One of the Obama administration's most repeated defenses of the NSA's internet surveillance programs has been that it does not "intentionally" target American citizens communicating domestically. That may be technically true, but an unnamed telecom executive who dealt with surveillance orders tells Foreign Policy that there's no way for the NSA to tell the difference at the point of collection.
"There is physically no way to ensure that you're only gathering US person emails," said the executive, who has reportedly complied with court orders which forbid their recipients from acknowledging receiving them. "The system doesn't make any distinction about the nationality" of the people whose communications are intercepted. That's due in part to the way international communications are routed, a large amount of which pass through the US.
"They do know that US person data will get through. They admit that."
Since the NSA appears to collect indiscriminately, it says it applies procedures to determine whether data comes from a US citizen or not. According to leaked documents detailing these procedures, an analyst must have "reasonable suspicion" that a person whose communications have been intercepted is not a "US person" communicating on US soil. But if the analyst can not prove this, the person "will be presumed to be a non-United States person" and the data will be retained. Even if analysts determine they have collected data on a US person, the document says that the NSA can still retain the data under a broad range of exceptions, such as if the communication is encrypted, holds information relevant to cybersecurity, or "contains evidence of a crime that has been, is being, or is about to be committed."
"They do know that US person data will get through. They admit that," a former intelligence official tells Foreign Policy. "They don't listen to everything and process everything ... Sometimes they may keep it and look at it later."
President Obama's initial reassurance on the PRISM program was that "with respect to the internet and emails, [PRISM] does not apply to US citizens, and it does not apply to people living in the United States." But a leaked Justice Department memo published Thursday by The Guardian states that "NSA has in its databases a large amount of communications metadata associated with persons in the United States." The paper found that "it is clear that the [NSA] collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets." When two US senators, citing privacy concerns, asked the NSA to investigate how many US citizens have had their data collected in this way, the agency refused, making the bizarre argument that doing so would violate US citizens' privacy.