NSA Memo Shows Unlimited Access To Bulk Records Unnecessary To Keep US Safe From Terrorists
from the but,-of-course,-the-program-must-not-be-restricted-in-any-way dept
The DNI’s recent document dump has sprung loose an April 2009 “notification memorandum” from the NSA, which provides updates on its “end-to-end” reviews of both the Section 215 (phone metadata) and the Section 402 (email metadata) bulk records collections. As was noted in earlier posts, both programs were suspended by the FISA court because of the NSA’s routine abuse FISA Act limitations.
The declassified document is addressed to the Senate Select Committee on Intelligence (SSCI). There’s no indication this information was also disseminated to the House Intelligence Committee, but perhaps that will surface in the future. The memo spends a few introductory paragraphs detailing the efforts the NSA has made to clean up its act before delving into more interesting details — including the limitations placed on the Section 215 collection by the Judge Walton, as well as a new problem it uncovered during its 60-day “end-to-end” reviews.
Here are the rules the NSA was forced to comply with under Walton’s court order.
Since the March 5, 2009 FISA Court order, the Court’s approval has been required for each selector before it is tasked for BR FISA metadata analysis. On Mar 21 NSA resumed manual access to BR FISA metadata, allowing chaining [redacted] of FISA Court-approved selectors associated with [redacted] following multiple operational and technical reviews to ensure compliance.
This explains ODNI counsel Robert Litt’s hesitancy to store metadata at a “neutral site.” To do so would mean returning to 2009’s restrictions — which were brought on by the agency’s own malfeasance. Utilizing a neutral site would likely mean the FISA court would be approving selectors rather than granting permission for rolling, 90-day collections of all phone records.
Also of note is how few court-approved selectors there were at that point.
A limited number of NSA analysts are now performing manual queries against 209 FISA Court-approved high-priority selectors daily…
Once again, hauling in millions of phone records seems like overkill. Since the agency has had (serious) trouble with adhering to the RAS (reasonable articulable suspicion) requirement, it would make more sense to return to this limitation if the Section 215 program is to remain running. With two bulk data programs suspended or significantly altered between 2009-2010, the US still somehow managed to avoid being overrun with terrorist attacks. If the program can’t be eliminated, at the very least, it should return to this more minimal standard — seeking court approval for RAS-compliant selectors and searching offsite, rather than simply amassing millions of non-relevant phone records.
Further down, more incidents of data abuse/misuse are detailed, this time at the hands of other agencies which were given access to the metadata collections
[Redacted; presumably includes a start date] NSA and DIA entered into a pilot program which allowed the DlA’s Joint Intelligence Task Force – Combating Terrorism (JITF-CT) access to counterterrorism-related SIGINT information, including SIGINT collected pursuant to the Foreign Intelligence Surveillance Court’s (FISC) [redacted] . Access to this FISA data was controlled and was limited to JITF-CT who had undergone training on the application of NSA minimization procedures to the FISA data and who were subject to NSA oversight of their activities. Moreover, these personnel were required to coordinate with NSA regarding dissemination of the information outside of JITF-CT.
The NSA made these Task Force members “employees” in order to grant them the privileges needed to access the metadata collection in its unminimized form. While conducting a review of its systems in 2008, the NSA found that one database (name redacted in memo) “lacked sufficient controls.” The database was shut down and resurrected with “correct” controls implemented. Unfortunately, it was this “uncontrolled” database that its new honorary employees had access to. The NSA revoked Task Force members’ access to the databases but was unable to determine explicitly whether any sort of unauthorized access had occurred.
Instead of presenting a possible worst-case scenario, the agency memo delivers this powerful statement of (misplaced) faith.
[A sentence and half worth of redacted text] there is no way to determine whether, in fact, JITF-CT analysts accessed it without authorization. However, even if such access occurred, the analysts were trained in routine minimization procedures and were required to coordinate with NSA regarding dissemination of information outside JITF-CT…
Of course. Because the training and minimization procedures have always prevented actual NSA employees from abusing the bulk records collections.
This isn’t the only case of problematic shared access. Another agency is discussed in a heavily-redacted paragraph. This unnamed agency was given access to unminimized X-KEYSCORE SIGINT data. Among the other unredacted sentences is one stating that this access is “predicated” on the principle that “collaboration is essential” to prevent terrorist attacks. Whichever agency is not being named here doesn’t seem to have held up its end of the bargain, which resulted in the (perhaps temporary) suspension of its access to the data.
On review of this access NSA is considering whether allowing this [redacted] access to unminimized SIGINT collection fully complies with NSA procedures.
Whether or not that access has been returned is still open for debate considering the agency’s name has been hidden away under the black and turquoise [!?] ink. What isn’t open to debate is the fact that the NSA continues to struggle with handling its data collections responsibly. As more documents are pried loose thanks to the ACLU and EFF’s efforts, I’m sure we’ll see even more evidence that the agency isn’t nearly as careful as its defenders assert it is.