The NSA violated the privacy rules that govern its massive collection of Americans’ phone call records, delving into them repeatedly for three years without required legal justification, according to documents released today as a result of a privacy advocacy group’s lawsuit. The violations took place from 2006-2009 and the NSA apparently misled the FISA court about the extent of their spying over that time. The most unsettling part? I’ll let this quote speak for itself:
Officials said the violations were inadvertent, because NSA officials didn’t understand their own phone-records collection program. Gen. Keith Alexander, the head of the NSA, told the judge in a 2009 legal declaration that “from a technical standpoint, there was no single person who had a complete technical understanding of the [business record] system architecture.”
Supporters of NSA programs have often defended them by emphasizing that mistakes are rare, inadvertent, or both. It doesn’t mitigate my violation of privacy much, in my estimation, if the violation is inadvertent, but let’s say I bought that argument. What to make of this? The revelation that there are inadvertent violations because there’s literally no one who understands the program well enough to prevent violations is not comforting. Perhaps supporters of the NSA will argue that knowledge of the entire system is not centralized in any one person’s head as a security measure, but then you’d have to explain how the lowly Edward Snowden knew so much while a complete understanding of the rules governing a treasure trove of Americans’ private phone call information was such a guarded secret.
And, let’s deal with whether violations were rare. Survey says:
The alert list grew from 3,980 in 2006 to 17,835 in 2009, one of the officials said. About 2,000 numbers on the list in 2009 met the necessary legal standard, the official said, meaning almost 16,000 didn’t. The alert list was shut down on Jan. 24, 2009, according to one of the declassified documents.
Roughly 11 percent of the alert list numbers being checked met the standard.
And, undermining claims of innocuous accidental spying, the NSA misled the FISA court about violations for years. At the very least, this is criminal negligence. Bloomberg again:
However, the NSA misled the court during those years by certifying that the necessary legal standard was being met for all numbers queried, the official said. Lawyers interacting with the court didn’t understand what was being done under the program, the official said.
It wasn’t the first time the NSA has acknowledged violations or that it misled the court.
The Wall Street Journal reported intelligence officials can’t remember anyone being fired over the abuses of the system. Sigh:
James Clapper, the director of national intelligence, said the NSA’s discovery of the problems with the phone-records program and its reporting to the court show that oversight of the NSA surveillance programs works as designed.
The documents released Tuesday “are a testament to the government’s strong commitment to detecting, correcting and reporting mistakes,” Mr. Clapper said in a statement. He blamed the errors on the “complexity of the technology.”
At issue was the NSA’s use of an “alert list” of numbers linked to terrorist suspects to see whether there had been any contact between those numbers and any numbers in the database, officials said. NSA was using that tool to see whether any numbers in the database should be followed up on for further analysis.
In fact, only numbers in which analysts could prove there was “reasonable articulable suspicion” of a link to foreign terrorists could be queried against the database, according to court-approved rules.
Walton said NSA’s explanation for its violation of the court order — that some NSA personnel thought the querying rules applied only to archived data — “strains credulity.” He also expressed consternation at NSA’s inaccurate description of the process it was using to query the database.
“The court finds that the government’s failure to ensure that responsible officials adequately understood the NSA’s alert list process, and to accurately report its implementation to the court, has prevented for more than two years both the government and the FISC from taking steps to remedy daily violations,” Walton wrote.
We’re well past the time when simply trusting these guys’ good intentions and competence to protect our data seems like a good idea. All the 1,800 declassified documents are here.
And, lest we blame Bush for all this, there’s this revelation.