NSA may not be tracking your calls, but it knows what you’re Googling

For a secretive spy agency, the National Security Agency has been in the news a lot this week.

Unfortunately, its carefully-crafted public relations effort went off the rails yesterday.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":787891,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"A"}']

• Its director, General Keith Alexander, made a public presentation yesterday at Black Hat, a conference of hackers and security professionals in Las Vegas. Despite some heckling, he made a case for the limited scope and national-security necessity of the agency’s tracking of phone call data through its so-called PRISM program.
• While the uniformed NSA chief was speaking, Senators in Washington grilled the deputy director of the NSA, John Inglis, and other intelligence officials, about the agency’s tracking of phone calls and phone metadata.
• At the start of the Senate Judiciary Committee hearing, the Obama administration had released previously-classified documents that detailed the rules they say the NSA must follow in order to use data on domestic telephone calls.

But the news got ahead of the NSA’s PR push. While the NSA and administration officials were talking to the Senate and to Black Hat about phone metadata, the Guardian published new disclosures about yet another NSA program, this one called XKeyScore, which allows the agency to retrieve virtually any Internet activity from any intelligence target: Internet browsing, Facebook chats, the contents of emails (not just their addresses). The program even apparently has the ability to decrypt data transmitted through Virtual Private Networks (VPNs) or encoded with Pretty Good Privacy (PGP) encryption.

Then, this morning, freelance writer Michele Catalano published an account of how her husband was visited by six agents from the joint terrorism task force recently, apparently in response to the fact that she’d recently researched pressure cookers, her husband had recently shopped for backpacks, and her son may have been looking at pressure cooker bomb recipes (linked to from many news reports about the recent Boston Marathon bombing). A later update clarified that the agents were local law enforcement officers working with a terrorism task force, and that the FBI has confirmed publicly that it was aware of the visit, but did not conduct the visit itself.

There could be other reasons for the law enforcement visit than a sweep of Catalano’s family’s Google search records, such as her husband’s visits to Asia. But the timing of the visit seems like strongly circumstantial evidence, based on Catalano’s account.

The agents who interviewed her husband mentioned that they do this 100 times a week. It’s not clear if that’s locally or nationally, but either way, it’s disturbing: 100 times a week, black SUVs loaded with plainclothes officers are deployed to someone’s house or office to interrogate them about what they’ve been Googling recently.

Alexander noted yesterday that this kind of work has stopped 54 terrorists attacks, 13 of which would have been in the United States.

But at what cost?