Inspector General's Report Shows Section 702 Isn't The Only Thing Being Abused By The NSA

from the does-the-NSA-even-understand-the-concept-of-'internal-controls?' dept

There’s more than Section 702 up for renewal at the end of this year. Most of the attention has been focused on Section 702 because it’s used most frequently for internet communications and data collections. Not only does the NSA make use of this collection, but other agencies (FBI, CIA) are allowed unminimized access to NSA 702 data stores. With this many agencies reliant on NSA communications interception, the sales pitches have been focusing on this particular authority.

But there are other surveillance authorities under Title VII: Sections 704 and 705, which allow the NSA to target US persons located outside of the country. The numbers put up by these sections aren’t as impressive as Section 702’s (~3,000 selectors for 151 million records), but 704/705 isn’t supposed to result in incidental collection. It’s a US spy agency actively spying on US citizens.

According to Marcy Wheeler, these collections only target about 80 people. But protections for US citizens aren’t supposed to evaporate just because they’ve travelled out of the country. Agencies seeking to use these authorities must obtain a FISA court order to collect communications and data. Section 704 covers new requests for collections and Section 705 allows for “streamlined” requests/renewals for orders covering US persons already targeted by the agency.

The NSA may be compliant in terms of obtaining court orders, but the 2016 Inspector General’s report [PDF] released last week shows the agency has done almost nothing to prevent abuse of its collections.

At the time of our review, the Agency could not reliably identify queries performed using selectors associated with FAA 704 and 705(b) targets because the SIGINT databases did not uniformly send records in the correct format to [REDACTED] (NSA’s SIGINT auditing and logging system).


We identified [REDACTED] queries that were not compliant with the FAA 704 and 705(b) targeting and minimization procedures. [LONG REDACTION] We identified another [REDACTED] queries that were performed outside the targeting authorization periods in E.O. 12333 data, which is prohibited by the E.O. 12333 minimization procedures. We also identified [REDACTED] queries performed using USP slectors in FAA 702 upstream data, which is prohibited by the FAA 702 minimization procedures.

According to the NSA, the problem is its own software. These collections are obtained beforehand. The FISA orders only limit what analysts can search for in the collected data. Everything apparently funnels into one big pile, and it’s up to analysts to search according to the controlling statute (702, 704, 705, or Executive Order 12333). The problem is the NSA’s system immediately gives access to “all authorities to which analysts are entitled access.” Someone who’s supposed to be performing a more limited search under 704 may not take steps to remove 702 collections from the queried data or add the limiters needed to ensure proper minimization of US persons’ communications.

That’s already a terrible way to handle the querying of NSA collections. The default is everything, and affirmative, unprompted steps must be taken by analysts to ensure their queries are lawful. Making it worse is the issue the IG first mentioned: the NSA has no system for tracking possibly-prohibited searches.

Then there’s this wrinkle in the statutory authorities the NSA seems unable to comply with: the NSA cannot engage in domestic surveillance so its targeting of US persons overseas must end when the US person arrives back on US soil. Possible violations of this nature were, again, not being tracked by the NSA.

FAA 704 and 705(b) targeting and minimization procedures prohibit targeting USPs while they are in the United States. Although the Agency is not required to document [REDACTED], maintaining these records is important for securing compliance with the targeting and minimization procedures.

The upshot of this report is that the NSA has probably engaged in wholly domestic surveillance thanks to lax recordkeeping and its all-access internet communications haystack. Having to get permission from the FISA court to search collected records is an important step, but it’s completely meaningless when analysts are given full access to data stores under multiple authorities and expected to “opt out” of potentially unlawful searches.

As Marcy Wheeler points out in her post about 704/705 violations, the NSA is a “dumpster fire of noncompliance.” She points to a just-released opinion by FISC judge Rosemary Collyer, in which the judge notes the NSA’s new 704/705 search tool (put in place in 2012) resulted in far more violations than approved searches.

NSA examined all queries using identifiers for “U.S. persons targeted pursuant to Sections 704 and 705(b) of FISA using the tool [redacted] in [redacted] . . . from November 1, 2015 to May 1, 2016.” Id. at 2-3 (footnote omitted). Based on that examination, “NSA estimates that approximately eighty-five percent of those queries, representing [redacted] queries conducted by approximately [redacted] targeted offices, were not compliant with the applicable minimization procedures.” Id. at 3. Many of these non-compliant queries involved use of the same identifiers over different date ranges. Id. Even so, a non-compliance rate of 85% raises substantial questions about the propriety of using of [redacted] to query FISA data. While the government reports that it is unable to provide a reliable estimate of the number of non-compliant queries since 2012, id., there is no apparent reason to believe the November 2015-April 2016 period coincided with an unusually high error rate.

In other words, the tool was broken from the moment it was introduced and very likely resulted in four out of every five searches being noncompliant over that four-year period. This is the sort of thing that will be glossed over during the run up to renewal, with the NSA touting its multiple layers of oversight and rigorous self-reporting as reasons it should be given extended permission to engage in future noncompliance.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Inspector General's Report Shows Section 702 Isn't The Only Thing Being Abused By The NSA”

Subscribe: RSS Leave a comment
051717 says:

Get used to it

Bottom line is that NSA can not be effectively controlled by Congress, the courts, or Presidents… and thus routinely operates outside U.S. law.
It is literally an outlaw entity.

Congress could end all NSA funding– “pull the plug” as the ultimate control mechanism, but the unfortunate reality is that Congress really likes NSA’s spectacular surveillance capabilities– and is not seriously concerned by its constant criminal activities.
That status quo will persist at least for our lifetimes. Get used to it.

Anonymous Coward says:

Re: Get used to it

"That status quo will persist at least for our lifetimes. Get used to it."

  • Get used to it, Gandhi. The British will always rule India.
  • Get used to it, Continental Congress. The British will always rule the colonies.
  • Get used to it, Suffragettes. Women will never be allowed to vote.
  • Get used to it, Abolitionists. The US will always keep slaves.
  • Etc….

Your cowardly acquiescence makes me sick and you should be ashamed of it. Going forward, please keep your crybaby fear talk to yourself.

Either grow a pair – or – go crawl back in your hole and bitch to the other cowards while everyone else fights. As you are now, you’re worse than useless.

Now as for everyone else…

Whatever the hell you do, don’t "get used to it". Fight it as if you’re fighting for your way of life; as if for your very freedom. Because that’s exactly what’s happening here. And YES, this absolutely CAN be addressed in our lifetimes. Step 1: Don’t accept this extremely dangerous criminal violation of the 4th Amendment as "just the way it is".

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...