Although the National Security Agency has protested that it does not have the capability to monitor all the surveillance on communications in the United States, it has been revealed that the agency has a data mining tool named Boundless Informant which enables the agency to note how much information it gets from computer and telephone networks from each country. Boundless Informant can count and categorize the records of communications, but not the contents.
In a 30-day period ending in March 2013 the NSA collected roughly 3 billion pieces of intelligence from US computer networks. The tool could give data to tell the NSA what types of coverage were used on a particular country in real time. In March 2013, the NSA collected 97 billion pieces of intelligence. The top five countries were 14 billion from Iran, 13.5 billion from Pakistan, 12.7 from Jordan, 7.6 billion from Egypt, and 6.3 billion from India.
In March, Democratic senator Ron Wyden of the Senate Intelligence Committee asked James Clapper, the director of national intelligence: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”
Clapper denied that the NSA did so.
Judith Emmel, an NSA spokeswoman, said, “NSA has consistently reported – including to Congress – that we do not have the ability to determine with certainty the identity or location of all communicants within a given communication. That remains the case.”
But the NSA does analyze its surveillance intercepts to the point where it can identify individual IP addresses. Chris Soghoian, the principal technologist with the Speech and Privacy Technology Project of the ACLU, said, “If you don’t take steps to hide it, the IP address provided by your internet provider will certainly tell you what country, state and, typically, city you are in.”
Last year, when asked whether the NSA knew how many Americans’ communications were being collected or reviewed and if the NSA had the technical know-how to do so, NSA director General Keith Alexander said, “No. No. We do not have the technical insights in the United States . . . nor do we do have the equipment in the United States to actually collect that kind of information”.
Current technology simply does not permit us to positively identify all of the persons or locations associated with a given communication (for example, it may be possible to say with certainty that a communication traversed a particular path within the internet. It is harder to know the ultimate source or destination, or more particularly the identity of the person represented by the TO:, FROM: or CC: field of an e-mail address or the abstraction of an IP address.) Thus, we apply rigorous training and technological advancements to combine both our automated and manual (human) processes to characterize communications – ensuring protection of the privacy rights of the American people. This is not just our judgment, but that of the relevant inspectors general, who have also reported this. The continued publication of these allegations about highly classified issues, and other information taken out of context, makes it impossible to conduct a reasonable discussion on the merits of these programs.