In the immediate aftermath of disclosures that the National Security Agency collected American phone records in bulk and had fantastic access to accounts of Facebook, Google, and Microsoft users, NSA officials wrestled for weeks with how to respond to individuals’ questions.
That’s according to documents, obtained by the Guardian through Freedom of Information Act requests last month, but published in full (though still redacted) on Cryptome Tuesday.
In June of 2013, documents leaked by former NSA systems analyst Edward Snowden shocked the world with evidence of two programs. They’re often referred to by the legal authority that the NSA used to deploy them: Section 215, which enables the agency to get American call records in bulk from major carriers; and Section 702, codenamed PRISM, which helps the NSA quickly get non-Americans’ data from American tech companies.
Unsurprisingly, people flooded the NSA with FOIA requests to see just what the NSA had on them. (I was one of them.) Like more than 1,500 people, I used a clever website by activist Jonathan Corbett, which automated FOIA requests for personal data. (According to one email, one website facilitated for more than half of their pending FOIA requests.) Government agencies are legally required to respond in some way to FOIA requests, but like many (and presumably all) who used Corbett’s site, I got back a generic form letter that refused to confirm or deny pretty much anything. That I’d read some of Snowden’s NSA documents with my own eyes didn’t matter.
But the emails obtained by the Guardian confirm what everyone suspected: that the NSA’s carefully-worded non-claims were absolutely intentional. Activists are conversational with the term “glomar response,” which refers to a government refusal to confirm or deny a claim. But so, as it turns out, is the NSA.
The subject of one chain of emails between the agency and legal counsel about how to word its FOIA responses is simply “Glomar letters.” Though the contents of those emails are largely redacted, the parts that aren’t show a lot of tinkering.
“You approved the attached Glomar letter, but wanted to make sure that it does not need to be tweaked,” one says. “We’ve already sent this Glomar letter to approx. 300 requesters so far.”
Another email, from NSA Chief FOIA public liaison officer Pamela Phillips, referenced what she deemed a reworked, “reasonable response” to people who wanted information on their own records. That said, she noted, “it still ends up being a GLOMAR response.”
Philipps’s emails also mention PRISM by name, something that the government has largely shied away from in public disclosures.
Indeed, by July 2 of last year, Philipps was calling and emailing her colleagues to ask for any “information on PRISM” she could share with FOIA requesters. “We’d like to know whether there is anything relating to PRISM that is unclassified, or could be segregated from classified records, that would be releasable,” she wrote.
Was there any such information on PRISM? I sure didn’t get it, and the letter the NSA sent to me was dated July 17. There are several pages of additional information immediately after Philipps’s email in the Guardian‘s document, but it’s all redacted.
Illustration by Jason Reed