For months, the NSA and its defenders insisted that for all of the details that Ed Snowden's leaks revealed, at least there weren't any signs of intentional abuses. Even President Obama insisted that the lack of intentional abuses proved that the systems were working. And, then, of course, it came out that there actually have been a series of intentional abuses
(which were apparently just
revealed to the Senate Intelligence Committee, which is supposed to be in charge of oversight, right before the public found out about it). We were told of approximately one willful violation per year, with many being classified as "LOVINT" for someone spying on a "love interest."
Senator Grassley asked the Inspector General of the NSA to reveal the details of those abuses, and the Inspector General has done so
, revealing the details, circumstances, investigations and punishments regarding the twelve known intentional violations (without revealing names). I say "known" intentional violations because reading through these, it quickly becomes clear that there are likely many, many more intentional violations, but it's just that the NSA doesn't know about them. For all the claims of the NSA's audit abilities, it appears that many of these intentional violations were caught via self-reporting or other suspicions, rather than an audit. And, many of them were caught quite a while after the violation happened. Let's go through the revealed abuses:
In 2011, before an upcoming reinvestigation polygraph, the subject reported that in 2004, "out of curiosity," he performed a SIGINT query of his home telephone number and the telephone number of his girlfriend, a foreign national. The SIGINT system prevented the query on the home number because it was made on a US person. The subject viewed the metadata returned by the query on his girlfriend's telephone.
Note: this only came about because the guy admitted to it before undergoing a polygraph. But, also important, this came out seven years
later. Yes, the system stopped the query on his home phone number, but apparently that didn't raise any alarm bells at all
to look at his other queries done around the same time. If this only came out because the guy admitted it, how many NSA analysts have done the same and just never admitted it?
Oh, and while the investigation found that the person broke the law, the DOJ declined to prosecute (protect your own!), and the guy retired in 2012 without any disciplinary action.
In 2005, during a pre-retirement reinvestigation polygraph and interview, the subject reported that, in 2003, he tasked SIGINT collection of the telephone number of his foreign-national girlfriend without an authorized purpose for approximately one month to determine whether she was "involved with any [local] government officials or other activities that might get [him] in trouble."
Once again, this wasn't discovered via an audit, but rather the person admitting it years later
. Not only that, but he was able to view a month's worth of data. It also appears that this person wasn't punished, and the NSA doesn't even have a record of whether or not the issue was referred to the DOJ.
In 2004, upon her return from a foreign site, the subject reported to NSA Security that, in 2004, she tasked a foreign telephone number she had discovered in her husband's cellular telephone because she suspected that her husband had been unfaithful. The tasking resulted in voice collection of her husband.
Once again, this is self-reported (though, at least it happened in the same year!). Also, it's important to note that this does not appear to be metadata
, but voice collection
. Remember how the NSA's defenders keep talking about not collecting contents of phone calls? Yes, well that's "under this program." The NSA has many programs. Sometimes they can collect the content of phone calls for important things like checking to see if your husband is spying on you. Also: no punishment because the woman resigned.
In 2003, the appropriate OIG was notified that an employee had possibly violated USSID 18. A female foreign national employed by the U.S. government, with whom the subject was having sexual relations, told another government employee that she suspected that the subject was listening to her telephone calls. The other employee reported the incident.
The investigation determined that, from approximately 1998 to 2003, the employee tasked nine telephone numbers of female foreign nationals, without a valid foreign intelligence purpose, and listened to collected phone conversations while assigned to foreign locations. The subject conducted call chaining on one of the numbers and tasked the resultant numbers. He also incidentally collected the communications of a U.S. person on two occasions.
Once again, this wasn't any audit that caught it. It was the woman, who was savvy enough to suspect her lover was spying on her, telling someone which resulted in the investigation. And, then it was discovered that this had gone on for five years
without being caught, and it wasn't just over this one woman. Oh, and, again he was listening in on actual phone calls. Not just "metadata." At least in this case, he was "suspended without pay," but he then resigned before any other discipline could be handed out.
The employee's agency discovered that an employee had misused the SIGINT collection system between 2001 and 2003 by targeting three female foreign nationals.
Not much detail here, but again, it went on for years before someone noticed, and it doesn't sound like a regular audit found it, though I guess it's possible. Yet again, the guy just resigned with no punishment.
As the result of a polygraph examination, it was discovered that an employee had accessed the collection of communications on two foreign nationals.
It's not clear when this happened and how long it took to discover it, because they don't say. But, again, it wasn't an audit that discovered the problem, but a polygraph -- and polygraphs are notoriously ineffective, and can be beaten. Does anyone actually believe that every NSA analyst who's taken a polygraph test was forced to admit the times they abused the system? At least this guy was very slightly punished: 10 days suspension without pay, and a recommendation for a promotion was withdrawn (and a "one-year letter of reprimand" was appended to his file).
In 2011, the NSA OIG was notified that, in 2011, the subject had tasked the telephone number of her foreign-national boyfriend and other foreign nationals and that she reviewed the resultant collection. The subject reported this activity during an investigation into another matter.
The subject asserted that it was her practice to enter foreign national phone numbers she obtained in social settings into the SIGINT system to ensure that she was not talking to "shady characters" and to help mission.
Oh right. Forget the "reasonable and articulable suspicions" standard. Apparently this analyst thought it was the "shady character" standard that she was being held to. And, yes, once again, this was self-reported. Furthermore, just the fact that she seemed to think that this was a perfectly reasonable use of the system highlights how all the claims from the NSA and its defenders that its analysts are so well-trained to not abuse the system is a load of bunk. And, once again, the woman resigned before any punishment.
In 2005, the NSA OIG was notified that, on the subject's first day of access to the SIGINT collection system, he queried six e-mail addresses belonging to a former girlfriend, a U.S. person, without authorization. A site review of SIGINT audit discovered the queries four days after they had occurred.
The subject testified that he wanted to practice on the system and had decided to use this former girlfriend's e-mail addresses. He also testified that he received no information as a result of his queries and had not read any U.S. person's e-mail.
Hey, look, finally on case number eight we have one that was caught by an audit. It turns out that there actually are some
audits somewhere, even if they missed all those other cases. Still, I do love this story. On the guy's first day of access
he went immediately to search his girlfriend's emails. Also, this raises some other questions, since while it's known that the NSA has built a database of phone records
, there's been a lot less discussion on email records, so it makes you wonder which database he was querying. This guy also got a bit of punishment: reduction in grade, 45 days restriction, 45 days of extra duty (he was in the military obviously) and half pay for two months. It was also recommended that he not be given a security clearance (now there's an idea...).
In 2006, the Office of Oversight and Compliance within NSA's Signals Intelligence Directorate informed NSA OIG that, between 2005 and 2006, the subject had without authorization queried in two SIGINT systems the telephone numbers of two foreign nationals, one of whom was his girlfriend. On one occasion, the subject performed a text query of his own name in a SIGINT system.
The OIG investigation found that the subject queried his girlfriend's telephone number on many occasions and her name on two. He testified that he received only one "hit" from the queries on the girlfriend. Another number he queried, that of a foreign national language instructor, returned "insignificant information."
The subject claimed that he queried his name to see if anyone was discussing his travel and the telephone numbers to ensure that there were no security problems.
I really do love the excuses these guys come up with. Either way, we've got yet another case of this practice going on for a while before being discovered, and it not being discovered via any audit.
In 2008, the NSA OIG was notified that a SIGINT audit had discovered a possible violation of USSID 18. A investigation revealed that, while reviewing the communications of a valid intelligence target, the subject determined that the intelligence target had a relative in the U.S. The subject queried the SIGINT system for the e-mail address of the intelligence target in 2008 and used other search terms to obtain information about the target's relative.
Hey, once again the audit finally shows up. The guy got a "written reprimand."
In 2009, the NSA OIG was notified that, in 2009, a military member assigned to a military tactical intelligence unit queried the communications of his wife, who was also a military member stationed in a foreign location. The misuse was discovered by a review of SIGINT audit logs. The investigation by his military unit substantiated the misuse.
Hurray for another one caught by an audit. This guy received similar punishment as the other military member above (reduction in rank, 45 extra days of duty, half pay for two months) and had the issue referred to the DOJ, though it doesn't sound like the DOJ did anything about it.
In 2009, a military unit at a foreign location notified the NSA OIG that, in 2009, a military member had queried a country's telephone numbers to aid in learning that country's language. The misuse was discovered by a review of SIGINT audit logs.
And there we are. One more victory for the audit, but what an abuse, huh? Apparently purchasing a copy of Rosetta Stone was too pricey, so why not just sift through an entire country's phone system
to get some "real folks" to help him learn the language.
Either way, the pattern is clear. While audits did catch a few extreme cases, many of the other intentional misuses of SIGINT were only discovered (often years later) thanks to the person themselves admitting it. I don't see how anyone can read those and not realize that it's likely that there are many, many, many more similar abuses, that were just never self-reported, meaning people got away with them. I don't see how the NSA and its defenders can possibly argue that these are a full accounting of all of the intentional abuses.