by Barton Gellman, Washington Post
August 16, 2013 (TSR-WP) – The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.
Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.
The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
The Obama administration has provided almost no public information about the NSA’s compliance record. In June, after promising to explain the NSA’s record in “as transparent a way as we possibly can,” Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. “Every now and then, there may be a mistake,” Cole said in congressional testimony.
The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
In a statement in response to questions for this article, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.” The government was made aware of The Post’s intention to publish the documents that accompany this article online.
“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.
“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”
There is no reliable way to calculate from the number of recorded compliance issues how many Americans have had their communications improperly collected, stored or distributed by the NSA.
The causes and severity of NSA infractions vary widely. One in 10 incidents is attributed to a typographical error in which an analyst enters an incorrect query and retrieves data about U.S phone calls or e-mails.
But the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance.
The May 2012 audit, intended for the agency’s top leaders, counts only incidents at the NSA’s Fort Meade headquarters and other facilities in the Washington area. Three government officials, speaking on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers.
Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”
Despite the quadrupling of the NSA’s oversight staff after a series of significant violations in 2009, the rate of infractions increased throughout 2011 and early 2012. An NSA spokesman declined to disclose whether the trend has continued since last year.
One major problem is largely unpreventable, the audit says, because current operations rely on technology that cannot quickly determine whether a foreign mobile phone has entered the United States.
In what appears to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection.
The operation to obtain what the agency called “multiple communications transactions” collected and commingled U.S. and foreign e-mails, according to an article in SSO News, a top-secret internal newsletter of the NSA’s Special Source Operations unit. NSA lawyers told the court that the agency could not practicably filter out the communications of Americans.
In October 2011, months after the program got underway, the Foreign Intelligence Surveillance Court ruled that the collection effort was unconstitutional. The court said that the methods used were “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion, and it ordered the NSA to comply with standard privacy protections or stop the program.
James R. Clapper Jr., the director of national intelligence, has acknowledged that the court found the NSA in breach of the Fourth Amendment, which prohibits unreasonable searches and seizures, but the Obama administration has fought a Freedom of Information lawsuit that seeks the opinion.
Generally, the NSA reveals nothing in public about its errors and infractions. The unclassified versions of the administration’s semiannual reports to Congress feature blacked-out pages under the headline “Statistical Data Relating to Compliance Incidents.”
Under NSA auditing guidelines, the incident count does not usually disclose the number of Americans affected.
“What you really want to know, I would think, is how many innocent U.S. person communications are, one, collected at all, and two, subject to scrutiny,” said Julian Sanchez, a research scholar and close student of the NSA at the Cato Institute.
The documents provided by Snowden offer only glimpses of those questions. Some reports make clear that an unauthorized search produced no records. But a single “incident” in February 2012 involved the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy, according to the May 2012 audit. Each file contained an undisclosed number of telephone call records.
One of the documents sheds new light on a statement by NSA Director Keith B. Alexander last year that “we don’t hold data on U.S. citizens.”
Some Obama administration officials, speaking on the condition of anonymity, have defended Alexander with assertions that the agency’s internal definition of “data” does not cover “metadata” such as the trillions of American call records that the NSA is now known to have collected and stored since 2006. Those records include the telephone numbers of the parties and the times and durations of conversations, among other details, but not their content or the names of callers.
The NSA’s authoritative definition of data includes those call records. “Signals Intelligence Management Directive 421,” which is quoted in secret oversight and auditing guidelines, states that “raw SIGINT data .?.?. includes, but is not limited to, unevaluated and/or unminimized transcripts, gists, facsimiles, telex, voice, and some forms of computer-generated data, such as call event records and other Digital Network Intelligence (DNI) metadata as well as DNI message text.”
In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.
The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.
The large number of database query incidents, which involve previously collected communications, confirms long-standing suspicions that the NSA’s vast data banks — with code names such as MARINA, PINWALE and XKEYSCORE — house a considerable volume of information about Americans. Ordinarily the identities of people in the United States are masked, but intelligence “customers” may request unmasking, either one case at a time or in standing orders.
In one required tutorial, NSA collectors and analysts are taught to fill out oversight forms without giving “extraneous information” to “our FAA overseers.” FAA is a reference to the FISA Amendments Act of 2008, which granted broad new authorities to the NSA in exchange for regular audits from the Justice Department and the Office of the Director of National Intelligence and periodic reports to Congress and the surveillance court.
Using real-world examples, the “Target Analyst Rationale Instructions” explain how NSA employees should strip out details and substitute generic descriptions of the evidence and analysis behind their targeting choices.
“I realize you can read those words a certain way,” said the high-ranking NSA official who spoke with White House authority, but the instructions were not intended to withhold information from auditors. “Think of a book of individual recipes,” he said. Each target “has a short, concise description,” but that is “not a substitute for the full recipe that follows, which our overseers also have access to.”
Julie Tate and Carol D. Leonnig contributed to this report.
What’s a ‘violation’?
This slide is used in a training course for NSA intelligence collectors and analysts. It tells the trainees what to do if they collect communications “to, from or about” a U.S. citizen, green card holder or company. The slide’s revision date is nearly one month after the Foreign Intelligence Surveillance Court ruled on Oct. 3, 2011 that the NSA’s handling of some “U.S. Persons” data was unlawful. The highlighted portion of the slide is notable because it shows that “incidentally” acquired U.S. communications, which may account for the highest volume of American content collected, are not purged from NSA databases. Analysts do not need to report “incidental” collection to the NSA Inspector General because it is not deemed a violation of rules. They may use the data routinely in “minimized” form, with identities masked, and with supervisory permission they may unmask the identities of U.S. persons in reports if the “customer set” requires them.
Click here to see slide.
What to say, and not to say, to ‘our overseers’
When NSA analysts want to “task” new collections or search an existing database, they are required to fill out a form that includes their “targeting rationale.” The rationale is provided for oversight by the Justice Department and the office of the Director of National Intelligence when NSA personnel use the powers that Congress gave them in the FISA Amendments Act of 2008. This document tells NSA analysts how to explain their targeting decisions without giving “extraneous information” to “our FAA overseers.”
Analysts are specifically warned that they “MUST NOT” provide the evidence on which they base their “reasonable articulable suspicion” that a target will produce valid foreign intelligence. They are also forbidden to disclose the “selectors,” or search terms, they plan to use. In examples that draw on actual searches, the document shows how to strip out details and substitute generic descriptions.
A senior intelligence official said in an interview that this form provides only the “headline” and that the document should not be misread to suggest that the NSA is hiding anything from its outside auditors. Particulars are available on request, the official said, by supervisors at the Justice Department and the office of the Director of National Intelligence, and those offices often delve deeply into the details. The official acknowledged that the details are not included in reports to Congress or the Foreign Intelligence Surveillance Court.
The Washington Post has redacted names and other identifiers from examples in the document that describe actual surveillance operations. Click here for the details.
NSA report on privacy violations in the first quarter of 2012
This is the full executive summary, with names redacted by The Post, of a classified internal report on breaches of NSA privacy rules and legal restrictions.
The report covers the period from January through March 2012 and includes comparative data for the full preceding year. Its author is director of oversight and compliance for the NSA’s Signals Intelligence Directorate, but the scope of the report is narrower. Incidents are counted only if they took place within “NSA-Washington,” a term encompassing the Ft. Meade headquarters and nearby facilities. The NSA declined to provide comparable figures for its operations as a whole. A senior intelligence official said only that if all offices and directorates were included, the number of violations would “not double.”
Click here to see the executive summary.
First direct evidence of illegal surveillance found by the FISA court
The document, which includes a brief glossary of terms, is the full text of a brief article from the Oct. 12, 2011 edition of the Top Secret “SSO News,” an NSA electronic newsletter. It includes the first confirmation – and the only known details – of an Oct. 3, 2011 ruling in which the Foreign Intelligence Surveillance Court held that the NSA was using illegal methods to collect and handle the emails and other internet communications of American citizens and green card holders. Much remains unknown about the case and its resolution, which is the subject of a Freedom of Information Act lawsuit by the Electronic Frontier Foundation. The intended audience would be familiar with the NSA’s internal jargon and acronyms. The article’s author has been redacted by The Washington Post.
Click here to see the document.