Tech

NSA waited until Christmas Eve to reveal its embarrassing self-audit

Pretty conspicuous timing.

Photo of Kevin Collier

Kevin Collier

Article Lead Image

In an extremely conspicuous move, the NSA chose Christmas Eve to release an internal review of the times the agency caught employees spying on Americans.

Featured Video

The report is a collection of documents, heavily redacted, arranged by quarter, and ranging from the end of 2001 to the end of 2012. They largely catalog individual instances where a National Security Agency employee illegally or mistakenly used the agency’s powerful technology to search an American or a foreigner in the U.S. without a warrant, was caught, reprimanded, and the information deleted.

It’s been more than a year and a half since former NSA systems analyst Edward Snowden leaked agency documents to journalists—the public has learned of its astounding technological power, like tapping into raw Internet data or collecting the phone calls of entire countries. But so far, the agency has insisted that it doesn’t actually collect the content of Americans’ communications without a warrant or court order, which would be illegal. That’s distinct from metadata, like call times, of Americans’ phone calls, which, as Snowden revealed, the agency has collected for years. Though inadvertent collection of Americans’ information does occasionally happen, the NSA has long stated, it takes immediate steps to delete the information and reprimand the agent responsible.

One bit of apparently new information in this report is that in the panicked week after 9/11—which would indeed prompt the NSA to acquire unprecedented legal authorization—a false rumor swept the agency that it was about to declare a sort of temporary martial law. Agents could wantonly look at much more information than they were authorized to, as the rumor went:

Advertisement

There were [REDACTED NUMBER] of incidents involving the use of improper retrieval strategies against the [LONG REDACTION] raw traffic files this quarter. Several of the incidents occurred in the immediate aftermath of the 11 September terrorist attacks when rumors were rife that the rules governing SIGNIT collection were going to be suspended. The NSA General Counsel subsequently made an Agency-wide appearance on 17 September on NSA’s secure television network to inform the workforce that the rumors were not true; he emphasized that the rules had not been suspended or changed.

The number of people illegally targeted is, of course, redacted in that document.

Despite largely lacking specifics, the documents do show that the NSA’s practice of mistakenly targeting an American target, realizing the error, and having to delete what it found has been a consistent problem for over a decade. The most recent document, which details the final quarter of 2012, detailed a range of instances where agents were found to have illegally spied on Americans, though again, specifics have been redacted.

On [REDACTED NUMBER] occasions during the fourth quarter, analysts performed overly broad or poorly constructed database queries that potentially selected or returned information about USPs. These queries used [LONG REDACTION] that produced imprecise results. On [REDACTED NUMBER] of those occasions, the queries returned results, which were deleted or aged off, as required, and no reports were issued. Analysts who performed these queries were counseled by their management.”

Advertisement

The NSA’s timing is conspicuous, as most news agencies run on a skeleton crew on Christmas Eve and Day. It echoes the Director of National Intelligence’s habit of, every three months, waiting until a Friday afternoon to announce that its legal authorization for continuing that phone metadata program has been renewed.

The agency did reiterate its stance that it’s tough on finding out misuse of its systems. “NSA takes even unintentional errors seriously and institutes corrective action, typically involving at a minimum a combination of training and technical measures designed to prevent recurrences. Data incorrectly acquired is almost always deleted, referred to as the ‘purge’ process,” it says in its release.

According to Bloomberg, the report is due to the agency’s legal obligation to answer an ACLU Freedom of Information Act request, though the NSA doesn’t mention that as a reason.

Illustration by Jason Reed 

Advertisement
 
The Daily Dot