The Israel MOU: What We Don’t Know

The Guardian published another NSA document today, this time about a Memorandum of Understanding between the NSA and Israel’s SIGINT agency, ISNU, that looks worrying.

The National Security Agency routinely shares raw intelligence data withIsrael without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.

Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.

The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.

If this sounds appalling, that is because several things here are not presented accurately in the Guardian’s story.

For starters, the MOU is dated, in some way, in March of 2009 (there is no date on the document and the Guardian does not say when it was drafted). It is only signed by an Israeli official, and not by any U.S. official, so we do not know if this is the final MOU that frames the intel sharing agreement. But there’s more: this past June, the Guardian reported that in July of 2009 the minimization procedures governing US person information were dramatically tightened. From the Guardian:

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target “non-US persons” under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance…

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

So four months after this MOU was first saved to someone’s sharedrive (which is how Edward Snowden downloaded his documents), the rules that govern how American information collected by the NSA can be use were changed, apparently dramatically. So we don’t know if or how those new rules may have changed the terms of this MOU for sharing intelligence with Israel.

To recap so far: we don’t know if this is the final version of the MOU, because it does not bear the signature or approval of any U.S. official; and we do not know if its terms changed after rules altered the nature of collection on U.S. persons. Most importantly, there is no statement suggesting the frequency of sharing even though the Guardian printed that US personal information is “routinely shared” anyway. But, alas, there’s more.

In the story, the Guardian uses a fun turn of phrase: “The agreement places no legally binding limits on the use of the data by the Israelis.” This is technically true, since the MOU, like most MOUs, is not a legally binding document. But it takes a lot of reading between the lines to get from that to the Guardian’s assertion that the NSA routinely sends un-minimized information on U.S. citizens.

The trigger phrase appears on page two, under a section titled “Background.” The MOU states:

NSA routinely sends ISNU minimized and unminimized raw collection associated with
selectors from multiple Target Office Primary Interest (TOPI) offices in Analysis and Production, S2 as part of the SIGINT relationship between the two organizations. This mutually agreed upon exchange has been beneficial to both NSA’s and mission and intelligence requirements.

However, it does not say that it specifically sends collection on Americans. The TOPI guidelines, for one, require reasonable belief that a targeted communication is foreign in origin. Sometimes, American communications slip through but those are a small minority of collections. At the very least, the Guardian’s statement is a “maybe” — it’s possible that some raw and unminimized American person information gets sent to ISNU, but we don’t know how much, how regularly, or how broadly. Moreover, the very next paragraph says:

NSA and ISNU have previously discussed the protection of U.S. Person information, in relation to tasking joint collection operations. and agreed in principle to not task communications of U.S. citizens. The proposal to share unminimized raw collection requires additional procedures to meet formal requirements.

This would suggest that while the MOU lays out the terms of the sharing agreement, they recognized the need for additional procedures to minimize any information on US citizens. Kind of crucial information, no? But just after this section is, I would argue, and even more important section of the MOU. In a section titled “Responsibilities,” the MOU obligates the NSA to perform routine checks on the program, including biannual reviews to measure the quality and fidelity of the information being shared. But moreover, it specifically obligated the ISNU to identify, exclude, and destroy any information it finds about US citizens:

b. (U) ISNU shall:

1) Not use any technology or equipment that is furnished under the accommodation procurement process to intentionally target communications to, from, or about U.S. Persons anywhere in the world or intentionally target any person meeting the definition of a U.S. Person provided in Section II above.

Not use any information provided by NSA. as raw material or otherwise, to intentionally intercept the communications to, from or about a LI .S. person.

The MOU also imposes strong reporting requirements on ISNU should it find US information in the data.

Lastly, there is a basic problem of definitions. A Memorandum of Understanding is just that: a memorandum. It does not lay out the terms of intel sharing or describe in any way how that sharing functions on a normal basis. You’d think that in Edward Snowden’s 58,000 stolen files there would be something about that, but then again the lead reporter on this story, Glenn Greenwald, also has a history of omitting crucial information that doesn’t support his pre-determined narrative about the world. So it could be in there and we’d just never know.

So, there are many things we do not know about this sharing program. We do not know:

  • What the final version of this MOU says;
  • Whether it changed after minimization rules strengthened later in 2009;
  • What those “additional procedures” to minimize American citizen information are;
  • How much, if any, American information actually gets passed along;
  • What the periodic, annual reviews have said;
  • What the two biannual program reviews have said;
  • If the program is even ongoing; or
  • What the actual implementation of this program looks like

If anything, this document shows the NSA made it a point, judging by word count, to do a reasonable job protecting any data collected on Americans, to the extent of seemingly pausing implementation of this MOU until they could reliably minimize that data. Nevertheless, despite so many unknowns, the Guardian still chose to run a story whose headline blares:

NSA shares raw intelligence including Americans’ data with Israel

• Secret deal places no legal limits on use of data by Israelis
• Only official US government communications protected
• Agency insists it complies with rules governing privacy

In what universe is such florid overstatement even remotely honest journalism?

RELATED: Remember back in July, when the Guardian — again with Glenn Greenwald as the lead author — covered a program called XKeyscore? There, too, the Guardian published a slidedeck that was drafted, at least in large part, before significant portions of US law changed the legal and programmatic terms of how XKeyscore could function. When I asked their editors about it, they declined to even answer the question of timing, much less engage with any details.

The constant lies of omission, of leaving out critical details that dramatically change one’s understanding of the story as originally reported, is now an established pattern. Despite this, many other reporters treat the Guardian’s reporting with absolute credulity and do not apply a shred of skepticism or critical reading skills to stories that are easily questioned using the Guardian’s own previous reporting.

That’s not journalism. It’s an echo chamber.