July 27, 2013 / by emptywheel

 

Wyden and Udall: They’re Blowing Smoke about Phone and Other Bulk Record Safety

When I wrote about the letter from Ron Wyden, Mark Udall, and 24 other Senators to James Clapper a month ago, I focused on the specter that Section 215 would be used to collect gun records (in response to which, the NRA let its political guns drop from flaccid fingers).

Given yesterday’s response from Wyden and Udall to Clapper’s response, I should have focused on this passage:

Senior officials have noted that there are rules in place governing which government personnel are allowed to review the bulk phone records data and when. Rules of this sort, if they are effectively enforced, can mitigate the privacy impact of this large-scale data collection, if they do not erase it entirely. Furthermore, over its history the intelligence community has sometimes failed to keep sensitive information secure form those who would misuse it, and even if these rules are well-intentioned they will not eliminate all opportunities for abuse.

In response to that passage, Clapper spent one paragraph talking about when the government can access this data and another describing the oversight over it, including,

Implementation of the program is regularly reviewed not only by NSA, but by outside lawyers from the Department of Justice and by my office, as well as by Inspectors General. The Executive Branch reports all compliance incidents on to the FISC.

Later, in response to a question specifically about violations, Clapper wrote,

Since the telephony metadata collection program under section 215 was initiated, there have been a number of compliance problems that have been previously identified and detailed in reports to the Court and briefings to Congress as a result of Department of Justice reviews and internal NSA oversight. However, there have been no findings of any intentional or bad-faith violations.

These problems generally involved human error or highly sophisticated technology issues related to NSA’s compliance with particular aspects of the Court’s orders. As required, those matters, including details and appropriate internal remedial actions, are reported to the NSA’s Inspector General, the Department of Justice, the Office of the Director of National Intelligence, the FISC and in reports provided to Congress and other oversight organizations.

To which Wyden and Udall insisted,

Their [in context, probably meaning NSA’s, though they did not specify] violations of the rules for handling and accessing bulk phone information are more troubling than have been acknowledged and the American people deserve to know more details.

Now, there are a couple of different things going on here.

First, as Wyden and Udall also note, Clapper didn’t answer their question, “How long has the NSA used the PATRIOT Act authorities to engage in bulk collection of Americans’ records? Was this collection underway when the law was reauthorized in 2006?” Clapper instead answered how long NSA was using Section 215 to get telephony metadata, answering May 2006. But we know that collection was briefed before passage of the PATRIOT reauthorization, and it appears the government used a kluged hybrid order to get it from at least the time the illegal program was revealed in 2005 until the reauthorization passed.  So this earlier use may implicate earlier violations.

Nevertheless, what Clapper claims to be human error seems to be something more, the querying of records pertaining to phone numbers that aren’t clearly terrorists (or Iranians).

And given the revelation the government has gone three hops deep into this data, the reference to “highly sophisticated technology issues” suggests more sophisticated data mining than a game of half-Bacon.

Finally, one more thing. In the debate over the Amash-Conyers amendment the other day, House Intelligence Chair Mike Rogers also boasted of the controls that — according to Wyden and Udall — have proven insufficient. But in the process of boasting, he admitted other agencies have less effective oversight than the NSA.

It is that those who know it best support the program because we spend as much time on this to get it right, to make sure the oversight is right. No other program has the legislative branch, the judicial branch, and the executive branch doing the oversight of a program like this. If we had this in the other agencies, we would not have problems. [my emphasis]

When Wyden and Udall asked this question originally, they asked specifically, “Have there been any violations of the court orders permitting this bulk collection, or of the rules governing access to these records?” While most of their questions specified NSA, that one didn’t. The FBI, not NSA, is the primary user of Section 215, though it shares its counterterrorism (and counterespionage) data with the National Counterterrorism Center.

And even Mike Rogers appears to believe “the other agencies” have problems with this kind of data.

All of which seems to suggest there have been serious problems with the NSA’s use of the phone record dragnet. But there have been even more serious problems with bulk records on other subjects as used by other agencies.

Copyright © 2013 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2013/07/27/wyden-and-udall-theyre-blowing-smoke-about-phone-and-other-bulk-record-safety/