The National Security Agency (NSA) released years of edited briefings it gave to an oversight group on Christmas Eve, documenting years of unauthorized surveillance on Americans that the agency argues was accidental. In its reports NSA names the oversteps “unintentional errors.”
The release contained quarterly reports it had given to the president’s Intelligence Oversight Board between the fourth quarter of 2001 and the second quarter of 2013, dealing mostly with accidental surveillance of Americans mistaken for foreign nationals.
“The vast majority of compliance incidents involve unintentional technical or human error,” the NSA wrote on its website. “In the very few cases that involve the intentional misuse of a signals intelligence system, a thorough investigation is completed, the results are reported to the IOB and the Department of Justice as required, and appropriate disciplinary or administrative action is taken.”
President Ronald Reagan issued in 1981 an executive order that authorized an expansion of intelligence gathering which included the tracking of communication of foreign nationals. U.S. persons are granted addition protections to their privacy as a result of their Fourth Amendment rights, and the reports detail that accidental data gathered on US persons were to be deleted.
- Who Hacked Sony Becomes Internet’s New Mystery
- Before Snowden, a Debate Inside NSA
- The Rise of the Military-Internet Complex
“An array of technical and human-based checks attempt to identify and correct errors, some amount of which occur naturally in any large, complex system,” the NSA said.
However, the reports are heavily redacted, and information about the number of unauthorized surveillance of US persons as well as the amount of time it took to purge improperly collected data is not available in the public versions of the reports. The catalog of individual instances of unauthorized surveillance showed that it was a routine affair.
In one instance from a 2010 report, an NSA analyst had unauthorized access to a database for one month based on a verbal confirmation with a manager before access was revoked.
Adjusting the Data
Since the Snowden revelations in 2013, some have charged that the NSA deliberately manipulates how it obtains data to subject more Americans to surveillance.
Harvard researchers Axel Arnbak and Sharon Goldberg published a paper in 2014 on how the NSA can manipulate IP addresses to categorize certain internet activity from U.S. persons as data from foreign nationals, creating a legal loophole to spy on Americans.
“There are several loopholes in current U.S. surveillance law to conduct largely unrestrained surveillance on Americans by collecting their network traffic abroad while not intentionally targeting a U.S. person,” the researchers wrote.
“If an intelligence agency can construct plausible presumptions that surveillance does not intentionally target a U.S. person and when the surveillance is conducted abroad, the permissive legal regime under [the 1981 executive order] applies.”
Previously secret NSA rules authorized that data accidentally obtained from U.S. persons could be kept if, going through the appeals process to the director, the data contains “significant foreign intelligence information,” “evidence of a crime,” “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property,” the Guardian reported in 2013.
The Guardian obtained this information from ex-NSA analyst and whistleblower Edward Snowden.
The reports also noted instances of intentional errors, although the number of substantiated cases are rare.
“The analyst reported that, during the past two or three years, she had searched her spouses’ personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,” according to a report from the first quarter of 2012.
A letter sent to Sen. Chuck Grassley (R-Iowa) from the NSA Inspector General on Sept. 11, 2013, documents 12 cases since 2003 of substantiated “willful misuse of surveillance authorities,” the majority of which dealt with analysts querying for data on their significant other.