US officials: NSA overseas surveillance is targeted, not bulk collection

Critics question the officials' description of the NSA's overseas surveillance programs

A U.S. National Security Agency surveillance program focused on overseas telephone and email communications is targeted and narrow, and not the bulk collection portrayed in numerous news reports from recent months, U.S. officials told a privacy watchdog board Wednesday.

Contrary to denials from many technology companies, the NSA's foreign surveillance programs authorized by section 702 of the FISA Amendments Act have the participation of those vendors, officials with the U.S. intelligence community told the U.S. Privacy and Civil Liberties Oversight Board (PCLOB).

Internet service providers and other technology companies "would have received legal process" documents when the NSA wanted to conduct surveillance on their customers, said Rajesh De, the NSA's general counsel. The NSA collects communications to and from certain email and telephone targets, with assistance from communications providers, and it also engages in upstream collection from the "Internet backbone," De said.

The picture U.S. officials painted to the PCLOB about NSA foreign surveillance efforts is very different from news reports based on leaks from former NSA contractor Edward Snowden over the past nine months.

Just a day after the Washington Post reported that the NSA has built a surveillance system capable of recording all of a foreign country's telephone calls, officials said the agency's surveillance programs focused on foreign communications don't target entire regions or countries but rather specific email addresses and telephone numbers.

The overseas programs are not bulk collection, added Robert Litt, general counsel in the Office of the Director of National Intelligence. Bulk collection is "getting a whole bunch of communications, hanging onto them, and then figuring out later what you want," he said. "This is not that. This is a situation where we figure out what we want, and we get that specifically."

To target a person under the overseas programs, the NSA needs "reason to believe" the communications are relevant to a foreign intelligence purpose.

Numerous press reports based on information from Snowden have suggested the NSA, through a program called Prism, is sifting through the servers of nine technology companies, including Microsoft, Google, Facebook and Apple. Most of those companies have denied giving the NSA access to their servers.

The NSA has also intercepted Internet communications in transit, planned to distribute surveillance malware targeting millions of computers and intercepted the mobile phone calls of millions of people, according to leaks from Snowden.

While officials from the NSA, ODNI and the Department of Justice denied reports that they are collecting overseas communications in bulk, others testifying at the PCLOB hearing voiced skepticism. The intelligence officials appear to be using a narrow definition of collection by suggesting that intercepting emails and telephone calls doesn't constitute collection, said Jameel Jaffer, deputy legal director of American Civil Liberties Union.

It would be difficult for the NSA to target communications about specific people, as the agency says it does, without having broader access to Internet or telephone traffic, he said.

"My understanding is there is no way to engage in 'about' surveillance without inspecting, in some sense, every communication within the universe of those that you are monitoring," he said. "You can call that bulk collection, or you could call that something else, but that scanning of every communication in a particular universe raises constitutional issues."

Jaffer and two other witnesses told the privacy board the NSA programs violate the Fourth Amendment to the U.S. Constitution, which protects U.S. residents against unreasonable searches and seizures. While the NSA says it does not target U.S. residents, there are few procedures in place to keep the agency from collecting information about U.S. residents, said Laura Donohue, a professor at the Georgetown University Law School.

In addition, the underlying law puts few limits on the NSA sharing information it has collected with law enforcement agencies in the U.S., she said.

Because the NSA foreign surveillance programs target people reasonably believed to be overseas, there is no Fourth Amendment issue, countered ODNI's Litt. People who live outside the U.S. "do not have rights under the Fourth Amendment," he said. "The Constitution does not require individualized warrants to target them."

Litt called the overseas surveillance programs important for U.S. national security. The overseas surveillance program is "one of the most valuable collection tools that we have," he said. "It is one of our most important sources of information, not only about terrorism, but about a wide variety of other threats to our nation."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags telecommunicationRobert LittU.S. National Security AgencyU.S. Office of the Director of National IntelligenceinternetprivacyGeorgetown University Law SchoolRajesh DeAmerican Civil Liberties UnionsecurityJameel JafferEdward SnowdenMailLaura DonohuegovernmentU.S. Privacy and Civil Liberties Oversight BoardU.S. Department of JusticeInternet-based applications and services

More about AppleApple.Department of JusticeFacebookGoogleIDGMicrosoftNational Security AgencyNSAPrism

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place