US intelligence chief defends surveillance programs

The collection of communications does not target U.S. persons, he said.

The U.S. government said late Thursday that it is authorized to collect intelligence information of non-U.S. persons located outside the country, in the wake of news reports on the government's surveillance programs.

The two newspaper reports refer to the collection of communications under section 702 of the Foreign Intelligence Surveillance Act, which is designed "to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States," said James R. Clapper, Director of National Intelligence, in a statement.

The section cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the country, he added. There are court approved procedures to minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons, Clapper said.

The U.S. National Security Agency and Federal Bureau of Investigation have real-time access to servers of Internet services companies like Google and Facebook to collect content for surveillance, the Washington Post and the Guardian reported on Thursday.

Stating that the information collected under the program is used to protect the U.S. from a variety of threats, Clapper criticized the unauthorized disclosure about the program as "reprehensible and risks important protections for the security of Americans."

The Guardian had earlier also published the copy of a secret April 25 order from the Foreign Intelligence Surveillance Court in Washington, D.C., which required Verizon to produce call records or "telephony metadata" on an ongoing daily basis until expiry of the authorization on July 19.

The metadata included communications routing information such as session-identifying information, trunk identifier, telephone calling card numbers, and time and duration of call, according to the document. The metadata collected did not, however, include the content of communications, or the name, address, and financial information of the customer.

The program does not allow the government to listen in on anyone's phone calls, and the information acquired does not include the content of any communications or the identity of any subscriber, Clapper said in a separate statement on Thursday, while confirming the authenticity of the order published by the British newspaper. The judicial order is used to support a sensitive intelligence collection operation, on which members of the U.S. Congress have been fully and repeatedly briefed,

It is not that intelligence officials are allowed to sift indiscriminately through the telephony metadata provided. "The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization," he added.

The intelligence official said he was providing the information, including some that was declassified for the purpose, because it is "important for the American people to understand the limits of this targeted counterterrorism program and the principles that govern its use."

"The unauthorized disclosure of a top secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation," Clapper said.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesNational Security AgencyregulationsecurityFederal Bureau of InvestigationlegislationgovernmentDirector of National Intelligenceinternet

More about FacebookFederal Bureau of InvestigationGoogleIDGNational Security AgencyVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place