When the NSA spying revelations were first revealed, it was clear American metadata was being used when it came to tracking down terrorists – though it wasn't particularly useful – but Obama and others made bold statements that suggested “nobody [at the NSA] is listening to [American] telepohone calls.” However now director of national intelligence, James Clapper, has admitted that a loophole exists that allowed the NSA database to be searchable even if the target was a US citizen.
In typically wordy, political-speak, the letter unearthed by the Guardian and written by Clapper to a senator, says: “There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States. These queries were performed pursuant to minimization procedures approved by the FISA court and consistent with the statute and the fourth amendment.”
While FISA law does allow for the collection of US citizen metadata, it doesn't allow for the collection of call content. However, if those persons are communication with a foreign national or with someone in another country, it is possible. On top of that, sometimes “incidental collection,” takes place, where local phone call content is also recorded. These collections at least weren't searchable for the first few years of the scheme, but in 2011, FISA changes made it possible to look through and use any and all data regardless of nationality.
Even though technically legal, this doesn't paint the NSA or its defenders in a good light, who made a big deal of saying that Americans were kept out of the spying scheme. The fact that these searches are allowed without a warrant under FISA law, means that it's all secretive and we may never know the extent to which Americans have been spied upon. Considering we know some NSA employees used the schemes to spy on their love interests and partners, it seems likely that it's far higher than we ever thought.
KitGuru Says: This is why the whole “if you're not doing anything wrong,” stance is so off. It doesn't matter if you're doing anything wrong or not, you can have your phone records and even content looked through by some guy at the NSA, because he thinks your wife is hot. I'm sure it's not rampant, but it exists and the fact that the NSA considers that collateral damage and is able to get away with “incidentally,” collecting phone content and then not deleting it, is ridiculous.