While we’re discussing new hints that the NSA actually has targeted Americans in creepy old-style spying, I want to look closely at a training program that ODNI describes as dating to August 2009. The I Con description reads, in part,
August 2009 NSA Cryptological School Course on Legal, Compliance, and Minimization Procedures. These course materials, designed for NSA personnel provided access to bulk telephony and electronic communications metadata acquired pursuant to Section 501 of FISA and Section 402 of FISA respectively
There should be some tie to the PATRIOT-authorized phone and Internet dragnets, otherwise this document wouldn’t be responsive to the ACLU and EFF FOIAs it was released in response to. But I actually suspect they may have grabbed the wrong August 2009 training program from their “heap of trouble in 2009” file, because there’s not a hint of PATRIOT authorities in the course. In fact, I think it’s possible that the training instead responded to the violations reported on by Risen and Lichtblau in April 2009,
The intelligence officials said the problems had grown out of changes enacted by Congress last July in the law that regulates the government’s wiretapping powers, and the challenges posed by enacting a new framework for collecting intelligence on terrorism and spying suspects.
[snip]
But the issue appears focused in part on technical problems in the N.S.A.’s ability at times to distinguish between communications inside the United States and those overseas as it uses its access to American telecommunications companies’ fiber-optic lines and its own spy satellites to intercept millions of calls and e-mail messages.
[snip]
As part of that investigation, a senior F.B.I. agent recently came forward with what the inspector general’s office described as accusations of “significant misconduct” in the surveillance program, people with knowledge of the investigation said. Those accusations are said to involve whether the N.S.A. made Americans targets in eavesdropping operations based on insufficient evidence tying them to terrorism.
And in one previously undisclosed episode, the N.S.A. tried to wiretap a member of Congress without a warrant, an intelligence official with direct knowledge of the matter said.
The training covers things like the FISA Amendments Act statutes limiting wiretapping of Americans overseas (sections 703, 704, and 705). It seems to talk about necessary limits on upstream collection. It discusses how to narrow search terms on already collected data to avoid collecting innocent US person data. It also appears to have several heavily redacted sections that talk about wiretapping protected persons like members of Congress.
All that said, I’m particularly interested in the training for another reason (though the violations reported by Risen and Lichtblau may provide helpful background). In several sections, the training seems almost plaintive in its efforts to convince analysts to follow the rules, as on page 83 where it explains the best way to protect the NSA is to play by the rules.
The best way to protect ourselves and our SIGINT is to play by the rules.
No matter how inconvenient the rules may seem, if we fail to adhere to them, the next set of rules will be far stricter. (82)
More interesting still are two series of slides that bookend what we see of the presentation save a last mostly-redacted section (see pages 6-8 and 114-116, excerpted above; click to enlarge). After introducing Katz v. US, a Supreme Court case that recognized the expectation of privacy in phone conversations, the presentation reviewed 3 past wiretapping scandals.
Operation Shamrock: 1945-1975
- NSA received copies of international telegrams to, from, and transiting the U.S.
Narcotics Collection: 1970-1973
- Obtained Communications that Law Enforcement could not acquire under Title III
Project Minaret: 1967-1973 (The Watch List)
- Names of U.S. persons used systematically as basis for selecting messages
Then almost a hundred pages later, the presentation includes 3 slides that match those earlier abuses with what it calls present examples (in the image above I’ve matched the original slide to the follow-up). The first — the one matching Operation Shamrock — is almost entirely redacted, showing only that it involves “targeting of …” (presumably referring to email or phone calls).
The second — the one matching illegal Narcotics wiretaps — describes a “Restaurant in Texas to identify narcotics smugglers.”
The third — the one matching Project Minaret — admits to “unauthorized targeting of suspected terrorists in U.S.”
These comparisons, it seems, aimed to match historic abuses to “present” (or recent) practices, warning that if NSA analysts didn’t clean up their act something like a Church Committee and more stringent rules would be imposed.
I have no idea what NSA meant when it called these three things “Present Examples” (though I’m sure the lawyers for the restaurant in Texas would be interested in this news). It’s quite possible the first and third refer to practices under Bush’s illegal wiretap program, which we know involved domestic wiretapping of the phone and email of people alleged to be terrorist suspects. In other words, these abuses may refer to pre-2007 activities rather than the violations Risen and Lichtblau reported in early 2009.
That said, NSA’s OGC seems to have believed — or at least fear-mongered — that the “present” abuses were similar in kind to the famous abuses from the 1970s.