NSA Phone-Records Spying Said to Violate Rules for Years
By Chris Strohm - Sep 10, 2013 9:00 PM PT
The U.S. National Security Agency violated rules on
surveillance of telephone records for almost three years and misled a secret
court, raising fresh concerns that spy programs lack adequate controls to
protect Americans’ privacy.
The latest revelations show NSA spying was broader,
violated restrictions on domestic surveillance more often, and may have
targeted innocent Americans to a greater degree than previously known. They are
contained in documents released yesterday by Director of National Intelligence
James Clapper in response to privacy groups’ lawsuits.
The agency ran a select list of phone numbers against
databases of millions of call records between May 2006 and January 2009 without
having reason to suspect some of the numbers’ owners of terrorist ties,
according to the records.
“The court entrusted NSA with extraordinary authority,
and with it came the highest responsibility for compliance and protection of
privacy rights,” NSA Director Keith Alexander wrote in one of the declassified
documents. “In several instances, NSA implemented its authority in a manner
inconsistent with the orders, and some of these inconsistencies were not
recognized for more than two and a half years.”
The Electronic Frontier Foundation, a privacy-rights
group in San Francisco, sued the NSA to obtain the documents that had been
issued by a secret intelligence court.
“It’s pretty damning,” said Trevor Timm, a digital rights
analyst with EFF. “This shows a larger pattern that a lot of times the NSA
doesn’t alert the court to serious privacy violations, whether they are
intentional or unintentional, for years down the road.”
Court Rules
The violations involved checks on as many as 16,000 phone
numbers, including some based in the U.S., said two senior intelligence
officials with direct knowledge of how the program operated. They asked not to
be identified in order to speak about sensitive matters.
Intelligence officials notified the Foreign Intelligence
Surveillance Court, which oversees intelligence gathering on Americans, of the
violations on Jan. 15, 2009, five days before President Barack Obama was sworn
in.
Among other violations, a “significant” number of
domestic telephone numbers were added to lists for heightened scrutiny without
proper review, according to an Aug. 17, 2009 filing by the NSA with the court.
The agency said it had remedied the violations through better training and
technological fixes.
‘Deeply Troubled’
Between March 2009 and September 2009 the court required
the NSA to get approval for each number it wanted to query. In September of
that year the court approved revised procedures that allowed the program to
continue, the official said.
Within three weeks, the NSA reported that unauthorized
personnel had been given access to some of the records. U.S. District Judge
Reggie Walton, serving on the surveillance court, wrote of being “deeply
troubled by the incidents.” He ordered the parties to appear at a hearing to
assess whether to shut the surveillance program down. He didn’t take that step.
The NSA collects bulk phone records, such as numbers and
call durations, from companies including Verizon Communications Inc. (VZ) under
Section 215 of the USA Patriot Act.
Under the law, the agency must have “reasonable,
articulable suspicion” that a phone number may be connected to a terrorist plot
to query it against the larger database of records.
Alert List
Between May 2006 and January 2009, NSA analysts would
query the database with thousands of numbers on an “alert list,” the
intelligence officials said. Those numbers didn’t meet the necessary legal
standard for ongoing searches, the officials said.
The alert list grew from 3,980 in 2006 to 17,835 in 2009,
one of the officials said. About 2,000 numbers on the list in 2009 met the
necessary standard, the official said, meaning almost 16,000 didn’t. The alert
list was shut down on Jan. 24, 2009, according to one of the declassified
documents.
The NSA misled the surveillance court during those years
by certifying the legal standard was met for all numbers queried, the official
said.
Alexander described to the court in a Feb. 13, 2009,
filing how mistakes were made in using the alert list. Four days later, the
Justice Department submitted a memorandum to the court saying declarations made
by Alexander were inaccurate and that the government didn’t have the authority
to use the list in the manner it did.
Compliance Remedies
Remedies put in place “should significantly improve
compliance with the court’s orders,” Alexander said. He added that “no
corrective measures are infallible.” Remedies include software that prevents
queries about numbers not on an approved list, Alexander said.
It wasn’t the first time the NSA has acknowledged
violating surveillance rules or misleading the court.
The NSA said last month that, in a handful of cases, some
employees or contractors deliberately spied on people of interest to them,
including for romantic motivations.
Separately, a legal opinion declassified Aug. 21 revealed
that the NSA intercepted as many as 56,000 electronic communications a year of
Americans who weren’t suspected of having links to terrorism, before the secret
court that oversees surveillance found the operation unconstitutional in 2011.
In a declassified legal opinion from October 2011, the
court said the agency misrepresented the scope of surveillance operations three
times in less than three years.
Government Audit
A May 2012 internal government audit found more than
2,700 violations involving NSA surveillance of Americans and foreigners over a
one-year period. The audit was reported Aug. 16 by the Washington Post, citing
documents provided by former NSA contractor Edward Snowden.
The extent of the phone metadata program was exposed in
June by Snowden, who’s now in Russia under temporary asylum. He revealed a
classified legal order compelling Verizon to turn over the phone records of
millions of customers to the NSA.
The administration acknowledged that the phone metadata
program involves multiple telecommunications carriers in an Aug. 9 description
of how the program works, without naming other participating companies.
Yesterday’s disclosures were made in response to a
judge’s order in a freedom of information lawsuit brought by the Electronic
Frontier Foundation.
The group sued after the government didn’t respond to its
requests to turn over documents describing its collection and surveillance
efforts. In November the government asked U.S. District Judge Yvonne Gonzalez
Rogers in Oakland, California, to toss the case, saying the EFF sought
documents that were exempt from disclosure to protect national security.
‘Flawed Interpretation’
The Justice Department said in a Sept. 5 court filing
that it would release hundreds of pages to EFF, including orders and opinions
of the surveillance court from January 2004 to June 2011 and other documents
about the court’s work.
The government has collected “the details of every call made
by every American” in violation of the Patriot Act, said Republican
Representative Jim Sensenbrenner of Wisconsin, who helped write the 2001 law.
“The implications of this flawed interpretation are
staggering,” Sensenbrenner wrote in a Sept. 6 letter to Attorney General Eric
Holder. “The logic the administration uses for bulk collection would seem to
support bulk collection of other personal data.”
The case is Electronic Frontier Foundation v. Department
of Justice, 11-05221, U.S. District Court, Northern District of California
(Oakland).
To contact the reporter on this story: Chris Strohm in
Washington at cstrohm1@bloomberg.net
To contact the editor responsible for this story: Bernard
Kohn at bkohn2@bloomberg.net
Comments
Post a Comment