hundreds of millions of people’s internet communications, many of whom, NSA admits (pdf), are Americans.

Each program works differently, which adds to the difficulty of figuring out how many people are being caught up in the surveillance. PRISM allows NSA to retrieve data directly from U.S. companies like Google, Facebook and Microsoft through negotiated data-sharing contracts.

Security analyst Ashkan Soltani mapped out how the system might work based on available information. NSA sends a request for data, employees pull target emails, text and video chats, photographs and other data, and then pass it along to NSA for analysis. “Upstream” is a program that taps even more data by intercepting undersea fiber-optic cables that carry “about 80 percent” of the world’s traffic. This allows the U.S. government to eavesdrop on foreign communications over U.S. networks and detect suspicious patterns in the metadata.

Yet, the political enthusiasm for this type of surveillance is waning. Last year, Congress passed the USA Freedom Act in a overwhelming bipartisan vote that halted NSA’s bulk collection of phone metadata of U.S. citizens, such as phone numbers, call length and time. The vote marked the first time Congress has restricted government surveillance since the Sept. 11 attacks in 2001.