NSA Illegally Gorged on U.S. Phone Records for Three Years

What happens when a secret U.S. court allows the National Security Agency access to a massive pipeline of U.S. phone call metadata, along with strict rules on how the spy agency can use the information?

The NSA promptly violated those rules — “since the earliest days” of the program’s 2006 inception — carrying out thousands of inquiries on phone numbers without any of the court-ordered screening designed to protect Americans from illegal government surveillance.

The violations continued for three years, until they were uncovered by an internal review, and the NSA found itself fighting to keep the spy program alive.

That’s the lesson from hundreds of pages of formerly top secret documents from the Foreign Intelligence Surveillance Court, released today by the Obama administration in response to a successful Freedom of Information Act lawsuit brought by the Electronic Frontier Foundation.

“Incredibly, intelligence officials said today that no one at the NSA fully understood how its own surveillance system worked at the time so they could not adequately explain it to the court,” says EFF activist Trevor Timm. “This is a breathtaking admission — the NSA’s surveillance apparatus, for years, was so complex and compartmentalized that no single person could comprehend it.”

Intelligence Director James Clapper, in a blog post today, blamed the unlawful spying in part on “the complexity of the technology employed in connection with the bulk telephony metadata collection program,” and said it was not done deliberately.

But the secret surveillance court, set up in 1978 to oversee intelligence-gathering activities, didn’t see it that way. In 2009, in response to the government telling the court that it was searching call records without “reasonable articulable suspicion” or RAS, the court said the government’s explanation “strains credulity.”

The documents — legal opinions, government briefs and internal audits declassified today — chronicle a series of missteps within the NSA after the intelligence court began approving requests for bulk telephone company metadata under the Patriot Act in 2006.

Section 215 of the Patriot Act authorizes broad warrants for most any type of “tangible” records, including those held by banks, doctors and phone companies. In today’s declassified opinions, the FISA court refers to the records as “BR” for business records.

Since 2006, the FISA court has been authorizing the NSA to collect from telecommunications providers the business records that contain information about communications between two telephone numbers, such as the date, time, and duration of a call. There is no collection of content of any telephone call under this program.

In the most serious incident uncovered today, the NSA set up an automated system to add phone numbers to its data-mining watchlist. That system, called the “alert list process,” completely bypassed the court-ordered review process, in which NSA personnel were supposed to ensure that nobody was monitored without “reasonable articulable suspicion” that they were tied to a foreign terrorist group or intelligence agency.

Between 2006 and 2009 some 17,835 phone numbers were queried, but only 1,935 of these were based on a RAS standard, as required by the court’s order.

“Thus, since the earliest days of the FISC-authorized collection of call-detail records by the NSA, the NSA has on a daily basis, accessed BR metadata for purposes of comparing thousands of non-RAS approved telephone identifiers on its alert list against the BR metadata in order to identify any matches,” according to a March 2009 declassified FISA court opinion.

In addition to the alert list gaffe, individual analysis were found to be running searches on phone numbers not cleared by the RAS process.

When it learned of the violations, the intelligence court considered ending the program. But the government changed its processes, and persuaded the court to allow the collection to continue. The FISA court hears arguments only from government lawyers — so there is nobody arguing the other side.

While the bulk telephony metadata program did not give the NSA access to call content, it’s a powerful surveillance tool nonetheless. When a phone number is queried, analysts receive notification that the database contains one or more references to the number, along with a count of how many times the number appears in the database, the dates of the first and last calls associated with the number, a count of how many other numbers had direct contact with that number, the total number of calls made to or from the phone number, the ratio of the count of total calls to the count of unique contacts, and the amount of time it took to process the query. The notification does not include the actual phone numbers that were in contact with the queried number.

Meanwhile, one function of the court is to ensure the NSA’s activities target communications of those “reasonably believed to be located outside the United States.” The surveillance must also be designed to “prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States.”

Clearly, that has not always been the case. In a FISA court opinion the government declassified last month, the court said the NSA misrepresented the reach of its “upstream” internet surveillance, where it has tapped into the internet’s backbone.

“Indeed, the record before this court establishes that NSA’s acquisition of Internet transactions likely results in NSA acquiring annually tens of thousands of wholly domestic communications, and tens of thousands of non-target communications of persons who have little or no relationship to the target but who are protected under the Fourth Amendment,” according to the 2011 opinion.


One Comment on “NSA Illegally Gorged on U.S. Phone Records for Three Years”

  1. […] NSA Illegally Gorged on U.S. Phone Records for Three Years (punditfromanotherplanet.com) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.