http://www.theguardian.com/world/2013/sep/10/nsa-violated-court-rules-data-documents
NSA violations led judge to consider viability of surveillance program
Declassified
documents from 2009 suggest NSA officials gave misleading statements to
court and reveal judge placed a siginifcant restriction the bulk
records program
Spencer Ackerman in Washington
10 September 2013
A
judge on the secret surveillance court was so disturbed by the National
Security Agency's repeated violations of privacy restrictions that he
questioned the viability of its bulk collection of Americans' phone
records, according to newly declassified surveillance documents.
Judge
Reggie Walton, now the presiding judge on the Foreign Intelligence
Surveillance (Fisa) court, imposed a significant and previously
undisclosed restriction on the NSA's ability to access its bulk
databases of phone records after finding that the agency repeatedly
violated privacy protections.
The documents, mostly from 2009
and declassified Tuesday, describe what Walton said were "thousands" of
American phone numbers improperly accessed by government
counterterrorism analysts.
They also indicate that US
government officials, including NSA director Keith Alexander, gave
misleading statements to the court about how they carried out that
surveillance.
Despite repeated public assurances of NSA
competence, the agency told the Fisa court in 2009 that "from a
technical standpoint, there was no single person who had a complete
understanding" of its phone records "architecture".
All that
led to "daily violations" for more than two years of call records from
Americans "not the subject of any FBI investigation and whose call
detail information could not otherwise have been legally captured in
bulk," Walton wrote.
In 2009, Walton questioned whether the
program could be allowed to continue, asking if "the value of the
program to the nation's security justifies the continued collection and
retention of massive quantities of US person information".
He
considered the violations serious enough to order the authorities not to
"access the data collected until such a time as the government is able
to restore the court's confidence that the government can and will
comply with previously approved procedures for accessing such data."
An
internal government review launched in response to the order disclosed
that in 2006, the NSA discovered one of its partner agencies -- its name
is redacted -- improperly included credit card numbers in its databases.
Although
the government said the problem only recurred once in 2008, it warned
that "to destroy records in the [redacted] that contain credit card
numbers, NSA would have to destroy a swath of records in addition to
those few containing credit card numbers." It pledged that under a
future data-management program, "the fields containing credit card
information will not be included in the data transfer and will be
purged."
Another document shows that the Justice Department
told the court in January 2009 that the government had been querying the
phone records database in a manner "directly contrary" to a court order
and "directly contrary to the sworn attestations of several executive
branch officials".
The documents, posted on a Tumblr recently
established by the US intelligence agencies, [1] came after the American
Civil Liberties Union and the Electronic Frontier Foundation
successfully sued the FBI for more disclosure about the phone records
collection through the Freedom of Information Act. A federal court in
August ordered an initial round of disclosure to occur Tuesday. [2]
They
show that in February 2009, the government conceded that a declaration
to the court made by Alexander, the NSA director, was "inaccurate" in
relation to the standards for searching through phone numbers contained
in the agency's phone records databases. These were ostensibly
authorised under Section 215 of the Patriot Act, also known as the
business records provision.
The standard for searching through
the database is meant to be "reasonable articulable suspicion" of a
connection to terrorism. In fact, Alexander told the court, the NSA
"incorrectly described an intermediate step called the alert process
that NSA applied to the incoming stream of [bulk telephone] metadata".
Alexander
said that there was an additional safeguard in place to ensure analysts
did not improperly disseminate or analyse phone records data. But
Alexander said that the agency's failure to describe the alert process
accurately meant that Fisa judges were unable to determine whether the
NSA was correctly implementing the court's orders.
His 2009
concession appears to shed light on a declaration made by another Fisa
court judge in 2011, who stated that the "volume and nature of the
information [NSA] has been collecting is fundamentally different from
what the court had been led to believe."
In 2009, Walton wrote
that since the NSA had accessed phone records metadata in an
unauthorised manner "on a daily basis". The judge said that Alexander's
explanation of the NSA's "non-compliance with the court's orders," which
centered around an apparent misunderstanding by the NSA of what data
was governed by privacy protections, "strains credulity".
He
wrote: "Such an illogical interpretation of the court's orders renders
compliance with the RAS [reasonable articulable suspicion] standard
merely optional."
The NSA had told the court that "from a
technical standpoint, there was no single person who had a complete
understanding of the BR [Business Records] metadata architecture."
Walton
found that the government's "failure to ensure that responsible
officials adequately understood the NSA's alert process, and to
accurately report its implementation to the court, has prevented, for
more than two years, both the government and the [Fisa court] from
taking steps to remedy daily violations" of Americans' privacy.
In
fact, Walton, who lamented the court's inability to independently
assess the NSA's claims of compliance, appears in 2009 to have
considered ending the bulk phone records collection entirely.
"To
approve such a program, the court must have every confidence that the
government is doing its utmost to ensure that those responsible for
implementation fully comply with the court's orders," Walton wrote. "The
court no longer has such confidence."
According to the NSA,
by early 2009, the surveillance agency had passed along to the FBI some
2,549 phone numbers from the bulk phone records database. The government
filings to the court, Walton noted, cited "three preliminary
investigations of persons in the US" opened as a result. "The mere
commencement of a preliminary investigation, by itself, does not seem
particularly significant," he wrote.
Yet the program
continues. The NSA's deputy director, John C Inglis, testified in July
that the NSA could not identify a single case where the bulk phone
records collection unambiguously led to the prevention of a terrorist
attack.
According to the NSA, by early 2009, the surveillance
agency had passed along to the FBI some 2,549 phone numbers from the
bulk phone records database. The government filings to the Court, Walton
noted, cited "three preliminary investigations of persons in the US"
opened as a result.
"The mere commencement of a preliminary investigation, by itself, does not seem particularly significant," he wrote.
Walton
also concluded that NSA "data accessing technologies and practices" to
help analysts search through the phone records databases "were never
adequately designed to comply" with court-ordered privacy restrictions.
The
documents reveal that Walton ordered the government not to search
through the phone records data except to "ensure data integrity and
compliance with the Court's orders" or if the government believed
"immediate access is necessary to protect against an imminent threat to
human life."
Walton also allowed the government to search
through the databases "for the purposes of obtaining foreign
intelligence" on a "case by case basis," if the Court approved such
individual searches -- a move that undercut a central government
contention of the need to collect and sift through the data swiftly
without individual court orders to prevent terrorist attacks.
The
program continues. The NSA's deputy director, John C Inglis, testified
in July that the NSA could not identify a single case where the bulk
phone records collection unambiguously led to the prevention of a
terrorist attack.
In a statement, two leading Senate critics
of the NSA's bulk phone records collection said the Fisa court's 2009
restriction of the agency's ability to access the databases showed the
bulk collection ought to be ended.
"The fact that the Fisa
court was able to handle these requests on an individual basis is
further evidence that intelligence agencies can get all of the
information they genuinely need without engaging in the dragnet
surveillance of huge numbers of law-abiding Americans," said Ron Wyden
and Mark Udall, both members of the intelligence committee.
"We
have said before that we have seen no evidence that the bulk collection
of Americans' phone records has provided any intelligence that couldn't
be gathered through less intrusive means and that bulk collection
should be ended. These documents provide further evidence that bulk
collection is not only a significant threat to the constitutional
liberties of Americans, but that it is a needless one."
ACLU
attorney Alex Abdo said in a statement: "These documents show that the
NSA repeatedly violated court-imposed limits on its surveillance powers,
and they confirm that the agency simply cannot be trusted with such
sweeping authority." He said the program should never have been
authorised in the first place. "The NSA should end the bulk collection
of information about Americans," he said.
James Clapper, the
director of national intelligence, said that the release of the
documents stood as "a testament to the government's strong commitment to
detecting, correcting, and reporting mistakes that occur in
implementing technologically complex intelligence collection activities,
and to continually improving its oversight and compliance processes."
But they come as congressional opposition to the bulk phone records collection gained a powerful new ally.
Darrell
Issa, the California Republican who chairs the powerful House committee
on oversight and government reform, said that he backed legislation to
"permanently cease" the bulk phone records collection.
"Government
actions that violate the constitution cannot be tolerated and Congress
must act to ensure the NSA and the intelligence community permanently
cease such acts and hold the appropriate individuals accountable," Issa
wrote to House majority leader Eric Cantor on Tuesday.
[1]
http://icontherecord.tumblr.com/post/60867560465/dni-clapper-declassifies-intelligence-community
[2]
http://ia700702.us.archive.org/33/items/gov.uscourts.nysd.386676/gov.uscourts.nysd.386676.71.0.pdf