Due to increasing public pressure and suits from privacy advocates like the Electronic Frontier Foundation, the Director of National Intelligence released a stack of declassified internal FISA (Foreign Intelligence Surveillance Act) documents and court rulings today.
Buried in the documents are details of what Clapper refers to as “compliance incidents,” over 15,000 instances of the NSA improperly tracking suspects. While these “breaches” were in clear violation of FISA court rulings, they resulted in only minor sanctions for the agency.
The NSA’s software, whether due to flaws in the code or by design, ignored the clearly stated FISA rules of reasonable suspicion when scouring suspects’ phone records. A software audit performed in early 2009 showed that out of 17,835 phone numbers on the NSA’s alert list, less than 2,000 reached the FISA court’s standard of reasonable suspicion.
The documents also show that the NSA’s lawyers didn’t view this breach of privacy as a problem. One document state the lawyers “appear to have viewed the alert process as merely a means of identifying a particular identifier on the alert list that might warrant further scrutiny.”
Clapper released the documents today with a long statement that attempts to paint the privacy intrusions as a minor error (the aforementioned “compliance incidents”). An excerpt of Clapper’s statement is below. The full statement and documents are available on the NSA Tumblr(yes, the NSA has a Tumblr):
DNI Clapper Declassifies Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act (FISA) September 10, 2013 In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive intelligence collection programs undertaken under the authority of the Foreign Intelligence Surveillance Act (FISA) while being mindful of the need to protect national security. Consistent with this directive, today I authorized the declassification and public release of a number of documents pertaining to the Government’s collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act. These documents were properly classified, and their declassification is not done lightly. I have determined, however, that the harm to national security in these circumstances is outweighed by the public interest. Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed. These documents will be made available at the website of the Office of the Director of National Intelligence (www.dni.gov), and on the recently established public website dedicated to fostering greater public visibility into the intelligence activities of the Government (IContheRecord.tumblr.com). The documents released today were provided to Congress at the time of the events in question and include orders and opinions from the Foreign Intelligence Surveillance Court (FISC), filings with that court, an Inspector General Report, and internal NSA documents. They describe certain compliance incidents that were discovered by NSA, reported to the FISC and the Congress, and resolved four years ago. They demonstrate that the Government has undertaken extraordinary measures to identify and correct mistakes that have occurred in implementing the bulk telephony metadata collection program – and to put systems and processes in place that seek to prevent such mistakes from occurring in the first place. More specifically, in response to the compliance incident identified in 2009, the Director of NSA instituted a number of remedial and corrective steps, including conducting a comprehensive “end-to-end” review of NSA’s handling of telephony metadata obtained under Section 501. This comprehensive review identified additional incidents where NSA was not complying with aspects of the FISC’s orders. The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC. As discussed in the documents, there was no single cause of the incidents and, in fact, a number of successful oversight, management, and technology processes in place operated as designed and uncovered these matters.