There have been twelve known instances of NSA employees peering in on their loved ones, and other "intentional" abuses of the agency's surveillance, tools since 2003, according to a letter from the NSA's Inspector General released today in response to a question from Senator Chuck Grassley. The existence of smitten snoopers is already known and nicknamed as LOVINIT, but the letter spells out the details of each encounter, which range from spying on husbands to inappropriately querying on people in the U.S. related to an actual intelligence target (but most of the cases, it turns out, have a lot to do with love).
These violations were referred to by NSA Director Gen. Keith Alexander in his Senate testimony on Thursday, where he argued that the relatively small number of violations discovered and investigated is a plus for the agency, against media criticism of the NSA's work since Edward Snowden began telling everyone about it:
"The press claims evidence of thousands of privacy violations. This is false and misleading. According to NSA's independent Inspector General there have been only 12 substantiated cases of willful violations over 10 years, essentially one per year. "
However, as we pointed out earlier today, the more accurate figure was only revealed after Snowden's leaks on the agency. And it doesn't take into account any similar incidents where the offender got away with it. Previously, the NSA has refused to admit to any "willful" violations of surveillance regulations. According to the letter, all but three of the offenders were civilians, and most happened overseas. As had been previously reported, most of the incidents weren't even discovered until the employee admitted it years later. Most of the offenders — seven of 12 — resigned as a result of their abuse of the system, usually before the NSA could follow through with disciplinary action.
So, here are those twelve incidents, according to the letter, which you can read in full here (via NBC):
1. In 2011, an employee facing a polygraph test confessed to performing a SIGNIT query "out of curiosity" on the home phone number of his girlfriend, who was a foreign national. He was able to view metadata from the query. The employee wasn't disciplined, and retired in 2012.
2. Another employee confession before a polygraph test: this time, in 2005, the employee admitted that he had a SIGNIT collection run for a month in 2003 on his girlfriend's number in order to figure out whether she was up to anything that "might get [him] in trouble." His violation was referred upwards, but he also retired before disciplinary action was taken.
3. In 2004, and employee collected voice recording of her husband on a foreign telephone number that was unfamiliar to her in her husband's phone, because she suspected he was being unfaithful. She resigned before she was disciplined — though the letter notes that the recommended disciplinary action was to fire her.
4. Between the years 1998 and 2003, one employee of the agency listened to the calls of nine female foreign nationals. That collection resulted in the collection of voice data on two U.S. citizens. It was discovered when a foreign national employed by the U.S. and "having sexual relations" with the employee in question suspected something was up, and told another employee of the agency that she thought the employee in question was listening to her phone calls. He resigned before he was disciplined, while suspended without pay.
5. Another employee targeting female foreign nationals. This time, it was between the years 2001 and 2003, and the employee resigned before being disciplined.
6. An employee, under a polygraph test, admitted to accessing communications of two foreign nationals without authorization in an investigation completed in 2006. He was suspended without pay for 10 days, and prohibited from getting promotions or other awards and pay increases, for a year.
7. In 2011, a female employee assigned and then reviewed data collection on her boyfriend's telephone number. She also routinely ran foreign numbers she collected from social situations through the system to make sure her new acquaintances weren't "shady." She resigned before being disciplined.
8. On his first day with access to SIGNIT in 2005, a military employee ran six email addresses of his former girlfriend through the system, just to "practice" using it. In the investigation, he testified that he hadn't read the content of those queries. He received a demotion in rank, and in pay, and was denied a security clearance because of the incident.
9. In addition to querying his own name, this employee repeatedly ran his girlfriend's number through the system in 2006, along with her name. He also queried another number without authorization two times. It was recommended that he be fired, but he resigned before that happened.
10. In 2008, an employee looked up information on two relatives of a "valid intelligence target," who where in the U.S. The employee received a written reprimand.
11. A military member of a tactical intelligence unit used the SIGNIT system to query the communications of his wife in 2009. She, also in the military, was stationed abroad. The abuse was discovered in an audit. Eventually, the matter was referred to the DOJ in 2009, after the person in question suffered a rank reduction, pay reduction, and revocation of access to classified information.
12. A military member repeatedly queried foreign telephone numbers, apparently in order to learn foreign languages. The abuse was discovered in an audit and he was barred from accessing classified information.
According to the Inspector General, the agency has two investigations along these lines currently open, with one more being reviewed.