The National Security Agency has released reports on intelligence collection that may have violated the law or U.S. policy over more than a decade, including unauthorized surveillance of Americans’ overseas communications.
The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013.
The NSA’s timing of Christmas Eve to release the reports is conspicuous, as most news agencies run on a skeleton crew on Christmas Eve and Day. It echoes the Director of National Intelligence’s habit of, every three months, waiting until a Friday afternoon to announce that its legal authorization for continuing that phone metadata program has been renewed.
The heavily-redacted reports include examples of NSA employees illegally or mistakenly using the agency’s powerful technology to search an American or a foreigner in the U.S. without a warrant, data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, and more.
Some resemble violations previously reported by The Washington Post following disclosures of NSA programs by former contractor Edward Snowden, and detailed in a NSA inspector general letter (PDF) sent to Senator Charles Grassley last year.
Because of the extensive redactions, the newly released documents don’t make clear how many violations occurred and how many were unlawful.
- In the panicked week after 9/11—which would indeed prompt the NSA to acquire unprecedented legal authorization—a false rumor swept the agency that it was about to declare a sort of temporary martial law. Agents could wantonly look at much more information than they were authorized to, as the rumor went:
- The documents do show that the NSA’s practice of mistakenly targeting an American target, realizing the error, and having to delete what it found has been a consistent problem for over a decade. The most recent document, which details the final quarter of 2012, detailed a range of instances where agents were found to have illegally spied on Americans, though specifics have been redacted:
- The NSA accidentally emailed out unminimized “US telephone numbers” and “raw SIGINT”:
- In 2012, an analyst conducted surveillance “on a U.S. organization in a raw traffic database without formal authorization because the analyst incorrectly believed that he was authorized to query due to a potential threat,” according to the fourth-quarter report from 2012. The surveillance yielded nothing:
- In 2010, senior management led an analyst astray, requesting unauthorized query “using U.S. person-associated selectors”:
- NSA knew in 2008 it could minimize domestic surveillance, but wasn’t doing so:
- “When US person communications are destroyed upon recognition, a record should not be created to document the incident”:
- In some cases, surveillance of foreign targets continued even when those targets were in the U.S., although such “non-compliant data” were later purged. Some examples:
- In 2012, an NSA analyst “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting.” The analyst was “advised to cease her activities”:
- Last year, an analyst “mistakenly requested” surveillance “of his own personal identifier instead of the selector associated with a foreign intelligence target”:
Another example of an analyst who NSA’d himself:
This is not a rare occurrence, however, and appears to be something of a running prank among analysts:
The cases of NSA analysts looking themselves up seems to indicate that they have broad capabilities to run queries on phone numbers inside the Section 215 system at their own whim, something that appears to invite abuse. This is amplified by the fact that even trainees are given what appears to be broad berth to query the accumulated data, as the quoted example indicates.
- The military had access to raw traffic databases under Section 702 of Foreign Intelligence Surveillance Act:
- The first rule of over-collection is don’t talk about over-collection:
- Redaction slip-up regarding law enforcement “technical and analytic support”:
- Another redaction slip: possible reference to Russian Foreign Minister Sergey Lavrov:
- James Bamford honorable mention: