The NSA's Search Engine for Spy Data Is Helping the FBI and DEA

The NSA has built a "Google-like" system for sharing hundreds of billions of metadata records with other government agencies, according to documents published by The Intercept. The system, beyond being an intuitive interface for accessing information, raises further concerns about how massive amounts of surveillance data are being used and shared with agencies such as the FBI and DEA.

Codenamed ICREACH, the search engine can tap into what is deemed as "foreign intelligence," which, due to the broad nature of the NSA's collection methods, "contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing," reports The Intercept.

Executive Order 12333 is a Reagan-era order that gives the NSA the legal authority to carry out many of its mass surveillance programs. It permits collection overseas, meaning that the NSA can still "incidentally" collect the communications of Americans, as long as the collection is taking place abroad. It's a loophole that was criticized by whistleblower John Napier Tye when he came forward post-Snowden, as well as by legal experts.

The data collected from these 12333 programs are then pumped into the databases that ICREACH searches through. The databases include metadata associated with phone calls, the location of cellphones, and internet chats, all of which, although not communications, can be used to track, and even predict, an individual's movements and social networks.

"The scale is significant," journalist Ryan Gallagher, who wrote the article, told me.

But it's not just the size that matters. As mentioned, this system is available to other agencies in a direct fashion. According to a 2010 memo, 23 individual agencies can use ICREACH, and another document describes the DEA, FBI, CIA and Defense Intelligence Agency as key players in the scheme.

Neither of these documents name the 23 agencies that had access in 2010, although it can be speculated that they include a number of the 17 Intelligence Community (IC) members, such as the Department of State and Department of Homeland security.

The NSA, it has been revealed in previous reports, already shares some data with other domestic agencies on a selective basis. Declassified court orders detailed how the NSA has been feeding the FBI "tips" for at least 3 years, in the form of telephone numbers, suggesting that any sort of sharing of intelligence only happens in very specific cases.

But in light of these new revelations, selectively sending pieces of intelligence to other agencies is "not what is happening at all," Gallagher said.

This matters, because previous instances have shown how agencies that get pieces of intelligence from the NSA use them to construct cases, and then purposefully cover up where they got the information from to avoid having to debate the legality of the data collection in court.

In August last year, Reuters detailed how agents from a secret DEA unit were not disclosing where they got their tips from. In one drug case mentioned in the Reuters article, the info came from an NSA intercept.

This practice of getting evidence from one source and attributing it to another is called parallel construction, and is a deeply troublesome issue for any democratic justice system.

"Parallel construction is a huge problem from the perspective of any criminal defendant who is prosecuted on the basis of this information, because [it] hides the true source of the government's evidence in that investigation," Patrick Toomey, a staff attorney from the American Civil Liberties Union's National Security Project, told me over the phone.

"The defendant can't challenge whether the underlying search was lawful or constitutional, because he doesn't know about it," Toomey continued.

Returning to ICREACH, Toomey sees the sharing of sensitive information amongst myriad agencies as an additional threat to civil liberties, on top of the already gross violations we have seen with how the data is collected in the first place.

"I think any time that data is shared widely, there is the risk of new abuses, because you are putting that information in the hands of more and more agencies," Toomey said. This, he claims, could mean that more people mistakenly end up on no-fly lists, for instance, if the data is being distributed widely.

What should happen, is that "the rules governing the sharing of sensitive data should be strict, especially when it comes to Americans' data," Toomey said. "But instead, those privacy rules have been watered down in secret."