U.S. Collects Vast Data Trove
NSA Monitoring Includes Three Major Phone Companies, as Well as Online Activity
By SIOBHAN GORMAN, EVAN PEREZ and JANET HOOK
WASHINGTON—The National Security Agency's monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency's activities.
The disclosure this week of an order by a secret U.S. court for Verizon Communications Inc.'s VZ +3.46% phone records set off the latest public discussion of the program. But people familiar with the NSA's operations said the initiative also encompasses phone-call data from AT&T Inc. T +1.56% and Sprint Nextel Corp.,S +1.94% records from Internet-service providers and purchase information from credit-card providers.
The agency is using its secret access to the communications of millions of Americans to target possible terrorists, said people familiar with the effort.
The NSA's efforts have become institutionalized—yet not so well known to the public—under laws passed in the wake of the Sept. 11, 2001, attacks. Most members of Congress defended them Thursday as a way to root out terrorism, but civil-liberties groups decried the program.
"Everyone should just calm down and understand this isn't anything that is brand new,'' said Senate Majority Leader Harry Reid (D., Nev.), who added that the phone-data program has "worked to prevent'' terrorist attacks.
Senate Intelligence Chairman Dianne Feinstein (D., Calif.) said the program is lawful and that it must be renewed by Congress every three months. She said the revelation about Verizon, reported by the London-based newspaper the Guardian, seemed to coincide with its latest renewal.
Civil-liberties advocates slammed the NSA's actions. "The most recent surveillance program is breathtaking. It shows absolutely no effort to narrow or tailor the surveillance of citizens," said Jonathan Turley, a constitutional law expert at George Washington University.
The arrangement with the country's three largest phone companies means that every time the majority of Americans makes a call, NSA gets a record of the location, the number called, the time of the call and the length of the conversation, according to people familiar with the matter. The practice, which evolved out of warrantless wiretapping programs begun after 2001, is approved by all three branches of the U.S. government.
AT&T has 107.3 million wireless customers and 31.2 million landline customers. Verizon has 98.9 million wireless customers and 22.2 million landline customers while Sprint has 55 million customers in total.
NSA also obtains access to data from Internet service providers on Internet use such as email or website visits, several former officials said. NSA has established similar relationships with credit-card companies, three former officials said.
It couldn't be determined if any of the Internet or credit-card arrangements are ongoing, as are the phone company efforts, or one-shot collection efforts. The credit-card firms, phone companies and NSA declined to comment for this article.
Though extensive, the data collection effort doesn't entail monitoring the content of emails or what is said in phone calls, said people familiar with the matter. Investigators gain access to so-called metadata, telling them who is communicating, through what medium, when, and where they are located.
But the disconnect between the program's supporters and detractors underscored the difficulty Congress has had navigating new technology, national security and privacy.
The Obama administration, which inherited and embraced the program from theGeorge W. Bush administration, moved Thursday to forcefully defend it. White House spokesman Josh Earnest called it "a critical tool in protecting the nation from terror threats."
But Sen. Ron Wyden (D., Ore.), said he has warned about the breadth of the program for years, but only obliquely because of classification restrictions.
"When law-abiding Americans call their friends, who they call, when they call, and where they call from is private information," he said. "Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans' privacy."
In the wake of the Sept. 11 attacks, phone records were collected without a court order as a component of the Bush-era warrantless surveillance program authorized by the 2001 USA Patriot Act, which permitted the collection of business records, former officials said.
The ad hoc nature of the NSA program changed after the Bush administration came under criticism for its handling of a separate, warrantless NSA eavesdropping program.
President Bush acknowledged its existence in late 2005, calling it the Terrorist Surveillance Program, or TSP.
When Democrats retook control of Congress in 2006, promising to investigate the administration's counterterrorism policies, Bush administration officials moved to formalize court oversight of the NSA programs, according to former U.S. officials.
Congress in 2006 also made changes to the Patriot Act that made it easier for the government to collect phone-subscriber data under the Foreign Intelligence Surveillance Act.
Those changes helped the NSA collection program become institutionalized, rather than one conducted only under the authority of the president, said people familiar with the program.
Along with the TSP, the NSA collection of phone company customer data was put under the jurisdiction of a secret court that oversees the Foreign Intelligence Surveillance Act, according to officials.
David Kris, a former top national security lawyer at the Justice Department, told a congressional hearing in 2009 that the government first used the so-called business records authority in 2004.
At the time he was urging the reauthorization of the business-records provisions, known as Section 215 of the Patriot Act, which Congress later approved.
The phone records allow investigators to establish a database used to run queries when there is "reasonable, articulable suspicion" that the records are relevant and related to terrorist activity, Ms. Feinstein said Thursday.
The database allows investigators to "map" individuals connected with that information, said Jeremy Bash, who until recently was chief of staff at the Pentagon and is a former top aide to the House Intelligence committee.
"We are trying to find a needle in a haystack, and this is the haystack," Mr. Bash said, referring to the database.
Sen. Wyden on Thursday questioned whether U.S. officials have been truthful in public descriptions of the program. In March, Mr. Wyden noted, he questioned Director of National Intelligence James Clapper, who said the NSA did not "wittingly" collect any type of data pertaining to millions Americans. Spokesmen for Mr. Clapper didn't respond to requests for comment.
For civil libertarians, this week's disclosure of the court authorization for part of the NSA program could offer new avenues for challenges. Federal courts largely have rebuffed efforts that target NSA surveillance programs, in part because no one could prove the information was being collected. The government, under both the Bush and Obama administrations, has successfully used its state-secrets privilege to block such lawsuits.
Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said the fact the FISA court record has now become public could give phone-company customers standing to bring a lawsuit.