The Washington Post today published several big scoops related to the National Security Agency's surveillance programs. The paper's investigations were triggered by documents leaked to them "earlier this summer" by former NSA contractor Edward Snowden. He has sought political asylum from a number of nations, and is currently in Moscow. The U.S. wants to charge him with espionage for his revelations.
Barton Gellman writes about an internal NSA audit document which shows that since Congress granted the agency broad new powers in 2008, it has broken privacy rules thousands of times per year--and sometimes because of typos.
That time the NSA misread area code 202 as country code 20 & grabbed all the calls from Washington instead of Egypt. http://t.co/ixFqsiM7xB— Barton Gellman (@bartongellman) August 16, 2013
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff."The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance," writes Gellman.
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
One curious side note: the timing of the story's publication. Did President Obama know about the story when he made remarks about the NSA last week which amounted to, "nothing to see here, move along"?
Here are NSA's comments to the Post on the article, after its publication.
A companion report by Carol Leonnig, also released late today by the Post, reveals that the head of the secret FISA court tasked with overseeing the government’s vast spying programs "said that its ability do so is limited and that it must trust the government to report when it improperly spies on Americans."
The chief judge of the Foreign Intelligence Surveillance Court said the court lacks the tools to independently verify how often the government’s surveillance breaks the court's rules that aim to protect Americans’ privacy. Without taking drastic steps, it also cannot check the veracity of the government’s assertions that the violations its staff members report are unintentional mistakes.Read: "Court: Ability to police U.S. spying program limited."
Separately, the Washington Post has published the actual Q1 2012 audit document leaked to the paper by Snowden. "Names redacted by The Post."
The report covers the period from January through March 2012 and includes comparative data for the full preceding year. Its author is director of oversight and compliance for the NSA’s Signals Intelligence Directorate, but the scope of the report is narrower. Incidents are counted only if they took place within “NSA-Washington,” a term encompassing the Ft. Meade headquarters and nearby facilities. The NSA declined to provide comparable figures for its operations as a whole. A senior intelligence official said only that if all offices and directorates were included, the number of violations would “not double.”Read: "NSA report on privacy violations in the first quarter of 2012."
Here's one interesting subsection: "What to say, and not to say, to 'our overseers'."
Two thoughts on their publication of the NSA's audit file: Will the government now go after the Washington Post, as it is against Snowden, on espionage charges? And, if this is any indication of the sort of journalism we can expect from the Post under new owner Jeff Bezos, it's a good sign.
Below, a (lawful, non-secret) collection of responses to the story, via Twitter.
One key to the WashPost story: the reports are internal, NSA audits, which means high likelihood of both under-counting & white-washing— Glenn Greenwald (@ggreenwald) August 16, 2013
The big flaw in otherwise superb Washington Post surveillance story tonite is the unnecessary grant of anonymity to govt apparatchik— Dan Gillmor (@dangillmor) August 16, 2013
Target name: Muhammad Fake Name. http://t.co/E93cUUziTB Page 3. Mr. Fake Name is 2nd Secretary at Iraqi Embassy in Riyadh.— Ryan Singel (@rsingel) August 16, 2013
Only DC/Ft. Meade nos: "the number would be substantially higher if it included other NSA operating units and regional collection centers."— Kurt Opsahl (@kurtopsahl) August 16, 2013
Shorter NSA: Since we only commit violations on a small percentage of the half of all comms in the world we collect, it's no big deal.— emptywheel (@emptywheel) August 16, 2013
So the FISA court isn't a rubber stamp, they're just totally incapable of overseeing the NSA & has to trust the gov. http://t.co/BpXOhnogGh— Christopher Soghoian (@csoghoian) August 16, 2013
'One team used DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar."'— Kate Crawford (@katecrawford) August 16, 2013
Guys, out of ten amendments, the NSA is violating one of two at most. That's, like, a B on civil liberties.— Conor Friedersdorf (@conor64) August 16, 2013
So the NSA 'accidentally' wiretapped the DC area code in an election year when illegal NSA surveillance was anissue. http://t.co/0PyiCE0BNm— Matt Stoller (@matthewstoller) August 16, 2013
This WaPo story is the most stunning thing I have yet read about illegal NSA conduct and the liars who defend it. http://t.co/Ja0cs0mpeT— jennifer granick (@granick) August 16, 2013
WH & NSA spox sent WaPo a prepared statement under NSA official's name & asked ppr to use it in place of his quotes http://t.co/vyHjEhY8GA— Jason Leopold (@JasonLeopold) August 16, 2013
"In one of the docs, agency personnel are instructed to remove details and substitute more generic language in reports to the DOJ/DNI."— Michelle Richardson (@Richardson_Mich) August 16, 2013
If a business acted the way the NSA has, we'd seize its bank accounts, raid its offices, jail its administrators, and levy RICO charges.— Popehat (@Popehat) August 16, 2013
A new one for the NSA's bizarro dictionary: the agency’s internal definition of “data” does not cover “metadata” http://t.co/NsuLTEBKd8— Trevor Timm (@trevortimm) August 16, 2013
This NSA official told us he could be quoted here, then the White House asked us to edit his quotes. We declined. http://t.co/hIsvbd3R4W— Washington Post (@washingtonpost) August 16, 2013
Yes, NSA apologists, it's true: they're not as bad as the Gestapo or the Stasi. That's relevant how? Is that really your bar for reform?— Conor Friedersdorf (@conor64) August 16, 2013
Obama said the NSA wasn’t “actually abusing” its powers. He was wrong. http://t.co/eNg97Ar9CJ— Ezra Klein (@ezraklein) August 16, 2013
"Target Name: Muhammad Fake Name" Seriously?— Amie Stepanovich (@astepanovich) August 16, 2013
When courts & Congress fail, oversight comes from brave whistleblowers & a free press. This is a constitutional moment. Exciting, historic.— Ben Wizner (@benwizner) August 16, 2013
"NSA, like other regulated organizations, also has a 'hotline' for people to report [misuse]." Wait. Like a phone number? That's...meta.— Kate Crawford (@katecrawford) August 16, 2013
The same government that can mass spy on citizens with secret trials in a secret court can't bring banks to justice. #LOL— umair haque (@umairh) August 16, 2013
Remember when fmr NSA Director Hayden said: we collect what law allows, "not one photon more"? http://t.co/SS0ZGGO6Xv— Alex Abdo (@AlexanderAbdo) August 16, 2013
I figured out a great way to cut down on NSA abuse. Only intercept data of people who are terrorism suspects, rather than of everyone.— Micah Lee (@micahflee) August 16, 2013
Imagine NSA logic in ordinary trials. "When you consider how many people I meet each day, I mugged a very small percentage…"— Julian Sanchez (@normative) August 16, 2013
Fat-fingering; unauthorized access; illegal retention; an inability to correct mistakes. Just a few of the sins cataloged in these NSA docs.— Noah Shachtman (@NoahShachtman) August 16, 2013