The National Security Agency is scaling back the way it spies on some communications over the Internet.
The NSA says it discovered what it called “lapses” in compliance with U.S. law.
They’re called “about” communications: The NSA not only watches messages traveling to and from a foreign target, but those that mention one.
That can mean the NSA sometimes sweeps up data from Americans without a warrant. In the past, officials said the spy agency was still mindful of citizens’ privacy.
But now NSA says it has discovered “several inadvertent compliance lapses,” which it reported to Congress and a secret court that oversees intelligence gathering.
There aren’t many more details, but the NSA now says it will, quote, “stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.”
Here’s the full statement from the NSA:
NSA Stops Certain Foreign Intelligence Collection Activities Under Section 702
The National Security Agency is instituting several changes in the way it collects information under Section 702 of the Foreign Intelligence Surveillance Act.
Section 702, set to expire at the end of this year, allows the Intelligence Community to conduct surveillance on only specific foreign targets located outside the United States to collect foreign intelligence, including intelligence needed in the fight against international terrorism and cyber threats.
NSA will no longer collect certain internet communications that merely mention a foreign intelligence target. This information is referred to in the Intelligence Community as “about” communications in Section 702 “upstream” internet surveillance. Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.
Even though NSA does not have the ability at this time to stop collecting “about” information without losing some other important data, the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.
Finally, even though the Agency was legally allowed to retain such “about” information previously collected under Section 702, the NSA will delete the vast majority of its upstream internet data to further protect the privacy of U.S. person communications.
The changes in policy followed an in-house review of Section 702 activities in which NSA discovered several inadvertent compliance lapses.
NSA self-reported the incidents to both Congress and the FISC, as it is required to do. Following these reports, the FISC issued two extensions as NSA worked to fix the problems before the government submitted a new application for continued Section 702 certification. The FISC recently approved the changes after an extensive review.
The Agency’s efforts are part of its commitment to continuous improvement as we work to keep the nation safe. NSA has a solemn responsibility and duty to do our work exactly right while carrying out our critical mission.