Navy Officer Working For The NSA Caught Trying To Search Her Boyfriend's Son's Phone

from the self-starter-goes-for-illegal-snooping-right-out-of-the-gate dept

The NSA often makes statements following document leaks about its undying interest in protecting the rights of Americans, no matter how much might be swept up intentionally/incidentally by its surveillance programs. Undoubtedly, there is some sincerity in this statement. But the following story, based on information liberated by a Jason Leopold FOIA request, shows the NSA can be sincere about its desire to protect Americans’ privacy while still doing very little to uphold that ideal.

A Navy officer stationed in Iraq “deliberately and without authorization” used an NSA database to try to pry into the mobile phone of her boyfriend’s son, according to a top secret NSA inspector general report obtained by BuzzFeed News.

The NSA discovered the violation about a month after it happened. The officer was undergoing training and had already taken two courses pertaining to the search and use NSA collections. But when this violation occurred, she had been given full access to NSA data stores to complete her final course.

During a training exercise, she entered her boyfriend’s son’s telephone number into a search field and tried to access data covering the span of a month on the prepaid telephone number. That phone was also used by other members of her boyfriend’s family, the report said.

But the officer had an excuse: according to the report [PDF], she said it was the “only telephone number she could think of at the time.” The Inspector General found this excuse to be dubious at best.

“She could not explain why this telephone number came to mind instead of her own telephone number or any other number.”

Now, here’s where we get to the NSA’s professed respect for Americans’ Fourth Amendment rights. The level of respect will vary from person to person. Obviously, the Navy officer had zero respect for her boyfriend’s son’s rights. More troubling, her instructor apparently felt this violation wasn’t a big deal.

When she entered the phone number, the system displayed a “bright red warning sign.” This scared the officer but her instructor’s response showed little concern about the violation the officer was attempting to engage in.

[H]er trainer, an Army officer, told her “not to worry” and to just clear out the various search fields on the database.

Neither the Navy officer nor her trainer reported the incident.

The NSA discovered the violation during an audit and reported it. This is good, but it’s also limited to what the NSA chooses to report.

The Inspector General has noted in the past it is limited in its oversight abilities by the NSA and its reporting systems. The IG often has trouble compiling the information needed to make a determination about potential violations and there have been times where the NSA has actually destroyed information the IG has needed for investigations.

Much of what we know about the NSA’s violations is self-reported. But this relies on the agency being forthcoming — something it’s not particularly known for. The gap between what’s discovered and what’s handed over by the agency has been noticed by its Congressional oversight and the FISA court. The latter, in particular, has noted the agency often delivers notification of violations months or years after the violations occur and has been routinely unwilling to clarify technical issues when discussing violations with the court.

In this case, the Navy officer claimed the violation was an “accident” that occurred during training. The Inspector General’s office, however, viewed it as a deliberate misuse of highly-sensitive data. It appears the NSA sided with the officer. The only “punishment” handed out was another round of training. So, when the NSA claims it’s doing everything it can to protect Americans from unlawful surveillance, it’s a half-truth at best. If it was doing everything it could, it would have pushed this officer out of the rotation and replaced her with someone more likely to uphold the ideals the NSA claims it holds.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Navy Officer Working For The NSA Caught Trying To Search Her Boyfriend's Son's Phone”

Subscribe: RSS Leave a comment
JoeCool (profile) says:

Maybe plausible

"She could not explain why this telephone number came to mind instead of her own telephone number or any other number."

I can’t remember my own number (I keep it on a slip of paper in my wallet) because I never call it. I don’t remember friend’s numbers because they’re in my contact list. I can easily see this as being one of the only numbers she could recall if she had been there when they got the phone, or if she had to call that phone without contact info.

tom (profile) says:

From the NSA report pdf, the phone was used by her boyfriend’s son, boyfriend, her daughter, and her sister.

I can believe that if that many folks that she knew and likely lived with used the same phone, it would be a number easily recalled.

I don’t remember my cell number, never call it.

The NSA training class should either provide a list of approved training test numbers or an instruction to use a number ONLY used by the trainee.

Roger Strong (profile) says:

When she entered the phone number, the system displayed a "bright red warning sign."

"Cell phone located. Tasking MQ-9 Reaper, armament two GBU-12 Paveway II bombs, two AGM-114 Hellfire II missiles. ETA twenty-seven minutes."

[H]er trainer, an Army officer, told her “not to worry” and to just clear out the various search fields on the database.

"Defaulting to nearest Verizon device."

Neither the Navy officer nor her trainer reported the incident.

The problem was later reported to Verizon customer support, and logged as a probable exploding 3rd-party battery.

Anonymous Coward says:

Sheesh, minion. Internets full of scandal, and you run this?

You (ALL but “Tom” so far!) somehow skip over this one key point: TRAINING.

Google violates my privacy more than this every day.

And doesn’t get to do a tenth of what wants.

This week tried to get a manual for an old monitor with odd features.

Soon ran into javascript / captcha by guess who? Yes, 3rd party: Google Analytics.

So I got no manual. If don’t agree to the surveillance, the web is more restricted every day.

And what right has Google, the NSA’s commercial front, to surveil me? … NONE! Just can get away with it, for now.

Oh, did I wander off this DULL topic? Well, I’m aware of that, so now YOU can show interest in it by long detailed comment ON-topic!

Roger Strong (profile) says:

Re: Sheesh, minion. Internets full of scandal, and you run this?

The US government can use that information to arrest you, lie to the judge and your family about your location, search your house and seize your electronics…. thanks to confirmation bias based on vague data.

If you’re not a US citizen they can ship you to another country and torture you for months or years before releasing you with an “er, never mind.”

Google can’t do that just yet.

That Anonymous Coward (profile) says:

It’s almost like there is an atmosphere where they know there are rules, but even the bright red warning results in a just delete stuff and keep going. Rules without meaningful punishment are worthless. Creating “good faith” exceptions so they have an out that must be accepted worked out so well with police.

We have to stop pretending that because we declare they are wearing white hats, that we don’t need to keep an eye on them. Being a good guy doesn’t force you to follow all of the rules, but giving them the benefit of the doubt over and over shows them they can get away with most anything because they are one of the “good guys”.

Nurlip (profile) says:

Not that I think this is ok but she is a person and was in training.. from the trainings I’ve been in (not NSA training, just normal people training) the pace is way, way slow and I prefer to learn on my own anyways so I usually zone out once I can actually get into the system and learn on my own. The example numbers that the training text (hopefully) probably provided were going to be given out later and she just used the first number that came to mind.
On the positive side: the system did flash red warnings presumably bc the number was either that of a US citizen and/or not on a ‘watch list’ or both. It is good to know that privacy invasion is not ok for just anyone to do at the NSA. You have to at least pass the privacy invasion training first. Safeguards.
But seriously, this is more safeguards than I expected given what I’ve been reading about for years. And Trump.

David says:

So who should she have spied upon?

For completing her course, she had to snoop on someone’s cellphone with her advisor looking over her shoulder.

She chose a minor in her own household, as someone whose phone number she knew. Who should she have chosen? Herself, making open her own communications to her advisor? She chose a number she knew, of a person in her household that could not be held accountable as a minor. And she would have been in a position to make amends, too.

Whose Fourth Amendment rights would you rather have wanted to see violated?

Frankly, I find her personal choice much more defensible than that she was made to choose in the first place.

Chuck says:

Re: So who should she have spied upon?

Yes, herself. Anyone and everyone has the right to violate their own rights at will, any time, anywhere. If she could not remember her own phone number, she need only look in the phone. Settings > About or something along those lines. If she does not know how to find her own phone number in her own cell phone, she is NOT qualified to snoop on anyone else’s phone.

So yes, herself. If she is so worried about what her instructor would see on her own phone, perhaps she should take a moment to reflect upon what she is training to do for a living. If doing so would make her feel violated, perhaps she should consider exactly how violated ANYONE else would feel.

And idk, maybe go shoot guns at terrorists or something, She IS already in the navy after all. They always need more guys (or gals) with guns. If she’s not the murder-y type, she could be a cook. Or a medic. Or a thousand other things. The Navy’s own TV and print marketing has been trying to sell people for 2+ DECADES on the idea that there are literally 300+ non-combat jobs available in the Navy. She could pick ANY of the other 299 if violating people’s privacy – hers or anyone else – is uncomfortable to her.

But spying on ANY third-party without consent, including her boyfriend’s son (which, as he is her boyfriend, not her husband, isn’t even a family member) is unacceptable.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...