The National Security Agency and Federal Bureau of Investigation violated specific civil liberty protections during the Obama years by improperly searching and disseminating raw intelligence on Americans or failing to promptly delete unauthorized intercepts, according to newly declassified memos that provide some of the richest detail to date on the spy agencies’ ability to obey their own rules, The Hill reports.
The memos reviewed by The Hill were publicly released on July 11 through Freedom of Information Act litigation by the American Civil Liberties Union.
They detail specific violations that the NSA or FBI disclosed to the Foreign Intelligence Surveillance Court or the Justice Department’s national security division during President Obama’s tenure between 2009 and 2016. The intelligence community isn’t due to report on compliance issues for 2017, the first year under the Trump administration, until next spring.
The NSA says that the missteps amount to a small number — less than 1 percent — when compared to the hundreds of thousands of specific phone numbers and email addresses the agencies intercepted through the so-called Section 702 warrantless spying program created by Congress in late 2008.
“Quite simply, a compliance program that never finds an incident is not a robust compliance program,” said Michael T. Halbig, the NSA’s chief spokesman.“…The National Security Agency has in place a strong compliance program that identifies incidents, reports them to external overseers, and then develops appropriate solutions to remedy any incidents.” he added.
But critics say the memos undercut the intelligence community’s claim that it has robust protections for Americans incidentally intercepted under the program.
“Americans should be alarmed that the NSA is vacuuming up their emails and phone calls without a warrant. The NSA claims it has rules to protect our privacy, but it turns out those rules are weak, full of loopholes, and violated again and again.” said Patrick Toomey, an ACLU staff attorney in New York who helped pursue the FOIA litigation.
Section 702 empowers the NSA to spy on foreign powers and to retain and use certain intercepted data that was incidentally collected on Americans under strict privacy protections. Wrongly collected information is supposed to be immediately destroyed.
The Hill reviewed the new ACLU documents as well as compliance memos released by the NSA inspector general and identified more than 90 incidents where violations specifically cited an impact on Americans. Many incidents involved multiple persons, multiple violations or extended periods of time.
For instance, the government admitted improperly searching NSA’s foreign intercept data on multiple occasions, including one instance in which an analyst ran the same search query about an American “every work day” for a period between 2013 and 2014.
There also were several instances in which Americans’ unmasked names were improperly shared inside the intelligence community without being redacted, a violation of the so-called minimization procedures that President Obama loosened in 2011 that are supposed to protect an Americans’ identity from disclosure when they are intercepted without a warrant. Numerous times improperly unmasked information about Americans had to be recalled and purged after the fact, the memos stated.
“CIA and FBI received unminimized data from many Section 702-tasked facilities and at times are thus required to conduct similar purges,” one report noted.
“NSA issued a report which included the name of a United States person whose identity was not foreign intelligence,” said one typical incident report from 2015, which said the NSA eventually discovered the error and “recalled” the information.
Likewise, the FBI disclosed three instances between December 2013 and February 2014 of “improper disseminations of U.S. persons identities.”
The NSA also admitted it was slow in some cases to notify fellow intelligence agencies when it wrongly disseminated information about Americans. The law requires a notification within five days, but some took as long as 131 business days and the average was 19 days., the memos show
U.S. intelligence officials directly familiar with the violations told The Hill that the memos confirm that the intelligence agencies have routinely policed, fixed and self-disclosed to the nation’s intelligence court thousands of minor procedural and more serious privacy infractions that have impacted both Americans and foreigners alike since the so-called Section 702 warrantless spying program was created by Congress in late 2008.
Alexander W. Joel, who leads the Office of Civil Liberties, Privacy and Transparency under the Director of National Intelligence, said the documents chronicle episodes that have been reported to Congress and the Foreign Intelligence Surveillance Court (FISC) for years in real time and are a tribute to the multiple layers of oversight inside the intelligence community.
“We take every compliance incident very seriously and continually strive to improve compliance through our oversight regime and as evidence by our reporting requirements to the FISC and Congress. That said, we believe that, particularly when compared with the overall level of activity, the compliance incident rate is very low.” he told The Hill.
The FBI told the Hill that the Section 702 law is “One of the most valuable tools the Intelligence Community has, and therefore, is used with the utmost care by the men and women of the FBI so as to not jeopardize future utility. As such, we continually evaluate our internal policies and procedures to further reduce the number of these compliance matters.”
The new documents show that the NSA has, on occasion, exempted itself from its legal obligation to destroy all domestic communications that were improperly intercepted.
Under the law, the NSA is supposed to destroy any intercept if it determines the data was domestically gathered, meaning someone was intercepted on U.S. soil without a warrant when the agency thought they were still overseas. The NSA however, has said previously it created “destruction waivers” to keep such intercepts in certain cases.
The new documents confirm the NSA has in fact issued such waivers and that it uncovered in 2012 a significant violation in which the waivers were improperly used and the infraction was slow to be reported to the court.
“In light of related filings being presented to the Court at the same time this incident was discovered and the significance of the incident, DOJ should have reported this incident under the our immediate notification process,” then-Assistant Attorney General Lisa Monaco wrote the FISA court in August 28, 2012 about the episode, according to one memo released through the FOIA.
The NSA declined to say how often destruction waivers are given. But ODNI’s Joel said the FISC court has supervised such waivers and affirmed they are “consistent with the Fourth Amendment of the Constitution and the statutory requirements of Section 702.”