Have There Been Significant Phone Dragnet Violations Since 2009?

As I laid out in more obscure fashion here, there are slight — but interesting — differences between how the 2009 Congressional notice, the 2011 Congressional notice, and the 2013 White Paper on the PATRIOT Act dragnet(s) describe the compliance problems. I’ve laid out all three below.

I’ll have more to say about the differences in a follow-up. But for the moment, note that the White Paper released 11 days ago doesn’t date the compliance issues.

Since the telephony metadata collection program under Section 215 was initiated, there have been a number of significant compliance and implementation issues that were discovered as a result of DOJ and ODNI reviews and internal NSA oversight.

The 2009 one doesn’t either — though it does reveal that the government was only just briefing the FISC that September on its compliance fixes when Silvestre Reyes first asked for this notice (they stalled almost 3 months in responding to him), at least suggesting the recentness of the discovery. The 2011 notice limits the compliance issues to 2009, though.

In 2009, a number of technical compliance problems and human implementation errors in these two bulk collection programs were discovered

Note, too, the different descriptions of the FISC response. Both the 2009 and 2011 assure Congress that the FISC, along with the Executive, found no evidence of bad-faith or intentional violations.

However, neither the Department, NSA nor the FISA Court has found any intentional or bad-faith violations.

The 2011 also reveals that the FISC imposed restrictions on the program — restrictions that surely were in place in March 2009, when Dianne Feinstein and Kit Bond tried to start the PATRIOT Reauthorization program  and may still have been in place in September 2009 (there were notices to Congress about the program on February 25, April 10, May 7, June 29, September 3, and September 10, 2009, and briefing materials sent to FISC on the program on September 1, September 18, and sometime in October).

Nice of DOJ to tell Congress that two years after the fact.

The White Paper, however, describes the FISC response — at times — quite differently. It makes no claim about whether FISC found intentional violations. And it reveals the FISC has, on occasion, “been critical” of both the compliance problems and the government’s court filings.

The FISC has on occasion been critical of the Executive Branch’s compliance problems as well as the Government’s court filings. However, the NSA and DOJ have corrected the problems identified to the Court, and the Court has continued to authorize the program with appropriate remedial measures.

Not only is there no claim that the FISC found no bad-faith problems, but it now reveals that “on occasion” the FISC has been critical — critical about both the problems and the the government’s claims about the problems.

There are several possible explanations for the difference in language.

Perhaps, for example, the government revealed FISC’s critical stance because it knew the FISC would read this White Paper, along with the rest of us, whereas the Congressional notifications would originally have never been seen by the FISC. Thus, the Administration would have reason to be far more frank about the FISC’s response than it did in the past.

But in conjunction with the silence about the date of these compliance problems, I do wonder whether FISC has grown more critical since 2011. After all, if there have been violations since this apparently extended effort in 2009 to fix compliance issues, wouldn’t it make the Court crankier?

One more thing to keep in mind. The White Paper, unlike the 2 Congressional notices, limits its discussion to the telephone dragnet; the other two include the Internet dragnet as well. This suggests not only that the compliance issues were not limited to the (far more dangerous and intrusive) Internet dragnet — they included the phone dragnet as well. But it suggests if there have been violations since 2011, they pertain to the phone program (for two reasons — the other being that the Administration claims to have ended the Internet program in 2011).

In any case, if there have been significant dragnet violations since 2009 (and by association, since 2011, when the letter referencing 2009 was written), this “transparency” would be a nice play. The only date listed for the violations, after all, is 2009, and there’s nothing in the recent White Paper that provides more specifics one way or another. So is the vague language in the White Paper just an effort to lead us to believe no violations have happened since 2009?

It’s worth noting that Ron Wyden and Mark Udall made a renewed, perhaps intensified effort in 2012, in conjunction with the FISA Amendments Act, to focus attention on this dragnet. They also say the violations we’ve read about are just the “tip of the iceberg.” Is the government hiding an iceberg somewhere in 2012?


2009 Congressional notice:

There have been a number of technical compliance problems and human implementation errors in these two bulk collection programs, discovered as a result of Department of Justice reviews and internal NSA oversight. However, neither the Department, NSA nor the FISA Court has found any intentional or bad-faith violations. The problems generally involved the implementation of highly sophisticated technology in a complex and ever-changing communications environment which, in some instances, resulted in the automated tools operating in a manner that was not completely consistent with the specific terms of the Court’s orders. In accordance with the Court’s rules, upon discovery, these inconsistencies were reported as compliance incidents to the FISA Court, which ordered appropriate remedial action. The incidents, and the Court’s responses, were also reported to the Intelligence Committees in great detail. The Committees, the Court and the Executive Branch have responded actively to the incidents. The court has imposed additional safeguards. In response to compliance problems, the Director of NSA also ordered “end-to-end” reviews of the Section 215 and pen-trap collection programs, and created a new position, the Director of Compliance, to help ensure the integrity of future collection. In early September of 2009, the Director of NSA made a presentation to the FISA Court about the steps taken to address the compliance issues. All parties will continue to report to the FISA Court and to Congress on compliance issues as they arise, and to address them effectively.

2011 Congressional notice:

In 2009, a number of technical compliance problems and human implementation errors in these two bulk collection programs were discovered as a result of Department of Justice (DOJ) reviews and internal NSA oversight. However, neither the Department, NSA nor the FISA Court has found any intentional or bad-faith violations. [redacted] In accordance with the Court’s rules, upon discovery, these inconsistencies were reported as compliance incidents to the FISA Court, which ordered appropriate remedial action. The FISA Court placed several restrictions on aspects of the business records program until the compliance processes were improved to its satisfaction. [redaction]

The incidents, and the Court’s responses, were also reported to the Intelligence and Judiciary Committees in great detail. The Committees, the Court and the Executive Branch have responded actively to the incidents. The court has imposed safeguards that, together with greater efforts by the Executive Branch, have resulted in siginificant and effective changes in the compliance program.

White Paper:

Since the telephony metadata collection program under Section 215 was initiated, there have been a number of significant compliance and implementation issues that were discovered as a result of DOJ and ODNI reviews and internal NSA oversight. In accordance with the Court’s rules, upon discovery, these violations were reported to the FISC, which ordered appropriate remedial action. The incidents, and the Court’s responses, were also reported to the Intelligence and Judiciary Committees in great detail. These problems generally involved human error or highly sophisticated technology issues related to NSA’s compliance with particular aspects of the Court’s orders. The FISC has on occasion been critical of the Executive Branch’s compliance problems as well as the Government’s court filings. However, the NSA and DOJ have corrected the problems identified to the Court, and the Court has continued to authorize the program with appropriate remedial measures.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

4 replies
  1. greengiant says:

    My basic assumption is that the “NSA” ( pseudonymn for whatever agency is “in charge”) contractors have hoovered everything up for long term storage and that all the FISA court ever sees is some of the times when another contractor or NSA does a detailed pull up of the data. They are constantly doing pattern recognition, network analysis, and cypher breaking on the entire data base. As long as an official human ( as opposed to IT person) never sees the detailed extraction, it never has to have legal justification or court approval.

    The US is the same country where the lawyers ( apologies to bmaz) have created such fiction as stateless Apple subsidiaries, and laws are whatever the ill maintained software programs deem them to be, read MERS, RMBS insanity, and foreclosure fraud, corporations are people when it comes to rights, and untouchable when it comes to crimes.

    http://www.wired.com/science/discoveries/news/2006/05/70908
    The circa 2003 fiber optic splitting US suck down was IMHO sufficient for the metadata and select hoovering. Potentially all of the bandwidth could have been forwarded via highly probably state of the art communications to other “NSA” locations. Consider the government technology should be several generations ahead of CSCO etc. Now 2013 is ten years later and they admit to storing a significant fraction of non video web bandwidth, or at least touching 1.6 percent of raw bandwidth.

    As long as the “system” does the dirty work, the “system” is not bound by the laws of the US, see executive order XXXXX, or just contractor’s actions.

    Maybe someone dropped a dime and called Wyden.

    The current Snowden, FISA court, Patriot act is show to keep the real activities of the terrorist state hidden.

  2. JohnT says:

    Just getting caught up with some email. You’ve prolly mentioned this Marcy, but it’s news to me

    Exclusive: NSA Loophole Keeps Congress Clueless on Foreign Intel Violations

    The National Security Agency, exploiting an executive order loophole, does not give Congress detailed information about unlawful signals intelligence collection on United States citizens when those violations come from programs that focus exclusively on foreign intelligence collection outside the U.S., an intelligence official told Defense One on Friday.

    http://www.defenseone.com/technology/2013/08/nsa-withholding-details-thousands-foreign-intel-violations-congress/68891/

  3. peasantparty says:

    I have to search for the notes I took from one of the last hearings, but I have them here somewhere.

    I also caught an article, I’m not sure where, but it said that the NSA has all YOUR PASSWORDS. That means it also has the ability to catch what you type or enter as you do it. Now, we all know there was a big hoo-haw over the banking deal they made to trace terror funding. Now it appears that not only do they track terrorists money, but they track yours as well. Everytime you use your credit or debit card, they have the location, the time, the amount, what you purchased, and how long between purchases.

    They have full access to all your banking entities, and know your passwords or codes.

    We’ve also recently learned they have the ability to see you through your smart phones and computer cameras. Although back in 2001 they decided they didn’t need to have your cable or sat tv subscription information, they probably have all of that now. So, you are being watched and scanned constantly.

    The revelations I had yesterday during a channel flip and an internet search proves they not only follow you by your GPS location on your phone, car, or your purchasing trail, they have a continued LOCK ON you with whatever system allows them to find people via DRONES!

    I don’t have the links to the above proclaims just now. If anyone doubts that I speak truth let me know and I will spend some time on the search for the links.

    In the meantime, I will be hunting up my hand written notes from the last hearing I watched on the subject.

Comments are closed.