The Guardian report is based on a 2007 NSA memo revealing that the shadowy agency specifically sought to “unmask” the personal data that British residents wanted to keep private. Where American and British lawmakers have repeatedly claimed that the far-reaching clandestine programs first revealed in June were designed to combat terrorism, Wednesday’s leak makes those claims problematic and point to a loose interpretation of what data can be collected to that end.
It indicates that the NSA was previously forced to remove the cell phone numbers, fax numbers, emails, and IP addresses caught in its clandestine efforts. Those restrictions loosened in 2007 after an agreement between the US and UK no longer required the agency to “minimize” its data records.
The records are also being made available to US intelligence and military agencies other than the NSA.
The documents were published in a collaborative effort by the Guardian and Channel 4 News in Britain. It is the latest report assembled from classified documents released to the press by former NSA contractor Edward Snowden, who has fled the US and is now living under temporary asylum in Russia. His disclosures have sparked international anger, with US allies condemning the surveillance.
Personal information belonging to UK residents were “incidentally collected” by the dragnet, indicating the individuals in question were not thought to have committed any crime, much less terrorism, nor were they the actual targets of the surveillance.
NSA leaders have admitted that intelligence analysts will collect information within “three hops” from the surveillance target, meaning they investigate the communications of a friend of a friend of a friend from that person. If starting its focus on one Facebook user this strategy, according to research conducted by the Guardian, could yield information for more than five million people.
The memo in question shows the NSA has been using the data collected from the UK for so-called “pattern of life” or “contact-chaining” inquiries, which are connected to the “three hops” examinations.
The link between the Americans and the British intelligence agencies constitutes the main partnership of the “Five Eyes” data-sharing alliance. Also involved are Canada, Australia, and New Zealand; however it seems to have always been an understanding that the nations will not collect information on the public of any other.
The NSA document describes the Five Eyes agreement as one that “has evolved to include a common understanding that both governments will not target each other’s citizens/persons.”
Yet a separate NSA memo from 2005 outlines a proposed classified procedure that would give the agency access to another Five Eye nation, even when that partner has explicitly denied the US access.
This document, as viewed by the Guardian, plainly states to intelligence analysts that the targeted Five Eye nation must not be able to identify an American surveillance effort or the procedure that would allow it. A stipulation in the document notes that government “reserved the right” to monitor other Five Eyes’ citizens “when it is in the best interests of each nation.”
“Therefore,” it continues, “under certain circumstances, it may be advisable and allowable to target second party persons and secondary party communications systems unilaterally, when it is in the best interests of the US and necessary for US national security.”