So, is the NSA reading your email?
Rep. Mike Rogers, R-Mich., who chairs the House committee that oversees intelligence agencies, argues the data-collection programs are effective and operate under strict limits.
"The National Security Agency does not listen to Americans' phone calls and it is not reading Americans' emails. None of these programs allow that," he told host George Stephanopoulos on ABC’s Sunday talk show This Week. "As a matter of fact, the Patriot Act, part of that, 702, says it's expressly prohibited by law that you can read and wholly surveil domestic email traffic in the United States."
With new, leaked information swirling about broad data collection under secret court orders, we wondered: Does the law expressly prohibit the government from reading and engaging in surveillance of Americans’ domestic email?
Rogers was responding to discussion prompted by leaks from Edward Snowden, a 29-year-old former NSA contractor who left his job in Hawaii for Hong Kong.
Rogers mentioned both phone calls and emails. While we’re focusing on his claim about American email, it’s helpful to understand that Snowden’s leaks revealed details about two separate programs that function under different areas of the law.
First, a June 5 story in the Guardian by Glenn Greenwald disclosed a secret court order requiring Verizon to turn over "all call detail records" on an "ongoing daily basis," such as phone numbers and length of calls — but not their content.
Second, stories published June 6 by the Washington Post and the Guardian revealed top-secret PowerPoint slides that describe a data-collection program code-named Prism. The slides, dated April 2013, outline a program to collect email, chats, videos, photos, stored data and files from nine technology and social media companies, including Microsoft, Google, Yahoo, Facebook and Apple.
The programs are authorized under different — but related — pieces of legislation, both tied in some way to the Foreign Intelligence Surveillance Act of 1978, or FISA.
The phone-records order relies on U.S. Code amended by Section 215 of the Patriot Act, which updated provisions of FISA. By contrast, the Prism program falls under FISA’s Section 702, according to a response to news articles from the director of national intelligence, a part of the law added in 2008.
Rogers had mentioned both the "Patriot Act" and "702." We asked Rogers’ office what part of the law he was talking about when he said it’s "expressly prohibited" to "read and wholly surveil domestic email traffic in the United States."
The communications director for the House intelligence committee clarified he was talking about FISA’s Section 702. (The section was added by the FISA Amendments Act of 2008, renewed under President Barack Obama in December 2012, so Rogers misspoke when he mentioned the Patriot Act.)
Section 702 allows the attorney general and the director of national intelligence to authorize targeting of people "reasonably believed to be outside the United States" for "foreign intelligence information."
Under the section’s provisions, the government isn’t allowed to "intentionally target" citizens or people inside the United States, or to target someone outside the country for the purpose of getting information about a specific person who’s in the U.S.
Committee spokeswoman Susan Phalen highlighted, in particular, the requirement that the government "may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States."
But while Rogers was right that under Section 702, the government can't "wholly surveil domestic email traffic in the United States," his statement didn't tell the whole story, said several experts, including analysts for activist groups concerned about privacy.
They say that in the process of gathering information about foreigners, the government might be sweeping up vast amounts of American email. As long it’s not gathered for the purpose of targeting a "particular, known person" in the United States, that would appear to be acceptable under the law. Meanwhile, American email might be read with authorization under different parts of FISA.
"The government is expressly prohibited from intentionally targeting any person known at the time of the surveillance to be located in the United States," said Molly Bishop Shadel, a University of Virginia law professor who once worked for the Justice Department representing the United States on terrorism-related matters before the Foreign Intelligence Surveillance Court. "But that doesn't mean the government can never surveil people in the U.S.; it just means they can't do it under Section 702."
Officials could instead get permission to read emails under other parts of FISA, which require showing that a person is an agent of a foreign power.
Meanwhile, experts note that the government might be collecting vast amounts of Internet traffic that happens to include data from Americans.
"It's illegal to target domestic email traffic, but nothing at all stops the government from intercepting emails between U.S. persons as long as it's an ‘incidental’ byproduct of surveillance that is specifically authorized under Section 702," said Steve Vladeck, an American University law professor. "So if the government targets an email server in British Columbia that happens to have a lot of Seattle-based email traffic, odds are pretty good they'll pick up a bunch of ‘domestic’ emails. Then the question becomes what they do with them."
The FISA Amendments Act of 2008 that included Section 702 made that kind of incidental pickup of American email more likely, experts told us. Before that legislation, the government needed to seek a warrant to surveil a specific person. But under the law now, "they can target groups of people," said Trevor Timm, a digital rights analyst for the Electronic Frontier Foundation.
"It's really unclear about the scope of how much Internet traffic they are sucking up," he said. "By targeting those foreigners, they are naturally vacuuming up Americans' emails."
Rogers suggested Americans are protected against NSA eyeballs on their email, claiming, "It's expressly prohibited by law that you can read and wholly surveil domestic e-mail traffic in the United States." He’s right that surveillance authorized under Section 702 of FISA prohibits targeting Americans or intentionally collecting domestic email. But it doesn’t explicitly protect against gathering up records as a byproduct of foreign surveillance. The government can also seek authorization for surveilling an American’s email if it can show that person is an agent of a foreign power. Rogers’ claim is accurate, but it needs additional information. We rate it Mostly True.