Details Reveal NSA Track Record Of Flagrant Abuse, Failed Audits And Minimal Accountability

from the self-reported? dept

For months, the NSA and its defenders insisted that for all of the details that Ed Snowden’s leaks revealed, at least there weren’t any signs of intentional abuses. Even President Obama insisted that the lack of intentional abuses proved that the systems were working. And, then, of course, it came out that there actually have been a series of intentional abuses (which were apparently just revealed to the Senate Intelligence Committee, which is supposed to be in charge of oversight, right before the public found out about it). We were told of approximately one willful violation per year, with many being classified as “LOVINT” for someone spying on a “love interest.”

Senator Grassley asked the Inspector General of the NSA to reveal the details of those abuses, and the Inspector General has done so, revealing the details, circumstances, investigations and punishments regarding the twelve known intentional violations (without revealing names). I say “known” intentional violations because reading through these, it quickly becomes clear that there are likely many, many more intentional violations, but it’s just that the NSA doesn’t know about them. For all the claims of the NSA’s audit abilities, it appears that many of these intentional violations were caught via self-reporting or other suspicions, rather than an audit. And, many of them were caught quite a while after the violation happened. Let’s go through the revealed abuses:

In 2011, before an upcoming reinvestigation polygraph, the subject reported that in 2004, “out of curiosity,” he performed a SIGINT query of his home telephone number and the telephone number of his girlfriend, a foreign national. The SIGINT system prevented the query on the home number because it was made on a US person. The subject viewed the metadata returned by the query on his girlfriend’s telephone.

Note: this only came about because the guy admitted to it before undergoing a polygraph. But, also important, this came out seven years later. Yes, the system stopped the query on his home phone number, but apparently that didn’t raise any alarm bells at all to look at his other queries done around the same time. If this only came out because the guy admitted it, how many NSA analysts have done the same and just never admitted it?

Oh, and while the investigation found that the person broke the law, the DOJ declined to prosecute (protect your own!), and the guy retired in 2012 without any disciplinary action.

In 2005, during a pre-retirement reinvestigation polygraph and interview, the subject reported that, in 2003, he tasked SIGINT collection of the telephone number of his foreign-national girlfriend without an authorized purpose for approximately one month to determine whether she was “involved with any [local] government officials or other activities that might get [him] in trouble.”

Once again, this wasn’t discovered via an audit, but rather the person admitting it years later. Not only that, but he was able to view a month’s worth of data. It also appears that this person wasn’t punished, and the NSA doesn’t even have a record of whether or not the issue was referred to the DOJ.

In 2004, upon her return from a foreign site, the subject reported to NSA Security that, in 2004, she tasked a foreign telephone number she had discovered in her husband’s cellular telephone because she suspected that her husband had been unfaithful. The tasking resulted in voice collection of her husband.

Once again, this is self-reported (though, at least it happened in the same year!). Also, it’s important to note that this does not appear to be metadata, but voice collection. Remember how the NSA’s defenders keep talking about not collecting contents of phone calls? Yes, well that’s “under this program.” The NSA has many programs. Sometimes they can collect the content of phone calls for important things like checking to see if your husband is spying on you. Also: no punishment because the woman resigned.

In 2003, the appropriate OIG was notified that an employee had possibly violated USSID 18. A female foreign national employed by the U.S. government, with whom the subject was having sexual relations, told another government employee that she suspected that the subject was listening to her telephone calls. The other employee reported the incident.

The investigation determined that, from approximately 1998 to 2003, the employee tasked nine telephone numbers of female foreign nationals, without a valid foreign intelligence purpose, and listened to collected phone conversations while assigned to foreign locations. The subject conducted call chaining on one of the numbers and tasked the resultant numbers. He also incidentally collected the communications of a U.S. person on two occasions.

Once again, this wasn’t any audit that caught it. It was the woman, who was savvy enough to suspect her lover was spying on her, telling someone which resulted in the investigation. And, then it was discovered that this had gone on for five years without being caught, and it wasn’t just over this one woman. Oh, and, again he was listening in on actual phone calls. Not just “metadata.” At least in this case, he was “suspended without pay,” but he then resigned before any other discipline could be handed out.

The employee’s agency discovered that an employee had misused the SIGINT collection system between 2001 and 2003 by targeting three female foreign nationals.

Not much detail here, but again, it went on for years before someone noticed, and it doesn’t sound like a regular audit found it, though I guess it’s possible. Yet again, the guy just resigned with no punishment.

As the result of a polygraph examination, it was discovered that an employee had accessed the collection of communications on two foreign nationals.

It’s not clear when this happened and how long it took to discover it, because they don’t say. But, again, it wasn’t an audit that discovered the problem, but a polygraph — and polygraphs are notoriously ineffective, and can be beaten. Does anyone actually believe that every NSA analyst who’s taken a polygraph test was forced to admit the times they abused the system? At least this guy was very slightly punished: 10 days suspension without pay, and a recommendation for a promotion was withdrawn (and a “one-year letter of reprimand” was appended to his file).

In 2011, the NSA OIG was notified that, in 2011, the subject had tasked the telephone number of her foreign-national boyfriend and other foreign nationals and that she reviewed the resultant collection. The subject reported this activity during an investigation into another matter.

The subject asserted that it was her practice to enter foreign national phone numbers she obtained in social settings into the SIGINT system to ensure that she was not talking to “shady characters” and to help mission.

Oh right. Forget the “reasonable and articulable suspicions” standard. Apparently this analyst thought it was the “shady character” standard that she was being held to. And, yes, once again, this was self-reported. Furthermore, just the fact that she seemed to think that this was a perfectly reasonable use of the system highlights how all the claims from the NSA and its defenders that its analysts are so well-trained to not abuse the system is a load of bunk. And, once again, the woman resigned before any punishment.

In 2005, the NSA OIG was notified that, on the subject’s first day of access to the SIGINT collection system, he queried six e-mail addresses belonging to a former girlfriend, a U.S. person, without authorization. A site review of SIGINT audit discovered the queries four days after they had occurred.

The subject testified that he wanted to practice on the system and had decided to use this former girlfriend’s e-mail addresses. He also testified that he received no information as a result of his queries and had not read any U.S. person’s e-mail.

Hey, look, finally on case number eight we have one that was caught by an audit. It turns out that there actually are some audits somewhere, even if they missed all those other cases. Still, I do love this story. On the guy’s first day of access he went immediately to search his girlfriend’s emails. Also, this raises some other questions, since while it’s known that the NSA has built a database of phone records, there’s been a lot less discussion on email records, so it makes you wonder which database he was querying. This guy also got a bit of punishment: reduction in grade, 45 days restriction, 45 days of extra duty (he was in the military obviously) and half pay for two months. It was also recommended that he not be given a security clearance (now there’s an idea…).

In 2006, the Office of Oversight and Compliance within NSA’s Signals Intelligence Directorate informed NSA OIG that, between 2005 and 2006, the subject had without authorization queried in two SIGINT systems the telephone numbers of two foreign nationals, one of whom was his girlfriend. On one occasion, the subject performed a text query of his own name in a SIGINT system.

The OIG investigation found that the subject queried his girlfriend’s telephone number on many occasions and her name on two. He testified that he received only one “hit” from the queries on the girlfriend. Another number he queried, that of a foreign national language instructor, returned “insignificant information.”

The subject claimed that he queried his name to see if anyone was discussing his travel and the telephone numbers to ensure that there were no security problems.

I really do love the excuses these guys come up with. Either way, we’ve got yet another case of this practice going on for a while before being discovered, and it not being discovered via any audit.

In 2008, the NSA OIG was notified that a SIGINT audit had discovered a possible violation of USSID 18. A investigation revealed that, while reviewing the communications of a valid intelligence target, the subject determined that the intelligence target had a relative in the U.S. The subject queried the SIGINT system for the e-mail address of the intelligence target in 2008 and used other search terms to obtain information about the target’s relative.

Hey, once again the audit finally shows up. The guy got a “written reprimand.”

In 2009, the NSA OIG was notified that, in 2009, a military member assigned to a military tactical intelligence unit queried the communications of his wife, who was also a military member stationed in a foreign location. The misuse was discovered by a review of SIGINT audit logs. The investigation by his military unit substantiated the misuse.

Hurray for another one caught by an audit. This guy received similar punishment as the other military member above (reduction in rank, 45 extra days of duty, half pay for two months) and had the issue referred to the DOJ, though it doesn’t sound like the DOJ did anything about it.

i> In 2009, a military unit at a foreign location notified the NSA OIG that, in 2009, a military member had queried a country’s telephone numbers to aid in learning that country’s language. The misuse was discovered by a review of SIGINT audit logs.

And there we are. One more victory for the audit, but what an abuse, huh? Apparently purchasing a copy of Rosetta Stone was too pricey, so why not just sift through an entire country’s phone system to get some “real folks” to help him learn the language.

Either way, the pattern is clear. While audits did catch a few extreme cases, many of the other intentional misuses of SIGINT were only discovered (often years later) thanks to the person themselves admitting it. I don’t see how anyone can read those and not realize that it’s likely that there are many, many, many more similar abuses, that were just never self-reported, meaning people got away with them. I don’t see how the NSA and its defenders can possibly argue that these are a full accounting of all of the intentional abuses.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Details Reveal NSA Track Record Of Flagrant Abuse, Failed Audits And Minimal Accountability”

Subscribe: RSS Leave a comment
out_of_the_blue says:

Okay, and now the CONSEQUENCES should be?

Executives are responsible for all that happens even without their knowledge. The innocent executives — ha, ha! I kid. There are NONE innocent, but those at top should definitely be fired, indicted, and JAILED for their non-feasance of Office in keeping close watch on subordinates. JAIL is the only FIX for systemic abuses — in a system that’s designed and used for far worse than these minor abuses: we don’t even know the real extent of spying for blackmail or to remove those actually looking into the criminal economics (as Eliot Spitzer), the industrial aspects, insider trading, and other major abuses.

Masnicking: daily spurts of short and trivial traffic-generating items.

Anonymous Coward says:

“The SIGINT system prevented the query on the home number because it was made on a US person.”

Constructed re-assurance. See, the protections work, and not that we’ve carefully crafted these examples to show how they work.

“In 2005, the NSA OIG was notified that, on the subject’s first day of access to the SIGINT collection system, he queried six e-mail addresses belonging to a former girlfriend, a U.S. person, without authorization. A site review of SIGINT audit discovered the queries four days after they had occurred. “

You see, practice on the system, and of course everything is logged because General Alexander says it is and he never lies. Who needs independent branches of government, like the judiciary when General Alexander reveals everything, warts and all.

… you realize they’re messing around in the log files they were provided with. It’s like busy work. They were fed busy-work to keep them busy, so they’d never wonder if the log files are complete or just a synthetic subset of surveillance just for their viewing to create a perception of oversight.

bioforge (profile) says:

If you think it looks bad from the outside...

One of the first things that’s explained when you get a clearance is “all information divulged in sf-86 will be used to prevent erroneous activity.” Now call me crazy, but I thought that meant if you query, track, or harass anyone you have every known you automatically lose your clearance and job. Guess not.

On a crazier side note there was a guy in my former department(married) that had 4 affairs with women there, and had a kid with one. He was able to keep it under the table, she magically got promoted two pay bands on the next interview block, AND he still is in his same position. So I’m sorry, but this kinds of unreported abuse does not surprise me.

Anonymous Coward says:

Pay special attention to the years involved

The investigation determined that, from approximately 1998 to 2003, the employee tasked nine telephone numbers of female foreign nationals, without a valid foreign intelligence purpose, and listened to collected phone conversations while assigned to foreign locations.

NSA has been hiding behind a “because terrorism” / “because 9/11” excuse for most of its abuses. Yet we have here a report of serious abuse that involved unauthorized listening on phone calls that started well before any 9/11-related programs could have been put in place. Therefore, the NSA was collecting call content on these women (likely by bulk collection of everyone in whatever class got them collected) under a pre-9/11 program. It is possible that the calls of these women were recorded because these women were of special interest to the NSA due to their jobs (or the jobs of their immediate family), but I doubt it. My bet is they were collected because the NSA was bulk collecting everyone in the general area these women happened to be in.

Anonymous Coward says:

let’s be honest. the only way the NSA and any other ‘security agency’ is going to be curbed is if the funding is removed. and i mean totally removed, not just reduced, not just given another name and not given in any underhanded way either. the government needs to be made accountable for every dollar it is handed from everywhere for everything, because if it is not, it will find a way to keep these agencies operating and in ways that are akin to how they have been operating up to now. nothing that has been revealed so far has resulted in anything except more and more lies, excuses and bullshit! the heads know they are in slings but continue to dig holes for themselves to try to exonerate the deeds that have been done. i am waiting for the ultimate to happen, God forbid, where a really serious ‘terrorist attack’ happens, that results in many casualties and the NSA then tries again to use the ‘we have to continue spying on everyone! we could have prevented this atrocity! look what you have done!’ it then turns out that it wasn’t terrorists at all (think about the movie ‘The Long Kiss Goodnight’)!! real frightening, but very possible!!

Anonymous Coward says:

Ron Wyden’s right, the truth ALWAYS manages to come out.

IP addesses reported as serving the DOD through technology services provider PSINET have hacked into who knows how many innocent Americans business systems.

They copied the systems, at times vandalized them, vacuumed contents of some confidential email boxes (email boxes that were required by law TO BE KEPT CONFIDENTIAL BY LICENSED PROFESSIONALS FOR THEIR CLIENTS PRIVACY!) and they terrorized and harassed innocent American business professionals, and ruined some businesses.

The NSA continues to lie about government employees and government vendors past access to Americans info for unlawful purposes.

*****Per Network Solutions Service Request # 1-243534228
7/12/06 Hacker IP address: / Performance Systems Inc.?1015 31st Street, Washington DC 20007 Cogent Abuse 877.875.4311(entered website control panel and emailbox at 6:29pm). The DOD was confirmed as the offending source.

******Per Network Solutions Service Request #1-243534228
9/2/06 Hacker IP: Performance Systems Inc./Cogent (entered website / emailbox at 7:45pm, defaced the client reference page and copied contents)

*****Per Network Solutions Service Request #1-243534228
9/5/06 Hacker IP: Performance Systems Inc/ Cogent (entered website control panel and email at 7:30pm. Copied contents)

IP addresses were traced to PSINET a contractor for the federal government the DOD providing:

Software Development
Database Management
Network Support
Records Management

Clients include:

The Department of Homeland Security
? Bureau of Customs and Border Protection

The Department of the Treasury
? Internal Revenue Service (IRS)

The Department of Justice
? Bureau of Alcohol, Tobacco, and Firearms (BATF)

Systematic hacking, vacuuming of emails, surveillance including geo locate and eavesdropping and anonymous stalking and sexual harassment occurred with just one of their victims from May 06 through early 2/12. The harassment was repeatedly reported to law enforcement including The FBI, OAG, USDOJ and OIG. All refused to investigate the complaints.

The fact these criminals fail to acknowledge publicly, is that THEY are the ones who are systematically violating national security. And they did so long before Snowden confirmed what Americans had been reporting to no avail, since 2006.

They have left trails of their crimes, like breadcrumbs, that any 3rd grader could trace right back to them. A task ANY criminal whose so inclined, could replicate.

And since they have violated privacy rights, stolen the world’s confidential information, and retain it, they have opened the rest of us up to the threat of criminal acts like those reported…AND WORSE.

THIS IS WHY the NSA needs to be abolished.


Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...