In response to an American Civil Liberties Union lawsuit and the filing of a Freedom of Information Act request, on Christmas Eve, the National Security Agency (NSA) released 12 years of “compliance error” reports that detail its agency’s failures to comply with U.S. law since the 2001 start of the War on Terror. Although the reports are heavily redacted, the sheer volume of supposed “errors” is stunning.
President Ronald Reagan signed United States Intelligence Activities on December 4, 1981. Referred to as Presidential Presidential Executive Order 12333, the mandate sets the goals, direction, duties, and responsibilities for national intelligence gathering and lays out defined roles for participation by the U.S. Departments of Defense, Energy, State, and Treasury. EO12333 also became the supposed legal authority for NSA for its secret systematic collection of unencrypted information from data centers of major Internet search companies, including Apple, Google, Microsoft, and others.
The President’s Intelligence Oversight Board (IOB) reports were collected by the Office of the Director of National Intelligence. Despite broad authority and minimal legal restrictions, the reports reveal that the NSA continuously failed to comply with EO12333 from 2001 through 2013. The errors cover the spectrum of accidental incidents, lack of training-related mistakes, and sometimes outright willful violations of the law.
The cover letter to the document release states:
NSA takes even unintentional errors seriously and institutes corrective action, typically involving at a minimum a combination of training and technical measures designed to prevent recurrences. Data incorrectly acquired is almost always deleted, referred to as the “purge” process.
The Freedom of Information Act response is part of the continuing blow-back from Edward Snowden’s mid-2013 revelations that the NSA was harvesting millions of email and instant messaging contact lists, searching email content, tracking and mapping the location of cell phones. Snowden outted PRISM and other NSA surveillance software tools that were tapping unlimited front-door access to read “metadata,” including law-abiding Americans’ personal e-mails and Internet search activity.
Most of the “errors” were for querying too large of raw traffic data. Given the billions of records NSA had to sift through, occasional errors would seem the norm. But some of the NSA activity seems to have been the equivalent of fraternity pranks in which NSA employees targeted other NSA workers’ personal cell phones.
In a demonstration of how an analyst could commandeer NSA tools for personal use, one specialist in 2012 “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting.” The employee was given a cease and desist order, but she did not appear to be punished for such an obvious breach of the law.
I did not find any “error” that mentioned any employee being demoted or fired. The most common item in the thousands of error reports was a statement that the NSA employee had been “counseled” regarding the error.
Given that the NSA analysts are spies, I do not know anyone who trusts the 12 years of reports are a full disclosure of “errors.” Both the Bush administration and the Obama administration had thousands of “errors.” But from my initial review, 2013 was an especially egregious period in which the NSA broke privacy laws thousands of times.
I am sure that the Obama administration and the NSA thought that releasing the treasure trove of “errors” over Christmas would limit the press and Congress from quickly responding. But the incredible volume of “errors” will put significant pressure on Congress from personal freedom advocates to rein in the NSA.
Below are all 12 years of the “NSA Reports to the President’s Intelligence Oversight Board”: