James Clapper
Senate Intelligence Committee hearing
March 12, 2013

Claim: The NSA doesn't collect data on millions of Americans.

Sen. Ron Wyden (D-Ore.): Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Director of National Intelligence James Clapper: No, sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could inadvertently, perhaps, collect, but not wittingly.

Actually: A secret court order shows the NSA does collect phone records on millions of Americans.

The secret court order, leaked by Snowden, shows that the NSA collects the metadata of all Verizon Business Network Services phone calls, on a daily basis. The court order says the metadata should include telephone numbers, routing information, the time the calls were made, how long the calls lasted, and the unique identifying numbers that pinpoint the device and the subscriber. The Foreign Intelligence Surveillance Court has also reportedly ordered Sprint and AT&T to turn over the same data.

In a letter written June 21, Clapper apologized for his "clearly erroneous" answer, saying he had been confused by Wyden's line of questioning.

In an interview on June 8, Clapper also said "collect" means something different to intelligence officials. Clapper told NBC News correspondent Andrea Mitchell that Americans should think of the NSA programs like a library. The NSA acquires all kinds of data to store in the "library," but the data is not "collected" until an analyst pulls a book off the shelf.

According to Department of Defense regulations, "Information shall be considered as 'collected' only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties... Data acquired by electronic means is 'collected' only when it has been processed into intelligible form."

Keith Alexander
DEF CON Hacking Conference
July 27, 2012

Claim: The NSA is only allowed to focus on communications from "bad guys."

NSA Director Gen. Keith Alexander: Under the FISA Amendment Act, we are authorized to collect foreign targets — think of terrorists — outside the United States. And that law allows us to use some of our infrastructure to do that. We may, incidentally, in targeting a bad guy, hit on somebody from a good guy, because there's a discussion there. We have requirements from the FISA Court and the Attorney General to minimize that, which means nobody else can see it unless there's a crime that's been committed.

Actually: The NSA's own standards also allow the agency to look at Americans' encrypted communications.

Senators Ron Wyden, D-Ore., and Mark Udall, D-Colo., singled out Alexander's claim in an October 2012 letter, writing, "We believe that this statement incorrectly characterized the minimization requirements that apply to the NSA's FISA Amendments Act collection, and portrays privacy protections for Americans' communications as being stronger than they actually are."

The senators did not specify what exactly was wrong with what Alexander said. Alexander replied to Wyden and Udall, but did not correct the alleged misstatement.

One possibility: Based on the leaked 2009 document on NSA internal procedures, we now know the NSA can also keep all encrypted communications for as long they are useful to NSA code-breaking efforts, even communications between Americans in the U.S.

Internal NSA procedures require analysts to destroy any Americans' communications — unless there is foreign intelligence value or evidence of a crime, or unless the communications are encrypted.

Of course, analysts can only make those determinations after they've already looked at the domestic communications. When Alexander said, "nobody else can see it," he appears to have meant, nobody else other than NSA analysts.

For encrypted communications, analysts need to first decrypt them, and then read them, before determining if the communications "are, or are reasonably believed likely to become, relevant to a current or future foreign intelligence requirement." And until the NSA can decrypt them, it can keep them, indefinitely.

Also, Wyden and Udall might have known that the NSA "incidentally" hits on good guys more often than officials had previously admitted. In a congressional hearing on July 17, NSA deputy director Chris Inglis said that when targeting a suspected terrorist, analysts look at their contacts "two or three hops" out. That means analysts look at all the people the suspected terrorist has contacted (first hop), all the people those people have contacted (second hop), and all the people those people have contacted (third hop). That's a lot of people. One study found that strangers on Facebook are on average separated by 4.74 degrees of separation.

Finally, we know the NSA is also collecting raw internet traffic through taps directly into fiber-optic cables and other infrastructure. What we don't know is how much "good guy" content that's sweeping up.

An NSA spokesperson did not answer our questions about Alexander's statement or the subsequent revelations.

Keith Alexander
Remarks at American Enterprise Institute
July 9, 2012

Claim: The NSA doesn't hold data on U.S. citizens.

Fox News: Will the Utah Data Center hold the data of American citizens?

NSA Director Gen. Keith Alexander: No. Part one: While I can't go into all the details of the Utah Data Center, we don't hold data on U.S. citizens.

Actually: Alexander himself has confirmed the NSA holds phone data on U.S. citizens for five years.

The government keeps domestic phone metadata for five years, Sen. Dianne Feinstein, D-Calif., said in a June 2013 congressional hearing, and Alexander subsequently confirmed.

Domestic content data can be kept even longer in certain circumstances — if it's encrypted, if it contains evidence of a crime, or if it's "foreign intelligence information" — according a leaked 2009 document on internal procedures.

An NSA spokesperson did not answer our questions about Alexander's contradictory claims.

Dianne Feinstein
Senate session on Patriot Act extension
May 23, 2011

Claim: The program allowing the collection of phone records is analogous to a grand jury subpoena.

Senate Intelligence Committee Chair Dianne Feinstein (D-Calif.): Business records. The third authority covered by this legislation is known as the business records provision and provides the government the same authority in national security investigations to obtain physical records that exist in an ordinary criminal case through a grand jury subpoena.

Actually: The secret court order shows the surveillance is much broader than what a grand jury subpoena allows.

Rather than ask for court orders compelling Verizon to turn over limited data on targeted individuals related to a particular investigation, NSA secured a court order compelling Verizon to turn over all its metadata, every day.

"I have never heard of anybody using a grand jury trial or administrative subpoena for such a sweeping class of records," said Mark Eckenwiler, who worked at the Justice Department on federal electronic surveillance law until January of this year. "Any subpoena is subject to a reasonableness limitation — that's something the Supreme Court itself has said. You can't ask for sun, moon, stars and all the archangels."

The difference is that the Patriot Act allows the collection of any business records "relevant to an authorized investigation," which the Foreign Intelligence Surveillance Court has interpreted broadly. The secret surveillance court has ruled that "relevant" can mean an entire database of records, such as all of the metadata Verizon collects on a daily basis.

Justice Department officials have repeatedly invoked the inapt grand jury subpoena analogy. In September 2009, then Deputy Assistant Attorney General Todd Hinnen testified to a House Judiciary subcommittee, "The USA PATRIOT Act made the FISA authority relating to business records roughly analogous to that available to FBI agents investigating criminal matters through the use of grand jury subpoenas." A day later, then Assistant Attorney General David Kris told the Senate Judiciary Committee the same thing. In March 2011, Hinnen — by then the Acting Assistant Attorney General for National Security — used the same comparison before a different House Judiciary subcommittee. And other former justice officials made frequent use of the same analogy.

A group of 26 senators wrote Clapper a letter calling the analogy misleading. The Washington Post reported that the comparison led several congressmen to believe the surveillance program was much narrower in scope. Rep. James Sensenbrenner Jr., R-Wis., one of the authors of the Patriot Act, said in a letter to Attorney General Eric Holder that the comparison to a grand jury subpoena "left the [Judiciary] Committee with the impression that the Administration was using the business records provision sparingly and for specific materials. The recently released FISA order, however, could not have been drafted more broadly."

The Justice Department has defended the analogy by referring back to the Patriot Act itself, which says the FBI can only obtain tangible things that could otherwise be obtained "in aid of a grand jury investigation or with any other order issued by a court of the United States."

The administration has also continued to use the analogy, though in modestly amended form. DNI General Counsel Bob Litt said July 19, "Records can be produced only if they are the type of records that could be obtained pursuant to a grand jury subpoena or other court process—in other words, where there is no statutory or other protection that would prevent use of a grand jury subpoena." Like several government officials before him, Litt also said the surveillance court order process is actually "more restrictive" than the grand jury subpoena process because analysts need to get court approval and apply minimization procedures.

President Obama
Charlie Rose Show interview
June 16, 2013

Claim: The Foreign Intelligence Surveillance Court is transparent.

Charlie Rose: Has FISA courts turned down any request?

President Obama: First of all, Charlie, the number of requests are surprisingly small. Number one. Number two, folks don't go with a query unless they've got a pretty good suspicion.

Rose: Should this be transparent in some way?

Obama: It is transparent — that's why we set up the FISA court.

Actually: The court's opinions are secret, and the Justice Department has fought to keep them secret.

Virtually the entire output of the court is classified, even as the court has broadened its interpretation of the law. The Department of Justice is currently fighting several Freedom of Information Act suits seeking release of Foreign Intelligence Surveillance Court documents, although the surveillance court itself has said its rules allow the release of some documents.

Members of Congress are also hamstrung. Many of their staffers are unable to help with oversight because they are barred from seeing any documents related to the programs. "I'm not exaggerating when I say that I spent over 1,000 hours working on this issue and I wasn't allowed to know what it was," one Wyden aide told the Huffington Post.

Until recently, the mere existence of the NSA surveillance programs was itself classified.

NSA Fact Sheet
Sections 702 of FISA and 215 of Patriot Act
June 8, 2013

And something is wrong with this NSA fact sheet...

...But the NSA won't say what.

On June 24, Senators Wyden and Udall wrote to Gen. Alexander alerting him to "an inaccurate statement about how the section 702 authority has been interpreted by the US government" in an official NSA fact sheet. They said that they believed the error was "significant."

The next day, the NSA pulled the fact sheet off its website, without correcting the error or re-posting it. Instead, the NSA responded to the senators by simply pointing to the law itself.

"Given the intense interest from the media, the public, and Congress, we believe the precision of the source document (the statute) is the best possible representation of applicable authorities," an NSA spokeswoman said on June 25.

We still don't know what the error was. An NSA spokesperson did not answer our questions about it.