Privacy breeches are rare and unintentional, the National Security Agency told reporters, responding to The Washington Post’s story detailing thousands of times in which the NSA overstepped its bounds in data collection.
“We generate a lot of reports every time we make a mistake,” NSA Director of Compliance John DeLong told reporters on a conference call Friday afternoon. “If we generated the same number of reports every time we did something right, it would go, maybe, to the moon and back.
“Per month, we do about 20 million queries. So if you take that number and make that the denominator,” DeLong said, “you get to essentially a .005 error rate. We’re talking parts per million.”
New revelations from leaker Edward Snowden that the National Security Agency has overstepped its authority thousands of times since 2008 are stirring renewed calls on Capitol Hill for serious changes to NSA spy programs, undermining White House hopes that President Barack Obama had quieted the controversy with his assurances of oversight…
Obama has repeatedly said that Congress was thoroughly briefed on the programs revealed by Snowden in June, but some senior lawmakers said they had been unaware of the NSA audit until they read the news on Friday. The programs described earlier vacuum up vast amounts of metadata — such as telephone numbers called and called from, the time and duration of calls — from most Americans’ phone records, and scoop up global Internet usage data.
White House deputy press secretary Josh Earnest said Friday that the NSA documents showed that NSA’s Compliance Office established in 2009 “is monitoring, detecting, addressing and reporting compliance incidents,” and that “the majority of the compliance incidents are unintentional.” In a statement from the Massachusetts island of Martha’s Vineyard, where the president is vacationing, he added that the administration is “keeping the Congress appropriately informed of compliance issues as they arise.”…
House Democratic leader Nancy Pelosi, who generally supports the programs, said in a statement Friday that the new revelations “are extremely disturbing.”
The leader of the secret court that is supposed to provide critical oversight of the government’s vast spying programs said that its ability to do so is limited and that it must trust the government to report when it improperly spies on Americans.
The chief judge of the Foreign Intelligence Surveillance Court said the court lacks the tools to independently verify how often the government’s surveillance breaks the court’s rules that aim to protect Americans’ privacy. Without taking drastic steps, it also cannot check the veracity of the government’s assertions that the violations its staff members report are unintentional mistakes.
“The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, U.S. District Judge Reggie B. Walton, said in a written statement to The Washington Post. “The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.”
Speaking before a room of hackers and security professionals at a Black Hat in Las Vegas this summer, NSA Director Keith B. Alexander denied that there were any problems with the NSA snooping programs and cited oversight by the Senate Select Committee on Intelligence to verify that point:
“Congress did a review of this program over a four-year period, the Senate Select Committee on Intelligence. And over that four-year period, they found no willful or knowledgeable violations of the law or the intent of the law in this program.
“More specifically, they found no one at NSA had ever gone outside the boundaries of what we’ve been given. That’s the fact. What you’re hearing, what you’re seeing, what people are saying is, well, they could. The fact is they don’t. And if they did, our auditing tools would detect them, and they would be held accountable.”
Our colleague Barton Gellman’s reporting revealed that in October 2011 the Foreign Intelligence Surveillance Act (FISA) Court ruled an NSA process collecting data from fiber optic cables was “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion. It ordered the NSA to comply with standard privacy protections or stop the program. This appears to directly contradict Alexander’s claim that “no one at NSA had ever gone outside the boundaries” of their authority.
Democratic Sens. Rob Wyden of Oregon and Mark Udall of Colorado, both members of the Intelligence Committee, said in a joint statement that there are more details to come:
“The executive branch has now confirmed that the rules, regulations and court-imposed standards for protecting the privacy of Americans have been violated thousands of times each year. We have previously said that the violations of these laws and rules were more serious than had been acknowledged, and we believe Americans should know that this confirmation is just the tip of a larger iceberg.
While Senate rules prohibit us from confirming or denying some of the details in today’s press reports, the American people have a right to know more details about the scope and severity of these violations, and we hope that the executive branch will take steps to publicly provide more information as part of the honest, public debate of surveillance authorities that the Administration has said it is interested in having.
In particular, we believe the public deserves to know more about the violations of the secret court orders that have authorized the bulk collection of Americans’ phone and email records under the USA PATRIOT Act. The public should also be told more about why the Foreign Intelligence Surveillance Court has said that the executive branch’s implementation of Section 702 of the Foreign Intelligence Surveillance Act has circumvented the spirit of the law, particularly since the executive branch has declined to address this concern.”
A lot of people are assuming this means the president was lying — that he’s known about the scale of the NSA’s privacy problems all along and was trying to mislead the public. But there’s another possibility that could be even more troubling: He might not have known about the extent of the NSA’s privacy problems until this week…
Transparency and rigorous oversight protect the public against malevolent presidents who compile enemies lists and spy on their political opponents. But almost as important, transparency also protects honest presidents against misbehaving subordinates. The knowledge that their work will be checked by judges and Congressional investigators gives government employees a strong incentive to follow the law. And the knowledge that their misconduct will eventually be discovered by other branches of the government make it less tempting for executive branch officials to hide misconduct from their superiors.
In other words, by signing off on the NSA’s extreme secrecy and resisting oversight from Congress and the courts, Obama was depriving himself of an essential managerial tool. He was reducing his own ability to monitor and deter misconduct by his subordinates. And so it’s possible that one of the people who was most surprised by this week’s disclosures was the president himself.
The Post … states that the NSA committed “serial telephonic data collection” that broke the law. One such case “involved the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy.” Those were kept, with each file containing “an undisclosed number of telephone call records.”
That this is the sort of revelation that Pelosi finds troubling is humorous, as she was the key voice in the House for keeping the NSA’s phone metadata program in place. The Amash amendment would have passed if she had not thrown her weight behind it. So her efforts to save a key piece of the NSA are circling back and troubling her.
In fact, I don’t think that the good Representative is troubled at all. I think that her statement is nothing more than padding for her left flank. By dressing down the NSA publicly, Rep. Pelosi can claim to be on the side of civil liberties. Yet she’s doing so while protecting those violate them.
If Rep. Pelosi is as disturbed as she now claims to be, let’s see what sort of legislation she moves forward to curtail the NSA’s programs that are breaking privacy laws daily.
There is a valuable, vital debate to be had over how much the federal government, in its intelligence programs, ought to be permitted to violate Americans’ privacy in an effort to protect Americans from a dangerous world that includes people who want to kill Americans. There are many different places where the important red lines can be drawn in this debate. It is a debate strewn with well-intentioned, conscientious people who would draw those lines at very different places. Let’s even be generous and stipulate that the question of whether the statutorily provided oversight of these programs is sufficient belongs, as well, to that debate.
The terrifying thing is that we are not having that debate. As these documents are the latest things to demonstrate, the various overseers as well as the public do not have access to the information that even the current rules assert they should have. That is how I can state with certainty that we are not having that vital debate: We do not have the means to have that debate with any kind of authority; therefore, no matter how much we discuss these issues, we are not having that debate.
A couple of months back, I quoted Tocqueville’s prescient words from almost two centuries ago: Although absolute monarchy theoretically “clothed kings with a power almost without limits,” in practice “the details of social life and of individual existence ordinarily escaped his control.” In other words, the king couldn’t do it even if he wanted to. What would happen, Tocqueville wondered, if administrative capability were to evolve to bring “the details of social life and of individual existence” within His Majesty’s oversight? That world is now upon us. Today, the king concedes he most certainly can do it, but assures us not to worry, he doesn’t really want to. “If you look at the reports,” said President Obama earlier this month, “even the disclosures that Mr. Snowden’s put forward, all the stories that have been written, what you’re not reading about is the government actually abusing these programs and, you know, listening in on people’s phone calls or inappropriately reading people’s e-mails. What you’re hearing about is the prospect that these could be abused.”
But that was a week ago. And the “prospect” is now a reality: “actual abuse” — including “listening in on people’s phone calls” and “inappropriately reading people’s e-mails” — occurs daily. In early 2012, “actual abuse” was occurring at the rate of ten “incidents” a day — and “incident” is a term of art that can cover hundreds of violations of thousands or even millions of citizens.
Privacy is dying in all technologically advanced nations, and it may simply be a glum fact of contemporary existence that the right to live an unmonitored life is now obsolete unless one wishes to relocate to upcountry villages in Somalia or Waziristan. Nevertheless, even by the standards of other Western nations, America’s loss of privacy is deeply disturbing. Its bureaucracy is bigger and better funded, and its response to revelations of its abuse of power is to make it bigger and better funded and more bureaucratic still. For example, after multiple significant violations of the law in 2009, the NSA’s “oversight staff” was quadrupled. Quadrupled! Just like that! And what was the result of putting four times as many salaried, benefited, pensionable, fully credentialed government-licensed “overseers” in place? The rate of NSA violations increased dramatically through 2011. Who would have thought it? In the first quarter of 2012 the NSA’s executive-order violations were running at almost twice the rate of what they were in the second quarter of 2011. Maybe if they’d octupled the number of “oversight staff,” all these overseers would have been able to keep pace with the rampaging lawlessness.
We should be careful not to put the NSA in an impossible position. Of course, we should be vigilant against the administrative state in all of its tangled tendrils, especially its collection of taxes (the IRS scandal) and enforcement of the laws (Obama’s refusal to enforce Obamacare and immigration law). The problem here, however, is that we are placing these kinds of domestic law-enforcement standards on a foreign intelligence function. With domestic law enforcement, we want the Justice Department to monitor one identified target (identified because other evidence gives probable cause that he or she has already committed a crime) and to carefully minimize any surveillance so as not to intrude on privacy interests.
Once we impose those standards on the military and intelligence agencies, however, we are either guaranteeing failure or we must accept a certain level of error. If the military and intelligence agencies had to follow law-enforcement standards, their mission would fail because they would not give us any improvement over what the FBI could achieve anyway. If the intelligence community is to detect future terrorist attacks through analyzing electronic communications, we are asking them to search through a vast sea of e-mails and phone-call patterns to find those few which, on the surface, look innocent but are actually covert terrorist messages. If we give them broader authority, we would have to accept a level of error that is inherent in any human activity. No intelligence agency could perform its mission of protecting the nation’s security without making a few of these kinds of mistakes. The question is whether there are too many, not whether there will be any at all…
[T]o end the program because it does not have an error rate of zero is to impose a demand on the NSA that no other government program, foreign or domestic, military or civilian, could survive.