Documents obtained by the Guardian have revealed for the first time the top secret procedures detailing how the US National Security Agency can gather and use surveillance data. The guidelines, which were approved by the secret FISA court and Attorney General Eric Holder on the 29th of July, 2009, show that while the NSA is required to "minimize" the collection of data suspected to belong to US citizens, "inadvertently acquired" domestic communications can still be kept under certain circumstances without a warrant.

As US officials have previously stated, NSA analysts are only allowed to specifically target "non-US persons," and must take steps to prevent US citizens located within the US from being caught in their nets. That includes using "lead information" to try and determine the target's origins based on their means of communication, telephone records obtained by other surveillance programs, and other data gathered from research.

If communications are determined to originate from "US persons," interception must stop immediately. However, even if they are not foreign intelligence related, potential US communications can still be retained for up to five years under a broad set of circumstances. Those conditions include:

  • If the communications are "reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed"
  • If the communications are encrypted
  • If the communications are "reasonably believed" to contain technical information of interest to maintaining cybersecurity

Potential US communications can still be retained for up to five years

The documents also cite "limitations on NSA's ability to filter communications" as an acceptable excuse for keeping inadvertently collected data on those believed to be US citizens. Additionally, the guidelines specify that the NSA is allowed to hand all of their "unminimized" communications to the FBI or the CIA, as long as those agencies specify their own list of targets and comply with their own "minimization" procedures. Likewise, if a confidential communication between an attorney and their client is collected, interception must cease — but the communication can still be kept for a foreign intelligence purpose and even given to the Department of Justice, as long as it is segregated in a separate database and protected from being used in a criminal case.

The procedures detail the targeted collection of communications content authorized under Section 702 of the FISA Amendments Act (FAA), and should not be confused with un-targeted collection of bulk metadata under Section 215 of the Patriot Act — that separate collection authority was detailed earlier this month, when the Guardian released a rolling court order compelling Verizon to hand over all of its customers' call records on an "ongoing, daily basis."

The documents come a week after President Obama said in an interview that the 702 program "does not apply to any U.S. person." Director of National Intelligence James Clapper, along with other US officials, has also claimed that collection under Section 702 is "subject to an extensive oversight regime." But much of the activities seem to be left to the analyst's discretion, and are not regularly reviewed by a judge. The only regular oversight of the surveillance program comes from the Department of Justice and the Office of the Director of National Intelligence, which review the agency's activities every 60 days.

Sean Hollister contributed to this report