Under a secret agreement with the UK government, the NSA analyses and stores phone numbers, email addresses and internet activities of innocent UK citizens.
According to documents leaked by former NSA contractor and whistleblower Edward Snowden, a deal was struck between the US and UK governments in 2007, allowing personal information to be swept up and stored by the NSA. Prior to this agreement, UK data was off limits to US spy agencies.
After the rules changed in 2007, the US was allowed to keep UK records for the purpose of "contact chaining" or looking for connections between phone and fax numbers, and IP and email addresses.
The leaked documents were published by the Guardian and Channel 4 News, and claim data captured by the NSA is stored in databases where it can be made available to other members of the US intelligence and military community.
Called a "Five-Eyes" intelligence-sharing alliance, the partnership also includes Australia, New Zealand and Canada.
Although the data could be used to look for links between citizens' email addresses, phone numbers and computer IP addresses, it is not collected because the NSA believes its UK targets are a specific threat.
Instead, the data is "incidentally collected," according to the documents, meaning the individuals monitored are not NSA targets and therefore not suspected of any wrongdoing.
Despite this, their information is still stored by the agency.
Friends of friends of friends
The NSA is allowed to collect data three "hops" away from its initial target - meaning the friend of a friend of a friend of the target. Guardian analysis suggests three hops for a typical Facebook user could include more than five million people, who could all legitimately have their personal details swept up, analysed and stored by the NSA.
A separate memo, also leaked by Snowden and dating from 2005, two years before the UK-US deal was made, reveals a proposed NSA procedure for spying on UK citizens and those of other Five-Eyes nations (Canada, Australia and New Zealand).
According to the Guardian, the memo "makes it clear that partner countries must not be informed about this surveillance, or even the procedure."
The NSA is still forbidden from targeting UK citizens directly, but since 2007 has been authorised "to unmask UK contact identifiers resulting from incidental collection," and may retain this data.
A common understanding
A draft document dated from 2005 states the Five-Eyes agreement "has evolved to include a common understanding that both governments [UK and US] will not target each other's citizens/persons."
But the next sentence, which is classified by the US not to be shared with foreign governments, states that Five-Eyes partners "reserved the right" to conduct intelligence operations against each other's citizens "when it is in the best interests of each nation."
It continues to explain that, under certain circumstances, "it may be advisable and allowable to target second party persons and second party communications systems unilaterally, when it is in the best interests of the US and necessary for US national security."
GCHQ and the Cabinet Office have not commented on the revelation despite repeated requests by the newspaper since 7 November.