How many errors are too many?
In the opinion by the Foreign Intelligence Surveillance Court denouncing the practice, the judge wrote that the NSA had advised the court that “the volume and nature of the information it had been collecting is fundamentally different than what the court had been led to believe,” and went on to say the court must consider “whether targeting and minimization procedures comport with the 4th Amendment.”
For instance, two senior intelligence officials said, when an American logged into an email server and looked at the emails in his or her inbox, that screen shot of the emails could be collected, together with Internet transactions by a terrorist suspect being targeted by the NSA – because that suspect’s communications were being sent on the same fiber optic cable by the same Internet provider, in a bundled packet of data.
These interceptions of innocent Americans’ communications were happening when the NSA accessed Internet information “upstream,” meaning off of fiber optic cables or other channels where Internet traffic traverses the U.S. telecommunications system…
Under court order, the NSA resolved the problem by creating new ways to detect when emails by people within the U.S. were being intercepted, and separated those batches of communications. It also developed new ways to limit how that data could be accessed or used. The agency also agreed to only keep these bundled communications for possible later analysis for a 2-year period, instead of the usual 5-year retention period.
Actually, this isn’t a follow-up to the WaPo story, it’s an elaboration of it. Bart Gellman, the WaPo author, flagged this incident as “one of the most serious violations” of NSA privacy protocols that he was aware of. According to an internal newsletter that Gellman saw, NSA initially argued to the FISA Court that it couldn’t feasibly filter out Americans’ e-mails from foreign ones via the upstream method of collection. Collecting the latter necessarily meant incidental collection of some of the former. Too bad, said the court; it’s still a Fourth Amendment violation. Whereupon, per this new AP story, the NSA went on to figure out how to separate the e-mails after all. Allegedly. With the NSA, you never can tell exactly what’s happening.
How did the FISA Court know the NSA was doing this, though? Because — the NSA, in policing itself for infringements on Americans’ privacy, told them. Benjamin Wittes flagged that, plus the fact that we’re talking about an error rate of several thousand violations “among the billions and billions of communications the NSA interacts with every year,” as proof that WaPo’s bombshell about an NSA seemingly gone rogue was overhyped. Here’s how Wittes thinks the feds should have responded to the story:
Shameful as it is that these documents were leaked, they actually should give the public great confidence both in NSA’s internal oversight mechanisms and in the executive and judicial oversight mechanisms outside the agency. They show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a low rate of the sort of errors any complex system of technical collection will inevitably yield. They show robust compliance procedures on the part of the NSA. And they show an earnest, ongoing dialog with the FISA Court over the parameters of the agency’s legal authority and a commitment both to keeping the court informed of activities and to complying with its judgments on their legality. While it took a criminal act to make this record public, we are deeply proud of this record and make no apologies for it.
Or, as Marc Ambinder put it:
I'm waiting to read the docs to figure out more, but the Twitter conversation seems to be: OMG Smoking Gun! vs. Yes. Guns produce smoke.
— Marc Ambinder (@marcambinder) August 21, 2013
The fact remains, though, that the primary governmental check on the NSA is … the NSA. The upstream problem was solved only because the agency volunteered the information to the FISA Court. Is there another federal arm that operates that way? Which reminds me: Read this fascinating Miami Herald story from yesterday about criminal defense lawyers suing the NSA to access digital communications that might prove their clients’ innocence. The inculpatory potential of the NSA’s database is obvious, but there’s exculpatory potential too: If the NSA has records proving that a defendant was using his cellphone in California at a moment when a murder for which he’s being tried was being committed in New York, then obviously cops have the wrong man. And the government, under Brady v. Maryland, has a constitutional duty of due process to turn over exculpatory evidence in its possession to the defense. Except, I guess, for the NSA — because they’re a government within a government, acting mostly independently of standard legal principles, a court presumably will find that defendants have no legal right to access their database even if it risks a wrongful conviction. How do you solve that problem of near-total independence?