Leaked NSA Audit Found Agency Broke Privacy Rules 'Thousands' of Times
According to two major scoops by the Washington Post, the NSA's own audit found thousands of instances in which the agency broke existing privacy laws, while the man in charge of the secretive FISC court in charge of policing American spying programs admits that their ability to actually do so is limited.
According to two major scoops by the Washington Post, the NSA's own audit found thousands of instances in which the agency broke existing privacy laws, while the man in charge of the secretive FISC court in charge of policing American spying programs admits that their ability to actually do so is limited. The stories address the legality of the surveillance and data collection programs we're learning more and more about thanks to the leaks by whistleblower Edward Snowden, who was also the source for the internal audit cited in their report. "Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States," the Post's Barton Gellman writes.
That's going to make the following quote from President Obama, from his Friday news conference, read kind of awkwardly (emphasis ours):
And if you look at the reports -- even the disclosures that Mr. Snowden has put forward -- all the stories that have been written, what you’re not reading about is the government actually abusing these programs and listening in on people’s phone calls or inappropriately reading people’s emails. What you're hearing about is the prospect that these could be abused. Now, part of the reason they’re not abused is because these checks are in place, and those abuses would be against the law and would be against the orders of the FISC.
The audit, dated in May 2012 and spanning the period of about one year, found 2,776 cases of "unauthorized collection, storage, access to or distribution of legally protected communications," most of which were unintentional. The audit only includes incidences from the NSA headquarters at Fort Meade, and other facilities around Washington.
The instances of broken privacy laws include the NSA's failure to report an "unintentional" surveillance of a "large number" of calls when a programming area resulted in the agency zeroing in on the D.C. area 202 area code, instead of on the intended target in Egypt (international country code 20). They also include improper access to information on about 3,000 Americans and green card holders, and a violation of a court order. Foreshadowing the Post's story on the FISC response to the NSA's own audit, the Post explains that the agency has gone ahead with new programs without running them by the court first:
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
But this isn't the first we've seen of references to the NSA overstepping its own confines of oversight. A series of incidences in 2009 (see the bottom of page four), according to documents recently declassified by the Director of National Intelligence led to an increase in oversight. The Post notes that the 2009 events led to a "dramatic" increase in staff working on NSA compliance. But according to the audit, those incidences increased in rate between 2011 and 2012. So what's going on? In a statement to the post, the current FISC chief U.S. District Judge Reggie Walton, said the following:
“The FISC is forced to rely upon the accuracy of the information that is provided to the Court. The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.”
There's also a document, published by the Post, that seems to show NSA analysts how to avoid giving away too much information to their "overseers."
The twin reports come just about a week after President Obama announced that he would tweak the NSA's surveillance programs in the wake of increasing public criticism of the government's data collection policies. While some are downplaying the Post's report:
These are management errors, not the stuff of a police state. Perspective, please— davidfrum (@davidfrum) August 16, 2013
The paper did grab an interesting reaction from Dianne Feinstein, one of the biggest defenders of the NSA programs in the wake of Snowden's leaks:
Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”
If you're wondering what the NSA had to say about the latest leaks, the Post has helpfully published all of their statements about the story. That includes a note indicating that NSA director of compliance John DeLong gave a 90-minute interview to the Post, only to have the White House take the entire thing off the record after the fact.