29 June 2018, NYT: N.S.A. Purges Hundreds of Millions of Call and Text Records
https://www.nytimes.com/2019/06/26/us/telecom-nsa-domestic-calling-records.html
June 26, 2019
N.S.A. Gathered Domestic Calling Records It Had No Authority to Collect
The newly revealed incident underscores difficulties in making a system work ahead of a congressional debate about extending it.
By Charlie Savage
WASHINGTON -- The National Security Agency discovered in October 2018 that it was collecting information about domestic phone calls and text messages that it had no legal authority to gather, newly disclosed documents show, underscoring the troubles the agency has had with using Americans' phone records to hunt for hidden terrorist cells.
The N.S.A. blamed the incident on an unidentified telecommunications provider, saying that agency technicians had noticed a problem with the data that the company was sending, and stopped accepting the information in order to fix it. The episode came to light on Wednesday in documents [1] the American Civil Liberties Union had obtained via a Freedom of Information Act lawsuit.
The disclosure was the latest in a long string of episodes in which the N.S.A. has experienced technical difficulties complying with rules when trying to handle large volumes of Americans' domestic phone records. The agency currently does so under the USA Freedom Act of 2015, which is set to expire at the end of the year unless Congress extends it.
Patrick Toomey, a staff attorney with the A.C.L.U.'s national security project, said the disclosure underscored privacy issues that argue for Congress to let the program lapse.
"These documents further confirm that this surveillance program is beyond redemption and a privacy and civil liberties disaster," Mr. Toomey said. "The N.S.A.'s collection of Americans' call records is too sweeping, the compliance problems too many, and evidence of the program's value all but nonexistent. There is no justification for leaving this surveillance power in the N.S.A.'s hands."
The newly disclosed documents are heavily redacted reports about "compliance incidents" the N.S.A. periodically sends to its overseers to report violations of surveillance program rules.
One shows that on Oct. 12, 2018, N.S.A. technicians observed "an anomaly" in which a particular phone company was sending a "larger than expected number of" some type of communications records, whose description was censored.
The N.S.A. asked the firm to investigate, and the company reported back that it had discovered that an error dating back to Oct. 3 had been causing it to provide records to the N.S.A. that the agency had not asked for and had no authority to collect. The document said the N.S.A. suspended the data flow from the provider until it fixed the error.
Gregory Julian, a spokesman for the N.S.A., said the problems stemmed from "the unique complexities of using company-generated business records for intelligence purposes," but declined to comment further, saying the operational details were classified.
In March, a senior Republican congressional aide said in a podcast that the N.S.A. had not been using the system [2] for months, and suggested that the Trump administration might not even ask Congress to renew the Freedom Act provisions that authorized it to operate.
The government has declined to comment on that disclosure or the current status of the program. The Trump administration also has yet to issue a policy statement taking a position [3] on whether Congress should extend the Freedom Act provisions that provide a legal basis for the troubled system.
"This is a deliberative interagency process that will be decided by the administration," Mr. Julian said.
An official familiar with internal deliberations said the N.S.A. has made no explicit recommendation about whether the administration should seek reauthorization. But the agency has delivered a bleak assessment, telling White House policymakers that the system is expensive, carries a continuing risk of rules violations and has scant operational value.
Against that backdrop, the White House is weighing whether a better legislative strategy would be to try to keep the authority on the books or to abandon it as a means toward smoothing the path to extension of unrelated intelligence powers that are also set to expire. [4]
The records obtained by the A.C.L.U. lawsuit were earlier reported on Wednesday by The Washington Post [5] and The Wall Street Journal. [6]
The N.S.A. began systematically gathering domestic phone and text data -- records showing who had been in contact with whom, but not what they said -- after the Sept. 11, 2001, terrorist attacks, as part of the Bush administration's then-secret Stellarwind program.
In theory, large volumes of call records function as a social map that could reveal hidden associates of terrorism suspects who never called each other. In practice, dating back to 2001, the program has never thwarted a terrorist attack, officials have said.
The program was originally based on a raw assertion of purported presidential power. In 2006, the Foreign Intelligence Surveillance Court began issuing secret orders to several large phone companies requiring them to turn over customer records under a disputed interpretation of a law known as Section 215 of the Patriot Act.
In 2013, its existence was revealed in leaks by Edward Snowden, causing an uproar. To defend itself, the government declassified large amounts of information about the program's rules and limits, including court documents showing the N.S.A. had repeatedly confessed that it had discovered it was using the data in ways that went beyond what judges had approved.
In 2015, Congress enacted the Freedom Act to end such bulk collection while preserving the program's analytical capabilities. Under the new system, the bulk records remain in the hands of phone companies. When a judge agrees that there is reason to believe that a specific identifier, like a phone number, has terrorism links, the N.S.A. can swiftly gather all the calling and text records from that account and from everyone who has been in contact with it.
The first public sign of problems with the new system emerged in the spring of 2018, when the N.S.A. disclosed that it had temporarily shut down the Freedom Act system and purged all of the hundreds of millions of calling and text records [7] it had collected under it, saying that "technical irregularities" had caused it to collect more data than it had authority to collect.
An agency lawyer said at the time that one or more telecommunications companies had been sending some records that were not linked to terrorism suspects. When the system then gathered the records of everyone who had been in contact with the flawed numbers, it compounded the problem.
Another record disclosed in the A.C.L.U. lawsuit showed that the large volume of phone records wrongly collected due to that earlier problem had been assessed to have "a significant impact on civil liberties and privacy."
[2] https://www.nytimes.com/2018/06/29/us/politics/nsa-call-records-purged.html
[3] https://www.whitehouse.gov/omb/statements-of-administration-policy/
[4] https://www.lawfareblog.com/three-fisa-authorities-sunset-december-heres-what-you-need-know
[6] https://www.wsj.com/articles/nsa-improperly-collected-u-s-phone-records-a-second-time-11561541520
[7] https://www.nytimes.com/2018/06/29/us/politics/nsa-call-records-purged.html