NSA Engaged In Privacy-Violating Searches Of Domestic Metadata For Three Straight Years
from the oh-yeah,-LOTS-of-violations-'under-this-program' dept
One of the more surprising documents to be declassified as a result of the EFF and ACLU’s lawsuits against the government is an opinion issued by FISA Judge Reggie Walton in which he excoriates the NSA for playing fast and loose with the rules governing its data collections.
The minimization procedures (another declassified document) clearly spell out the limitations and rules surrounding both the collection procedures and the searching of archived data. Judge Walton discovered the agency had been skirting the “reasonable and articulable suspicion (RAS)” limitations on a regular basis and understandly was a bit irritated by the ongoing abuse.
The NSA breached the protective rules by creating an “Alert List” to be used to check identifiers against incoming business record (BR) metadata. The original Alert List process was actually court-approved in 2006, but as time went on, the list expanded to include all foreign and domestic identifiers, which made most of its access to the domestic metadata non-RAS. This clearly violated the minimization procedures that were put in place to ensure minimal privacy violations.
The NSA (via a statement by General Alexander) admitted to violating these limitations but claimed it had misunderstood the minimization procedures and felt the search restrictions only applied to archived data. Walton didn’t buy this argument, stating that the government’s interpretation of the minimization procedures “strains credulity.”
He went further, pointing out that allowing the identifiers to be used on non-archived data isn’t simply a matter of a “terminological misunderstanding,” but rather a deliberate decision to treat incoming data like other data collected by other NSA programs — programs not subject to the FISA Court’s minimization instructions.
Even worse, the NSA had “compounded” the problem by “repeatedly submitting inaccurate descriptions of the alert process to the FISC.” Astoundingly, these “inaccuracies” traced all the way back to 2006, shortly after the minimization procedures were implemented.
What this all adds up to is three straight years of the NSA abusing the bulk records system to access and search domestic phone data, in clear violation of the safeguards meant to protect US citizens. Yet again, we get to see what the NSA actually does in contrast to what it claims it’s limited to doing. And yet again, we see that words like “oversight,” “procedures” and “minimization” are just as meaningless as other words from the NSA lexicon like “relevant” or “authorized.”