Internal audit shows NSA often breaks privacy rules, made thousands of violations a year

The Washington Post today published several big scoops related to the National Security Agency's surveillance programs. The paper's investigations were triggered by documents leaked to them "earlier this summer" by former NSA contractor Edward Snowden. He has sought political asylum from a number of nations, and is currently in Moscow. The U.S. wants to charge him with espionage for his revelations.

Barton Gellman writes about an internal NSA audit document which shows that since Congress granted the agency broad new powers in 2008, it has broken privacy rules thousands of times per year--and sometimes because of typos.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.

"The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance," writes Gellman.

One curious side note: the timing of the story's publication. Did President Obama know about the story when he made remarks about the NSA last week which amounted to, "nothing to see here, move along"?

Here are NSA's comments to the Post on the article, after its publication.

A companion report by Carol Leonnig, also released late today by the Post, reveals that the head of the secret FISA court tasked with overseeing the government’s vast spying programs "said that its ability do so is limited and that it must trust the government to report when it improperly spies on Americans."

The chief judge of the Foreign Intelligence Surveillance Court said the court lacks the tools to independently verify how often the government’s surveillance breaks the court's rules that aim to protect Americans’ privacy. Without taking drastic steps, it also cannot check the veracity of the government’s assertions that the violations its staff members report are unintentional mistakes.
Read: "Court: Ability to police U.S. spying program limited."

Separately, the Washington Post has published the actual Q1 2012 audit document leaked to the paper by Snowden. "Names redacted by The Post."

The report covers the period from January through March 2012 and includes comparative data for the full preceding year. Its author is director of oversight and compliance for the NSA’s Signals Intelligence Directorate, but the scope of the report is narrower. Incidents are counted only if they took place within “NSA-Washington,” a term encompassing the Ft. Meade headquarters and nearby facilities. The NSA declined to provide comparable figures for its operations as a whole. A senior intelligence official said only that if all offices and directorates were included, the number of violations would “not double.”
Read: "NSA report on privacy violations in the first quarter of 2012."

Here's one interesting subsection: "What to say, and not to say, to 'our overseers'."

Two thoughts on their publication of the NSA's audit file: Will the government now go after the Washington Post, as it is against Snowden, on espionage charges? And, if this is any indication of the sort of journalism we can expect from the Post under new owner Jeff Bezos, it's a good sign.

Below, a (lawful, non-secret) collection of responses to the story, via Twitter.


Notable Replies

  1. So every single pusillanimous quisling who got up and told us that (while definitely big and impressive) the NSA's little operation was 100% abuse-free (which is to say, virtually everybody ostensibly watching the watchers) was either pitifully underequipped to serve as oversight(but unwilling to admit that) or lying through their teeth, or both.

    Well. Fuck.

  2. "Zero abuses of NSA PRISM, and that's no bullshit" -Keith "Lying M'fer" Alexander

  3. bzishi says:

    This is irrelevant. The discussion isn't over whether the NSA protects US citizens' privacy good enough, but over whether they have the right to run a surveillance dragnet of such magnitude and intrusiveness. The fundamental argument of the NSA supporters is that the surveillance isn't a problem if they do it good enough. If we acknowledge that they aren't doing it good enough, then we have accepted their argument. All they would have to respond is: "we'll fix it and add more safeguards". This is a bait and switch. They are trying for force us into an ends justifies the means argument. But the real argument is over principles and the Constitution, not over how little collateral damage was caused. The argument of opposers must always be about the 4th Amendment. Always.

  4. Ah, but the NSA has a different definition of 'zero' 'abuse' 'of' 'NSA' 'Prism', 'comma' 'and' 'that's' 'no' 'bullshit'.

  5. Exactly. Next up, they will concede that one FISA court is insufficient, so Congress will create another secret arm to watch FISA, which will mean that they've successfully baited and switched us again into agreeing to the general principle of secret courts. When, in fact, there should be NO secret courts deciding constitutionality, and no secret arms overseeing them, and no secret massive dragnet surveillance programs, period. As they say in the Cloud Atlas, "I will not be subjected to criminal abuse."

Continue the discussion bbs.boingboing.net

9 more replies

Participants