Jun 4, 2015 · 2 minutes

Documents shared by Edward Snowden have shown that the United States expanded the National Security Agency's warrantless surveillance programs in 2012 to allow it to gather information related to cyberattacks and other crimes.

ProPublica and the New York Times report that this information was shared with the FBI, and in some cases might have been used to prosecute Americans, even though the NSA isn't supposed to gather information about US citizens.

According to the report, the NSA was limited to collecting information about cyberattacks thought to have originated from a foreign power. Because it's so hard to attribute these attacks, however, that restriction was loosened in 2012.

The report's authors explain why this is so troublesome:

It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion — a foreign government or a criminal gang — and the NSA is supposed to focus on foreign intelligence, not law enforcement.

The government can also gather significant volumes of Americans’ information — anything from private emails to trade secrets and business dealings — through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it. This is where the FBI comes in:

Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments.

To carry out the orders, the FBI negotiated in 2012 to use the NSA’s system for monitoring Internet traffic crossing 'chokepoints operated by U.S. providers through which international communications enter and leave the United States,”'according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau’s “cyberdata repository” in Quantico, Virginia. All of which means the NSA was gathering information about hackers without regard for the hackers' location, the amount of data that would be gathered about American citizens, or the traditional line between espionage and justice.

That this information -- which was ostensibly never supposed to be collected -- could then be used in criminal cases is particularly outrageous. It also shows that NSA surveillance isn't victimless; it could have dangerous ramifications.

Yet the government wants to expand its ability to respond to cyberattacks. NSA programs already have troublesome implications for American citizens, yet still it doesn't have enough power? At least so far as cyberattacks are concerned?

Unlikely. And if this report shows anything, it's that the more secret power the NSA accrues without public debate, the more information is collected about Americans -- whether that collection is intentional or not.

[illustration by Brad Jonas]