President Obama will shortly give a speech in which he’ll make cosmetic changes to the NSA dragnet, but will continue, in many ways, the accessing of personal data from Americans with no probable cause.
As part of his cosmetic effort, he will also say there has been no evidence of abuse in these programs. That means he does not consider any of the following abuse:
- The NSA spied on the porn and phone sex habits of ideological opponents, including those with no significant ties to extremists, and including a US person.
- According to the NSA in 2009, it had a program similar to Project Minaret — the tracking of anti-war opponents in the 1970s — in which it spied on people in the US in the guise of counterterrorism without approval. We still don’t have details of this abuse.
- When the NSA got FISC approval for the Internet (2004) and phone (2006) dragnets, NSA did not turn off features of Bush’s illegal program that did not comply with the FISC authorization. These abuses continued until 2009 (one of them, the collection of Internet metadata that qualified as content, continued even after 2004 identification of those abuses).
- Even after the FISC spent 9 months reining in some of this abuse, the NSA continued to ignore limits on disseminating US person data. Similarly, the NSA and FBI never complied with PATRIOT Act requirements to develop minimization procedures for the Section 215 program (in part, probably, because NSA’s role in the phone dragnet would violate any compliant minimization procedures).
- The NSA has twice — in 2009 and 2011 — admitted to collecting US person content in the United States in bulk after having done so for years. It tried to claim (and still claims publicly in spite of legal rulings to the contrary) this US person content did not count as intentionally-collected US person content (FISC disagreed both times), and has succeeded in continuing some of it by refusing to count it, so it can claim it doesn’t know it is happening.
- As recently as spring 2012, 9% of the NSA’s violations involved analysts breaking standard operating procedures they know. NSA doesn’t report these as willful violations, however, because they’ve deemed any rule-breaking in pursuit of “the mission” not to be willful violations.
- In 2008, Congress passed a law allowing bulk collection of foreign-targeted content in the US, Section 702, to end the NSA’s practice of stealing Internet company data from telecom cables. Yet in spite of having a legal way to acquire such data, the NSA (through GCHQ) continues to steal data from some of the same companies, this time overseas, from their own cables. Arguably this is a violation of Section 702 of FISA.
- NSA may intentionally collect US person content (including Internet metadata that legally qualifies as content) overseas (it won’t count this data, so we don’t know how systematic it is). If it does, it may be a violation of Section 703 of FISA.
Rather than discussing any of these violations, the NSA has waved around a few cases of LOVEINT (most, if not all, of which have not been prosecuted) as part of a successful ploy to distract from much more systemic abuses of its authority, affecting far more Americans.
But there has been abuse, even beyond practices (like back door searches) that gut the Fourth Amendment or (like NSA’s approach to encryption) that hurt Americans’ security.
President Obama will spend a lot of time saying there have been no abuses. He’s wrong.