Did Congress Remain Ignorant of the Fourth Amendment Violation?

As soon as Dianne Feinstein said she didn’t receive notice of 12333 violations …

By law, the Intelligence Committee receives roughly a dozen reports every year on FISA activities, which include information about compliance issues. Some of these reports provide independent analysis by the offices of the inspectors general in the intelligence community. The committee does not receive the same number of official reports on other NSA surveillance activities directed abroad that are conducted pursuant to legal authorities outside of FISA (specifically Executive Order 12333), but I intend to add to the committee’s focus on those activities.

… I recognized something Marc Ambinder laid out here: the Intelligence Committees wouldn’t get notice of collection of US person content off switches.

NSA gives Congress detailed narratives of violations of the FISA-authorized data sets, like when metadata about American phone records was stored too long, when a wrong set of records was searched by an analyst or when names or “selectors” not previously cleared by FISA were used to acquire information from the databases. In these cases, the NSA’s compliance staff sends incident reports to the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence for each “significant” FISA violation, and those reports include “significant details,” the official said.

But privacy violations of this sort comprise just one third of those analyzed by the inspector general. Of the 2,776 violations reported by the NSA from May 2011 to May 2012, more than two-thirds were counted as E.O. 12333 incidents. And the agency doesn’t provide Congress detailed reports on E.O. 12333 violations.

In some ways, it’s a distinction without a difference: it does not matter to U.S. citizens whether their phone call was accidentally intercepted by an analyst focusing on U.S.-based activities or those involving a foreign country. But the difference is relevant as it keeps Congress uninformed and unable to perform its oversight duties because the NSA doesn’t provide the intelligence committees with a detailed narrative about the latter type of transgressions.

For example, if someone’s e-mails were inadvertently obtained by the NSA’s International Transit Switch Collection programs, it would count as 12333 error and not a FISA error, even though the data was taken from U.S. communication gateways, and NSA would not notify Congress. The document specifies four such programs: ORANGEBLOSSOM, FAIRVIEW, STORMVIEW and SILVERZEPHYR.

That’s important because the violation the FISA Court ruled illegal on October 3, 2011 involved some kind of upstream collection. Here’s how Barton Gellman described it.

In what appears to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection.

The operation to obtain what the agency called “multiple communications transactions” collected and commingled U.S. and foreign e-mails, according to an article in SSO News, a top-secret internal newsletter of the NSA’s Special Source Operations unit. NSA lawyers told the court that the agency could not practicably filter out the communications of Americans.

In October 2011, months after the program got underway, the Foreign Intelligence Surveillance Court ruled that the collection effort was unconstitutional. The court said that the methods used were “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion, and it ordered the NSA to comply with standard privacy protections or stop the program.

Now, that collection should have been briefed to Congress, because it counts as Section 702 collection (which is why the FISC got to review it). But maybe it didn’t, until the FISC ruled it.

But what if it wasn’t?

As I noted earlier, the NSA started counting violations of US person collection differently in the first quarter of 2012 which (they claim) resulted in a significant increase of those violations. Which suggests there may be a tie between the 702 collection and the 12333 collection.

But I do wonder whether Congress didn’t see the illegal practice because it was hidden under 12333 collection?

6 replies
  1. Adam Colligan says:

    It’s sad when there are so many (even reported) violations that I have to double check whether a violation is being described by the EO number it breaches or by the quantity of breaches themselves…

  2. Arbusto says:

    Marcy could have modified the title to her last post for this one: Lack of Due Diligence: The NSA’s “the Analyst Congress Didn’t Give a Fuck” Violation

    The only reason any in Congress discuss NSA at all is to cover their lying asses. DiFi is so in bed with Obama and the intel community she has bed sores. If anyone could name a worse chairperson on intel, please tell.

  3. lefty665 says:

    @Arbusto: “Jello” Jay Rockefeller and Pat Roberts. That gets us back to Bob Graham who was pretty good.

    Jane Harman was ranking Dem in the house. Thank goodness we dodged her as chair. Rodgers, Reyes and Hoekstra have not been gems either.

    All worse? Maybe not, but they’re all birds of a feather. It would be hard to argue any are appreciably better.

  4. greengiant says:

    The independent media analysis of NSA violations, congressional ineptitude and judicial blindness is an military intelligence complex distraction.
    You are playing the NSA game on the NSA field with NSA umpires using the NSA rule book with NSA commentators in the press box.
    It is pretty easy to assume the NSA only lets you know what the NSA wants you to know. What is more the NSA contractors only tell the NSA what the NSA contractors want the NSA to know. Anyone think that Snowden was privy to the private need to know programs and data bases?
    Over 480,000 contractors have top secret and higher clearances.

  5. Mindrayge says:

    The first paragraph in the Gellman description you quoted seems to describe what XKEYSCORE does though it is possible that UPSTREAM (from the PRISM slides) is similar but we have no documents on UPSTREAM itself to know. We know that the Guardian had one completely redacted slide from XKEYSCORE but that slide was published by Brazilian media weeks earlier that showed SILVERZEPHYR was an SSO that had a private telecommunications partner codenamed STEELKNIGHT. We also know that SILVERZEPHYR provided DNR (telephony content and metadata) and DNI (internet content and metadata.

    From the PRISM slides we know that UPSTREAM was connected with FAIRVIEW, STORMBREW, BLARNEY and OAKSTAR per the PRISM slide published July 10th by the Washington Post here Titled FAA702 Operations:


    The NSA internal newsletter referred to these as programs. However, in the 30 page White Paper released by the government last Friday the claim was that FAIRVIEW, BLARNEY, OAKSTAR, and LITHIUM were cover names for sources and not programs. Incidentally, LITHIUM became known via a report by CNN.

    From the newsletter we we know the issue revolves around DNI collection (internet metadata and content). Note, that newsletter uses the phrase “upstream” without referring to UPSTREAM and the privacy Report makes no mention of it either despite FAIRVIEW and STORMBREW both being attached to UPSTREAM. I find the newsletter mention of “upstream” rather than UPSTREAM curious because the PRISM slides clearly mention it. Of course there is no mention of XKEYSCORE and it isn’t clear what UPSTREAM does and how similar (or not) it may be to XKEYSCORE.

    We know from the letters to Congress that were released for 2009 and 2011 that the government was using Pen Register Trap and Trace (PRTT) for internet metadata collection (at least under one program). From all appearances those letters they described the PRTT collection as if it was a continuing program and not something new. So one can surmise that FISC approval for internet metadata under PRTT had already taken place.

    I can’t imagine that anything XKEYSCORE does (since it is a content dragnet) would pass the 4th Amendment tests or meet the statutes under chapters 119. 121, and 206 of Title 18 or the FISA statutes under Title 50. So I can’t imagine the government actually mentioned XKEYSCORE to the FISC let alone described in an application a generic collection store that essentially would contain what XKEYSCORE collects.

    Is it possible that the government was attempting to use the XKEYSCORE collection as its source for a FISA collection under a different program and somehow the FISC deduced there was a larger collection going on? Because the only other thing I can think of that would get into violations of the 4th Amendment and the statutes (considering what the FISC had already approved) is if they were trying to use identity information to filter out US persons from those international switch collections or they were using identity information (name or physical address) to tie together contacts.

    The newsletter notes that the PRISM operations were unaffected by the Court opinion. So that means either valid PRTT orders exist for the PRISM providers or the PRISM operations are occurring under a different authority, likely Section 215.

    Some of this will be clearer if and when we get to see the FISC Opinion.

  6. Bill Michtom says:

    The strongest oversight is provided by Wyden and Udall and they’re too chickenshit to use their Congressional immunity to actually tell us what’s going on.

Comments are closed.