Charlie Savage has a significant article in the NY Times about the scope of NSA surveillance involving people inside the United States and outside the United States. In 50 U.S.C. 1881a(a), Congress approved surveillance via “the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.” That authorization clearly covers monitoring the contents of e-mail and text communications between (a) a person in the United States and (b) a suspected terrorist outside the United States. According to the story, the FISC has also approved construing the statutory language to also include monitoring the contents of e-mail and text communications between (a) a person in the United States and (b) a person outside the United States when (c) the contents of that communication contains information about a suspected terrorist or terrorist group.
If I understand the story correctly, the NSA scans the contents of traffic between those inside the U.S. and outside the U.S. that mentions, say, the known e-mail address of a suspected terrorist, and it copies the contents of the communications for later analysis. As a practical matter, this means that the NSA is at least filtering through a lot more communications than had been reported. Also, this places a premium on knowing the precision of the queries that the NSA is making. If the NSA is running searches through the contents of communications for a suspected terrorist’s non-public e-mail account, Haksdjh98ksdjfhadf@gmail.com, that’s one thing; if it is running searches through the contents of communications for references to that person’s name, it’s another. As I wrote six years ago, it’s all about the filters.
UPDATE: I have amended the post to make more clear that the issue here is scanning through contents, not metadata.