The Israel MOU: What We Don’t Know

The Guardian pub­lished another NSA doc­u­ment today, this time about a Mem­o­ran­dum of Under­stand­ing between the NSA and Israel’s SIGINT agency, ISNU, that looks worrying.

The National Secu­rity Agency rou­tinely shares raw intel­li­gence data withIsrael with­out first sift­ing it to remove infor­ma­tion about US cit­i­zens, a top-secret doc­u­ment pro­vided to the Guardian by whistle­blower Edward Snow­den reveals.

Details of the intelligence-sharing agree­ment are laid out in a mem­o­ran­dum of under­stand­ing between the NSA and its Israeli coun­ter­part that shows the US gov­ern­ment handed over inter­cepted com­mu­ni­ca­tions likely to con­tain phone calls and emails of Amer­i­can cit­i­zens. The agree­ment places no legally bind­ing lim­its on the use of the data by the Israelis.

The deal was reached in prin­ci­ple in March 2009, accord­ing to the undated mem­o­ran­dum, which lays out the ground rules for the intel­li­gence sharing.

If this sounds appalling, that is because sev­eral things here are not pre­sented accu­rately in the Guardian’s story.

For starters, the MOU is dated, in some way, in March of 2009 (there is no date on the doc­u­ment and the Guardian does not say when it was drafted). It is only signed by an Israeli offi­cial, and not by any U.S. offi­cial, so we do not know if this is the final MOU that frames the intel shar­ing agree­ment. But there’s more: this past June, the Guardian reported that in July of 2009 the min­i­miza­tion pro­ce­dures gov­ern­ing US per­son infor­ma­tion were dra­mat­i­cally tight­ened. From the Guardian:

The Guardian is pub­lish­ing in full two doc­u­ments sub­mit­ted to the secret For­eign Intel­li­gence Sur­veil­lance Court (known as the Fisa court), signed by Attor­ney Gen­eral Eric Holder and stamped 29 July 2009. They detail the pro­ce­dures the NSA is required to fol­low to tar­get “non-US per­sons” under its for­eign intel­li­gence pow­ers and what the agency does to min­i­mize data col­lected on US cit­i­zens and res­i­dents in the course of that surveillance…

The top secret doc­u­ments pub­lished today detail the cir­cum­stances in which data col­lected on US per­sons under the for­eign intel­li­gence author­ity must be destroyed, exten­sive steps ana­lysts must take to try to check tar­gets are out­side the US, and reveals how US call records are used to help remove US cit­i­zens and res­i­dents from data collection.

So four months after this MOU was first saved to someone’s sharedrive (which is how Edward Snow­den down­loaded his doc­u­ments), the rules that gov­ern how Amer­i­can infor­ma­tion col­lected by the NSA can be use were changed, appar­ently dra­mat­i­cally. So we don’t know if or how those new rules may have changed the terms of this MOU for shar­ing intel­li­gence with Israel.

To recap so far: we don’t know if this is the final ver­sion of the MOU, because it does not bear the sig­na­ture or approval of any U.S. offi­cial; and we do not know if its terms changed after rules altered the nature of col­lec­tion on U.S. per­sons. Most impor­tantly, there is no state­ment sug­gest­ing the fre­quency of shar­ing even though the Guardian printed that US per­sonal infor­ma­tion is “rou­tinely shared” any­way. But, alas, there’s more.

In the story, the Guardian uses a fun turn of phrase: “The agree­ment places no legally bind­ing lim­its on the use of the data by the Israelis.” This is tech­ni­cally true, since the MOU, like most MOUs, is not a legally bind­ing doc­u­ment. But it takes a lot of read­ing between the lines to get from that to the Guardian’s asser­tion that the NSA rou­tinely sends un-minimized infor­ma­tion on U.S. citizens.

The trig­ger phrase appears on page two, under a sec­tion titled “Back­ground.” The MOU states:

NSA rou­tinely sends ISNU min­i­mized and unmin­i­mized raw col­lec­tion asso­ci­ated with
selec­tors from mul­ti­ple Tar­get Office Pri­mary Inter­est (TOPI) offices in Analy­sis and Pro­duc­tion, S2 as part of the SIGINT rela­tion­ship between the two orga­ni­za­tions. This mutu­ally agreed upon exchange has been ben­e­fi­cial to both NSA’s and mis­sion and intel­li­gence requirements.

How­ever, it does not say that it specif­i­cally sends col­lec­tion on Amer­i­cans. The TOPI guide­lines, for one, require rea­son­able belief that a tar­geted com­mu­ni­ca­tion is for­eign in ori­gin. Some­times, Amer­i­can com­mu­ni­ca­tions slip through but those are a small minor­ity of col­lec­tions. At the very least, the Guardian’s state­ment is a “maybe” — it’s pos­si­ble that some raw and unmin­i­mized Amer­i­can per­son infor­ma­tion gets sent to ISNU, but we don’t know how much, how reg­u­larly, or how broadly. More­over, the very next para­graph says:

NSA and ISNU have pre­vi­ously dis­cussed the pro­tec­tion of U.S. Per­son infor­ma­tion, in rela­tion to task­ing joint col­lec­tion oper­a­tions. and agreed in prin­ci­ple to not task com­mu­ni­ca­tions of U.S. cit­i­zens. The pro­posal to share unmin­i­mized raw col­lec­tion requires addi­tional pro­ce­dures to meet for­mal requirements.

This would sug­gest that while the MOU lays out the terms of the shar­ing agree­ment, they rec­og­nized the need for addi­tional pro­ce­dures to min­i­mize any infor­ma­tion on US cit­i­zens. Kind of cru­cial infor­ma­tion, no? But just after this sec­tion is, I would argue, and even more impor­tant sec­tion of the MOU. In a sec­tion titled “Respon­si­bil­i­ties,” the MOU oblig­ates the NSA to per­form rou­tine checks on the pro­gram, includ­ing bian­nual reviews to mea­sure the qual­ity and fidelity of the infor­ma­tion being shared. But more­over, it specif­i­cally oblig­ated the ISNU to iden­tify, exclude, and destroy any infor­ma­tion it finds about US citizens:

b. (U) ISNU shall:

1) Not use any tech­nol­ogy or equip­ment that is fur­nished under the accom­mo­da­tion pro­cure­ment process to inten­tion­ally tar­get com­mu­ni­ca­tions to, from, or about U.S. Per­sons any­where in the world or inten­tion­ally tar­get any per­son meet­ing the def­i­n­i­tion of a U.S. Per­son pro­vided in Sec­tion II above.

Not use any infor­ma­tion pro­vided by NSA. as raw mate­r­ial or oth­er­wise, to inten­tion­ally inter­cept the com­mu­ni­ca­tions to, from or about a LI .S. person.

The MOU also imposes strong report­ing require­ments on ISNU should it find US infor­ma­tion in the data.

Lastly, there is a basic prob­lem of def­i­n­i­tions. A Mem­o­ran­dum of Under­stand­ing is just that: a mem­o­ran­dum. It does not lay out the terms of intel shar­ing or describe in any way how that shar­ing func­tions on a nor­mal basis. You’d think that in Edward Snowden’s 58,000 stolen files there would be some­thing about that, but then again the lead reporter on this story, Glenn Green­wald, also has a his­tory of omit­ting cru­cial infor­ma­tion that doesn’t sup­port his pre-determined nar­ra­tive about the world. So it could be in there and we’d just never know.

So, there are many things we do not know about this shar­ing pro­gram. We do not know:

  • What the final ver­sion of this MOU says;
  • Whether it changed after min­i­miza­tion rules strength­ened later in 2009;
  • What those “addi­tional pro­ce­dures” to min­i­mize Amer­i­can cit­i­zen infor­ma­tion are;
  • How much, if any, Amer­i­can infor­ma­tion actu­ally gets passed along;
  • What the peri­odic, annual reviews have said;
  • What the two bian­nual pro­gram reviews have said;
  • If the pro­gram is even ongo­ing; or
  • What the actual imple­men­ta­tion of this pro­gram looks like

If any­thing, this doc­u­ment shows the NSA made it a point, judg­ing by word count, to do a rea­son­able job pro­tect­ing any data col­lected on Amer­i­cans, to the extent of seem­ingly paus­ing imple­men­ta­tion of this MOU until they could reli­ably min­i­mize that data. Nev­er­the­less, despite so many unknowns, the Guardian still chose to run a story whose head­line blares:

NSA shares raw intel­li­gence includ­ing Amer­i­cans’ data with Israel

• Secret deal places no legal lim­its on use of data by Israelis
• Only offi­cial US gov­ern­ment com­mu­ni­ca­tions pro­tected
• Agency insists it com­plies with rules gov­ern­ing privacy

In what uni­verse is such florid over­state­ment even remotely hon­est journalism?

RELATED: Remem­ber back in July, when the Guardian — again with Glenn Green­wald as the lead author — cov­ered a pro­gram called XKeyscore? There, too, the Guardian pub­lished a slid­edeck that was drafted, at least in large part, before sig­nif­i­cant por­tions of US law changed the legal and pro­gram­matic terms of how XKeyscore could func­tion. When I asked their edi­tors about it, they declined to even answer the ques­tion of tim­ing, much less engage with any details.

The con­stant lies of omis­sion, of leav­ing out crit­i­cal details that dra­mat­i­cally change one’s under­stand­ing of the story as orig­i­nally reported, is now an estab­lished pat­tern. Despite this, many other reporters treat the Guardian’s report­ing with absolute credulity and do not apply a shred of skep­ti­cism or crit­i­cal read­ing skills to sto­ries that are eas­ily ques­tioned using the Guardian’s own pre­vi­ous report­ing.

That’s not jour­nal­ism. It’s an echo chamber.