The NSA says it doesn't target American citizens when searching through its vast quantities of data looking for threats, but that doesn't mean they won't look through your email. The New York Times has the latest revelation in the never-ending flood of leaks about how the NSA conducts its business, and the newest one suggest that thousands and thousands of emails, including those sent and received by American citizens, are being combed over by intelligence agents without a warrant.
The description of the program is a little confusing, but (we think) it works like this: Say the NSA the wants to find out information about a particular individual or "target." Since the NSA is already authorized to intercept any electronic communication that crosses U.S. borders, their servers are already soaking up this data on an ongoing basis. (And that probably doesn't even include the "massive amounts" of data that countries like Germany give to the NSA everyday.)
To find out more about the target, the NSA copies a large selection of the data and runs a keyword search for something very specific, like a name or an email address or a phone number. In "a small number of seconds," the program then take any communication that matches that search and sets it aside for actual humans to look at later. The rest is deleted.
Again, because all the communication is international in nature and the "target" of the search is not an American citizen, the NSA doesn't need a warrant to collect it. But much of that data still comes to or from American citizens (communicating with someone outside the country), the emails of Americans citizens often become part of the search. You don't even have to be in direct communication with the "target." All you have to do is mention it, and you're now part of the sweep.
We're not the only one confused about the program, mostly because of the semantics involved in the rules behind, specifically the definition of word like "target" and "collection." Intelligence officials routinely insist that American citizens are not surveilled by the NSA without the appropriate warrants, but there's no question that Americans do get caught up in these cross-border data sweeps. And even if the American citizen doesn't start as the focus of the investigation, they might become the "target" if they're talking to foreign suspects. Either the way, there's a chance someone you don't suspect is reading your emails.
The officials also say they aren't "collecting" the information, since most of it gets deleted (eventually) and you have to know what you're looking for before you start the search. One anonymous source put it to the Times this way: "‘Bulk collection’ is when we collect and retain for some period of time that lets us do retrospective analysis. In this case, we do not do that, so we do not consider this ‘bulk collection.’" So the data may not be sitting there waiting for someone to sift through it randomly, but it does exist and the NSA can find it they want it, and it's all done in secret so you'd never even know it if they did anyway. So what are you worried about?