In today’s HJC hearing on the NSA, there was extensive discussion about the risks of outsourcing the dragnet to the telecoms or — especially, to a third party holding all the data. It’s a concern I share.
That said, not a single person at the hearing seemed to be aware of this footnote, which has been in the phone dragnet primary orders since at least last April.
5 For purposes of this Order, “National Security Agency” and “NSA personnel” are defined as any employees of the National Security Agency/Central Security Service (“NSA/CSS” or “NSA”) and any other personnel engaged in Signals Intelligence (SIGINT) operations authorized pursuant to FISA if such operations are executed under the direction, authority, or control of the Director, NSA/Chief, CSS (DIRNSA).
If this language left any doubt that it permits contractors to directly query the database of every single phone-based relationship in the US, this language from Dianne Feinstein’s Fake FISA Fix bill report (which aims to codify the status quo) should eliminate them.
The Committee believes that, to the greatest extent practicable, all queries conducted to the authorities established under this section should be performed by Federal employees. Nonetheless, the Committee acknowledges that it may be necessary in some cases to use contractors to perform such queries. By using the term “government personnel” the Committee does not intend to prohibit such contractor use.
Contractors already have access to the dragnet.
If it presents a security threat to have contractors from Booz Allen Hamilton or some other intelligence contractor to have direct access to the dragnet, then we need to shut the dragnet down.
Because they’ve already got it.