Metadata Oversight: “A Banner”!!!!!

The Guardian has their next big NSA scoop, and it is meatier than the earlier ones. The headline is that President Obama continued a 2-degrees of separation analysis of Internet metadata under Section 702 for two years after he came into office. The practice morphed into something else in 2011, making it highly likely the October 3, 2011 FISC opinion finding FAA 702 activities violated the Fourth Amendment pertained to this practice.

Along with their story, the released two documents, one of which has two appendices. Altogether they’ve released:

I’ll have far, far more to say going forward.

But I wanted to point to language that reinforces my fears about how they’re controlling the still extant database of US person telephone metadata.

The documents describe the great oversight of the Internet metadata twice. First in the November 20, 2007 letter itself:

When logging into the electronic data system users will view a banner that re-emphasizes key points regarding use of the data, chaining tools, and proper dissemination of results. NSA will also create an audit trail of every query made in each database containing U.S. communications metadata, and a network of auditors will spot-check activities in the database to ensure compliance with all procedures. In addition, the NSA Oversight and Compliance Office will conduct periodic super audits to verify that activities remain properly controlled. Finally, NSA will report any misuse of the information to the NSA’s Inspector General and Office of GEneral Counsel for inclusion in existing or future reporting mechanisms related to NSA’s signals intelligence activities.

And in the September 28, 2006 Amendment:

5. Before accessing the data, users will view a banner, displayed upon login and positively acknowledged by the user, that re-emphasizes the key points regarding use of the data and chaining tools, and proper dissemination of any results obtained.

6. NSA creates audit trails of every query made in each database containing U.S. communications metadata, and has a network of auditors who will be responsible for spot-checking activities in the database to ensure that activities remain compliant with the procedures described for the data’s use. The Oversight and Compliance Office conducts periodic super audits to verify that activities remain properly controlled.

7. NSA will report any misuse of the information to NSA’s Inspector General and Office of General Counsel for inclusion in existing or future reporting mechanisms relating to NSA’s signals intelligence activities.

These descriptions are consistent with what we’ve been told still exists with the telephone metadata, so it is likely (though not certain) the process remains the same.

There are two big problems, as I see it. First, note that the Oversight and Compliance Office appears to be within NSA’s operational division, not part of the Inspector General’s Office. This means it reports up through the normal chain of command. And, presumably, its actions are not required to be shared with Congress. The IG, by contrast, has some statutory independence. And its activities get briefed to Congress.

In other words, this initial check on the metadata usage appears to be subject to managerial control.

But my other worry is even bigger. See where the descriptions talk about the fancy banner? The description says nothing about how that log-in process relates to the audit trail created for these searches. Indeed, in both of these documents, “the NSA” “creates” the audit trails. They don’t appear to be generated automatically, as they easily could be and should be.

That is, it appears (and this is something that has always been left vague in these descriptions) that these are manual audit trails, not automatic ones. (Though I hope they go back and compare them with keystrokes.)

When FBI had this kind of access to similar data, they simply didn’t record a lot of what they were doing, which means we have almost no way of knowing whether there’s improper usage.

This may have changed. These “audit trails” may have been automatically generated at this time (though that’s not what the process describes). Though the NSA IG’s inability to come up with a number of how many US person records are access suggests there’s nothing automated about it.

And if that’s true, still true, then the telephone metadata still in place is an invitation for abuse.

Tweet about this on Twitter18Share on Reddit1Share on Facebook8Google+1Email to someone

20 Responses to Metadata Oversight: “A Banner”!!!!!

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20

Emptywheel Twitterverse
emptywheel RT @peterwsinger: NJ man shot drone flying over his house, charged with unlawful *firearm use* https://t.co/WWA8py9D1I HT @burritojustice
20mreplyretweetfavorite
emptywheel Think I'll write a short story abt a govt that times its security agreements to the life expectancy of men it has in indefinite detention.
22mreplyretweetfavorite
JimWhiteGNV After this bit of hand-made yumminess, the bread machine is headed for the donation pile. No turning back now. http://t.co/2qFnxCRWYv
31mreplyretweetfavorite
emptywheel Once in a blue moon you really do need to find lipstick, but then all you see are batteries that need recharged.
32mreplyretweetfavorite
JimWhiteGNV RT @DaveJonesUFbeat: Last time #Vols beat #Gators was 30-28 in Knoxville in 2004 ... Ron Zook was fired a little over a month later. Ahem. …
2hreplyretweetfavorite
JimWhiteGNV Tide finally turning? Jordan Davis' murderer convicted! In Florida, no less.
2hreplyretweetfavorite
JimWhiteGNV RT @AP: BREAKING: Florida man convicted of 1st-degree murder for killing teenager after argument over loud music.
2hreplyretweetfavorite
emptywheel RT @alexisgoldstein: Shorter Eric Holder: "if only someone with power would do something about these oversized, unaccountable banks!" https…
2hreplyretweetfavorite
emptywheel @JimWhiteGNV To be fair, that kind of arrangement (cough, Bandar) is prolly one reason our intel on Syria is so bad.
3hreplyretweetfavorite
emptywheel @pwnallthethings Yep. But their number one rec was ... to do what Apple is now defaulting to. And Apples about half of stolen phones.
3hreplyretweetfavorite
JimWhiteGNV I understand that Louie Gohmert plans to hire the Khorasan Group as consultants to search for new head of SS.
3hreplyretweetfavorite
JimWhiteGNV RT @GreggJLevine: Ask not if sexism played a role in 30-year Secret Service vet Pierson's promotion; ask if it contributed to her ouster.
3hreplyretweetfavorite
June 2013
S M T W T F S
« May   Jul »
 1
2345678
9101112131415
16171819202122
23242526272829
30