from the oversight! dept
As we’ve noted, one of the key claims by NSA surveillance defenders was that the program had strong oversight from Congress. However, with the revelations last week about thousands of abuses, it’s become quite clear that this isn’t true. Late on Friday, Rep. Jim Himes, who is on the House Intelligence Committee, claimed that he was unaware of those violations, was told that there were “no abuses” and that these kinds of abuses are unacceptable:
Possibility of 1000s of NSA violations unacceptable. Many intel comm members unaware of this report. In fact, we have been told no abuses.
— Jim Himes (@jahimes) August 16, 2013
How is this happening? Marc Ambinder explains the “loophole” that the NSA has used to avoid telling Congress about these abuses. It’s a bit convoluted, but basically, the NSA believes that Congressional oversight only covers spying done under FISA — the law that covers any spying done on Americans, for which a court order is needed. FISA doesn’t cover spying on non-US persons (i.e., foreigners who are outside the country at the time of surveillance). And that’s where some of the abuses came in, and the NSA believes that since those aren’t “FISA” related, and Congress is only overseeing “FISA,” they don’t have to report those mistakes.
Since the focus of oversight efforts has been on FISA compliance, NSA gives Congress detailed narratives of violations of the FISA-authorized data sets, like when metadata about American phone records was stored too long, when a wrong set of records was searched by an analyst or when names or “selectors” not previously cleared by FISA were used to acquire information from the databases. In these cases, the NSA’s compliance staff sends incident reports to the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence for each “significant” FISA violation, and those reports include “significant details,” the official said.
But privacy violations of this sort comprise just one third of those analyzed by the inspector general. Of the 2,776 violations reported by the NSA from May 2011 to May 2012, more than two-thirds were counted as E.O. 12333 incidents. And the agency doesn’t provide Congress detailed reports on E.O. 12333 violations.
Now, you can argue these are very different circumstances, but Ambinder points out that’s not really true in many cases:
In some ways, it’s a distinction without a difference: it does not matter to U.S. citizens whether their phone call was accidentally intercepted by an analyst focusing on U.S.-based activities or those involving a foreign country. But the difference is relevant as it keeps Congress uninformed and unable to perform its oversight duties because the NSA doesn’t provide the intelligence committees with a detailed narrative about the latter type of transgressions.
For example, if someone’s e-mails were inadvertently obtained by the NSA’s International Transit Switch Collection programs, it would count as 12333 error and not a FISA error, even though the data was taken from U.S. communication gateways, and NSA would not notify Congress.
So, basically, any “error” that involves spying on Americans doesn’t “count” as an abuse, as far as the NSA tells Congress (who keep claiming they’re in charge of oversight), because they “obtained” it outside the US, and the “error” is considered outside of FISA. That’s a pretty massive loophole through which the NSA can hide its abuse of programs from Congress.