Analysis: Tucker Carlson, the NSA, and ‘Incidental Collection’

210630_nsa_hq.png

Things got “very heated,” Fox News host Tucker Carlson said, just minutes before his show last night when his team asked the National Security Agency (NSA) if they’d ever read his emails.

“And again, they refused to say,” Carlson said on air, according to Fox News. “And then they refused to even explain why they couldn’t answer that simple question.”

This came after Carlson made the blockbuster, but so far evidence-free, claim that a “whistleblower” had told him the NSA was spying on him and would leak internal communications in an effort to get him off the air. In response, the NSA issued an incredibly rare public denial that Carlson was a “target” of NSA surveillance or a plot to bring down his opinion show.

That language, as specific as it was, was enough for Carlson and others to claim the NSA had issued a classic “non-denial denial.” Tucker said the NSA had not denied that it read his emails, only assured him he wasn’t a “target” of intelligence collection. “Okay, glad to know,” he said.

But there might be a good reason the NSA officials couldn’t answer Carlson’s question more directly: They might not know. The spy agency itself may not even know if they had collected any of his emails – or plenty of other Americans’ – because of privacy protections the agency says it uses. And it might not be legal to go back and check, according to a former NSA attorney.

It boils down to the subjects of “incidental collection,” “minimization” and “masking.”

When the NSA Does Read Americans’ Emails

Back in 2013 The Guardian published a report based on documents leaked by former NSA contractor Edward Snowden that laid out what I called in an ABC News story the “rules for accidentally spying on you.” Since, the NSA has released declassified updates to that policy.

The basics are these: The NSA is tasked with spying on foreign intelligence targets and can only very rarely target Americans, generally with a court order. But Americans’ communications can be and are swept up in the NSA’s collection on foreign targets on foreign soil.

The agency says it employs a bunch of “minimization” procedures to try to ensure they know when they’re spying on a legitimate target -- and that the target is not in the U.S. or is an American.

But if an American is talking to a legitimate foreign intelligence target – say a terror suspect in Syria has friends in the U.S. – the NSA might monitor that because they’re watching the foreign target. High-profile foreign figures, with whom high-profile journalists or political commentators may communicate, have been under surveillance as well. When American’s communications are caught in the net, it’s known as “incidental collection.”

If the information in the communications is deemed to be irrelevant to the intelligence mission, and not evidence of a crime, the copied communication and data about it is to be “destroyed.” But if the information is believed to be relevant to national security, it can be kept, per the declassified policy.

“So is it theoretically possible that somewhere in some NSA database there is some scrap of communication between Tucker Carlson and someone who is a legitimate foreign intelligence target of NSA or the USIC [U.S. Intelligence Community]? Of course. All kinds of things have a probability of greater than zero,” said former NSA attorney April Falcon Doss in a lengthy tweetstorm Tuesday about the controversy, which she deemed an example of “disinformation.”

But here’s the catch: Because of protocols meant to shield Americans’ privacy when their communications have been picked up, even if the NSA had swept up any of Carlson’s emails, beyond the initial analysts who saw the communications, the rest of the organization and the rest of the intelligence community might not know it was Carlson on the other end of the line.

“Dissemination of information about U.S. persons in any NSA foreign intelligence report is expressly prohibited unless that information is necessary to understand foreign intelligence information or assess its importance, contains evidence of a crime, or indicates a threat of death or serious bodily injury,” an NSA report from 2014 says [PDF]. “Even if one or more of these conditions apply, NSA may include no more than the minimum amount of U.S. person information necessary to understand the foreign intelligence or to describe the crime or threat.

“For example, NSA typically ‘masks’ the true identities of U.S. persons through the use of such phrases as ‘a U.S. person’ and the suppression of details that could lead him or her being successfully identified by the context.”

The terms “masking” and “unmasking” bowled their way into the public consciousness after The Washington Post reported a conversation in December 2016 between then-incoming White House National Security Advisor Michael Flynn and the then-Russian ambassador to the U.S. that was later revealed to have been captured in surveillance of the Russian ambassador. Flynn’s name was masked in the initial government reports about the call, but several Obama-era officials reportedly asked that the name be revealed.

As happened with Flynn, different government agencies or high-level officials can request that any American identity be “unmasked” if, as the NSA said in its policy, that information is necessary to understand the import of the captured communications. Every year the identities of thousands of Americans caught up in surveillance operations are unmasked, according to the Office of the Director of National Intelligence.

But Doss, who worked with Democratic lawmakers on the Russia probe after leaving the NSA, said the NSA can’t go back and check if they’ve swept up any of Carlson’s emails without a legitimate legal basis for doing so.

“NSA’s rules (minimization procedures, internal/external oversight, etc.) apply when data is collected, processed, queried & disseminated,” Doss tweeted. “So just like NSA can’t collect Carlson’s comms without [authorization], NSA analysts can’t search NSA databases looking for his comms w/out [authorization].”

So what to make of Carlson’s claims? The allegation by Carlson is a serious one, and U.S. intelligence agencies don’t have the best track record in being forthcoming with their spying activities in recent memory, much less in their long, controversial history.

But even Fox News lawyers say that Carlson shouldn’t be expected to be a source of any factual reporting.

The next shoe to drop, then, would presumably be the internal communications Carlson said he expects to be leaked. If and when that happens, a lot will turn on how and where the leak takes place and whether there’s anything at all to suggest U.S. government involvement in it.

Either way, the episode is a good reminder of the powers the NSA has, the internal controls it says it’s using and the attention lawmakers and the U.S. citizenry should pay to a complex but essential slice of national security and privacy debate.

[Do you have a tip or question for Code and Dagger? Send it along at CodeAndDagger@protonmail.com. Also, consider contributing to Code and Dagger on Patreon at Patreon.com/CodeAndDagger.]

Lawmaker Wants to Extract Uranium From Seawater. That's Not So Crazy.

Watchdog Urges NASA to Up Its Cybersecurity Game