Use of Tor and e-mail crypto could increase chances that NSA keeps your data
Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for US-based communications to be retained by the National Security Agency even when they're collected inadvertently, according to a secret government document published Thursday.
The document, titled Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence, is the latest bombshell leak to be dropped by UK-based newspaper The Guardian. It and a second, top-secret document detail the circumstances in which data collected on US persons under foreign intelligence authority must be destroyed or can be retained. The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on US citizens and residents.
While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the US, they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.
And in the event that an intercepted communication is later deemed to be from a US person, the requirement to promptly destroy the material may be suspended in a variety of circumstances. Among the exceptions are "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis."
Other conditions under which intercepted US communications may be retained include when it is "reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed."
The document, dated July 28, 2009, bears the signature of US Attorney General Eric Holder.
Supporters of the recently exposed NSA surveillance program have frequently argued that it is narrowly tailored so that it doesn't track the communications of ordinary US citizens and residents. Rules requiring inadvertently collected US communications to be destroyed once the error is discovered would appear to be key in supporting that view. The exceptions to that requirement may give critics new ammunition. Tor is a staple of many human rights advocates who want to prevent repressive governments from tracking their location or intercepting and reading their e-mail and instant messages. Encrypted e-mail, while by no means easy to use, remains a core practice among lawyers, corporate executives, and privacy advocates.
It's hard to read the documents and not be struck by the irony that use of these services may subject people on US soil to a much higher likelihood that their communications will be retained by an agency that's supposed to focus on foreign targets.