NSA director Keith Alexander and James Clapper, U.S. Director of National Intelligence, both maintain that the spy agency's sole focus is on detecting and deterring national security threats. The program is not designed to snoop on innocent Americans, they say.
In a keynote address at the Black Hat security conference in July, Alexander insisted that the agency does not routinely listen in on phone calls, monitor email content or collect personal data of U.S. or foreign citizens.
Alexander said only 22 NSA officials can authorize such searches and only 35 of several thousand NSA analysts can run queries on collected data. Each query must be related to an anti-terror investigation and is fully auditable, he said.
However, such claims cannot be verified. The NSA, and other government officials, claiming national security grounds, have to date stymied attempts to obtain such details about ongoing spy programs.
Meanwhile, NSA Inspector General George Ellard earlier this year said he found at least 12 substantiated instances where NSA analysts misused data access privileges to spy on spouses, boyfriends and girlfriends. The IG's report also cited multiple violations of rules in place for handling collected data.
Though the report cited relatively few instances, and none especially serious, it does suggest that the NSA doesn't oversee the activities as closely as its leaders claim.
There's also little disclosure on how data collected by the NSA is used by other federal agencies, such as the FBI and the U.S. Department of Homeland Security.
The McClatchy newspaper company's Washington bureau reported this week that data collected by the DHS' Customs and Border Protection agency in connection with a probe of two individuals allegedly teaching others how to beat lie detector tests was shared with nearly 30 federal agencies.
The report said that some 4,900 people in the Internal Revenue Service, the NSA, the CIA, DHS and other agencies accessed the data, which included names, Social Security Numbers, addresses and professions.
Officials from multiple agencies confirmed receiving the list to determine whether any employee had obtained the documents before taking a lie detector test. Many agencies planned to retain the list for future use, the McClatchy report said.
Controlling how NSA-collected data is used should be the most important objective of lawmakers, said Fred Cate, professor of law at the Indiana University Maurer School of Law. Cate filed filed an amicus brief in support of the EPIC Supreme Court petition.
"There will almost always be a legitimate reason to collect sensitive data," said Cate. "The challenge is to ensure that data collected for one purpose is not used for other purposes."
The Supreme Court has repeatedly ruled that the Fourth Amendment applies only to collection of data, not its use, Cate noted. The high court has ruled that "even information that illegally seized by the government can be used for other purposes."
Sign up for CIO Asia eNewsletters.