The change was noted in a 2011 memo leaked by NSA whistleblower Edward Snowden, which also enumerated the restrictions that did stay in place and new ones that were added.
For example, analysts could perform the tracing of American contacts only if they were able to cite a foreign intelligence basis (terrorism, spying of foreign politicians, weapons proliferation, etc.) for such a probe.
They were also urged to follow established “minimization rules”, i.e. they were not allowed to share the data thusly collected with other federal agencies except when it indicated that a crime was or was to be committed or when their input was necessary to make sense of the information they collected and analyzed.
These new instructions concerned just the phone and email metadata. If they believed that the information they gleaned pointed towards something shady going on, the NSA still had to as the intelligence court to give permission for wiretapping the American citizen of interest.
Nevertheless, what should grate Americans the most about this latest revelation is that the decision to let analysts continue with their work even if the call or email "chaining" process lead to a US citizen was made in secret - "without review by the nation’s intelligence court or any public debate."
The policy change was justified by a 1979 Supreme Court ruling that said Americans could have no expectation of privacy about what numbers they had called.
"Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ 'metadata,' which includes the timing, location and other details of calls and e-mails, but not their content," say NYT reporters. "The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court."
The new policy was authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey in 2008, but it was only after a pilot project successfully performed this "social network graphing" that the policy was finally implemented.
The leaked documents don't mention - and the NSA refused to tell - which phone and e-mail databases are used to graph these social connections. But the documents share the name of one of the main tools that aggregates the collected information and allows analysts to work with it.
It's called Mainway, and according to the report, it is fed daily with huge swaths of data coming from sources such as "the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked."
"NSA analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say. Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter," the reporters point out the problem.
It is unknown how many Americans' lives and actions have been surreptitiously been scrutinized with the help of this policy.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.