- By Jenna McLaughlinJenna McLaughlin is an intelligence reporter for Foreign Policy, focusing on the culture, dynamics, and events happening in the National Security Agency, the Central Intelligence Agency, and the other 15 members of the intelligence community—plus the way the sensitive information they gather and analyze informs and directs the White House and policy makers on the Hill. Previously, McLaughlin was a national security reporter for the Intercept where she covered everything from the FBI’s secretive subpoena powers to cybersecurity companies in the Middle East. Before that, she covered similar topics including the rise of the Islamic State at Mother Jones Magazine. You can reach her with tips and responses securely through Signal or WhatsApp at 203-537-3949, or through her email, email@example.com.
When searching intelligence data, analysts from the National Security Agency failed to follow the rules “with much greater frequency” than was previously disclosed, documents published by the Office of the Director of National Intelligence show.
The secretive Foreign Intelligence Surveillance Court accused the NSA of a “lack of candor” when reporting those failures, which are a serious concern for the Fourth Amendment.
During a preliminary review of just a few months in 2015, analysts running searches on emails and other digital communications vacuumed up from undersea internet cables frequently violated Americans’ privacy—albeit unintentionally. “The problem was widespread,” wrote the Foreign Intelligence Surveillance Court in a memorandum published on the intelligence office’s Tumblr page Thursday evening.
NSA analysts had a startling error rate of 85 percent on another, smaller part of the NSA’s foreign intelligence programs, a statistic that “raises questions” about the “propriety” of current powers to search that data, the court wrote. That program, which uses rarely exercised authorities involving a few dozen top targets, is designed to target American citizens presumably living overseas, one former intelligence official explained to Foreign Policy.
Those failures happened almost immediately after being told to fix the same issue with privacy protection in 2011. “Too often…the government fails to meet its obligation to provide prompt notification” when an analyst doesn’t follow the rules, the court wrote.
On April 28, the NSA announced it would be winding down one part of a controversial foreign intelligence program, called Upstream, that allowed it to vacuum up digital communications about a target straight from the backbone of the Internet. That program is authorized under Section 702 of the Foreign Intelligence Surveillance Act, a law that’s set to expire at the end of the year unless lawmakers reauthorize it.
The frequency of compliance issues, meaning the regularity with which NSA employees broke protocol when sifting through the communications, was the reason for shutting down the program, the NSA said.
The new memorandum reveals further detail about those compliance issues. At least one section of the program didn’t allow audits of the searches, something unusual for the NSA. One former intelligence official told Foreign Policy it was shocking the database wasn’t immediately tied to an auditing system.
The program is designed to track only foreign people living overseas, and NSA analysts weren’t supposed to be digging through Americans’ communications. But because the information was drawn straight from undersea Internet cables trawling for information about foreign targets, Americans’ data often got swept up in what is known as incidental collection.
The NSA blamed “human error” and tricky technical design on the analysts’ improper searches as well as a system that forced them to “opt-out” of certain search parameters instead of opt-in, leading them to forget to limit their queries.
It’s unclear if NSA will try to revive its legal authority to search for communications about foreign targets, but for now it appears to be gearing up to defend the rest of the collection program so that lawmakers don’t further strip away collection powers.
“The immense magnitude of noncompliance shows the current structure does not function and needs to change,” Jake Laperruque, senior counsel at constitutional nonprofit The Constitution Project, wrote in a message to FP. “If FISA surveillance leads to such systemic failures violation of Americans rights, it’s time for systemic reforms.”
NSA analysts weren’t the only ones with compliance issues, according to the court’s memorandum. The FBI, which also maintains access to communications collected by the NSA for both foreign intelligence and domestic crime purposes, shared that raw intelligence—without any redactions or privacy protections—with a third party “largely staffed by private contractors.”
Photo credit: MICHAEL BOCCHIERI/Getty Images