from the not-just-about-us-persons dept
I know that one thing I’ve heard from a bunch of foreigners during the past few months concerning the debates over the NSA’s surveillance programs is that they don’t understand why everyone’s so focused on the issue of “US persons,” since that implies we really don’t care at all about the fact that the NSA has no restrictions at all on spying on every communication from everyone else in the world. And, that’s a valid point. Of course, if we’re focusing on just the pure flat out law-breaking by the NSA, the US persons issue is important, because they’re not allowed to do that. But, it shouldn’t minimize the fact that if you’re not a “US person” under the NSA’s definition, you’re totally fair game. And while we’ve already mentioned the whole “accidental” collection of a bunch of phone call metadata from Washington DC by the NSA, it’s worth revisiting it as well in this context. Most of the coverage has just focused on the fact that the NSA collected so much data on calls coming out of DC:
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.
Right, but if they did that “correctly” it would have meant info on a “large number” of calls from Egypt all would have been collected. And, given this information, it seems quite likely that once the “programming error” was “corrected” those Egyptian call info did start getting sucked up into the machine. Now, some in the US might not mind that, but I’d imagine that people in Egypt and around the globe outside of the US are probably looking at that and are not at all happy about it. The fact that an analyst can just plug in their entire country code and “intercept” calls without (it appears) any oversight (which, of course, would have caught the 202/20 error) seems ripe for massive abuse, which is unlikely to get recorded in any report.