When Bernie Sanders asked the NSA whether it spied on Members of Congress, Keith Alexander responded, in part,
Among those protections is the condition that NSA can query the metadata only based on phone numbers reasonably suspected to be associated with specific foreign terrorist groups. For that reason, NSA cannot lawfully search to determine if any records NSA has received under the program have included metadata of the phone calls of any member of Congress, other American elected officials, or any other American without that predicate.
Alexander’s response was dated January 10, 2014, one week after the current dragnet order was signed.
It’s an interesting response, because one of the changes made to the dragnet access rules with the January 3 order was to provide Congress access to the data for oversight reasons. Paragraph 3D reads, in part,
Notwithstanding the above requirements, NSA may share the results from intelligence analysis queries of the BR metadata, including United States person information, with Legislative Branch personnel to facilitate lawful oversight functions.
This doesn’t actually mean Sanders (and Darrell Issa, Jerrold Nadler, and Jim Sensenbrenner, who sent a letter on just this issue yesterday) can just query up the database to find out if their records are in there. The legislature can only get query results — it can’t perform queries. And as of last week, all query identifiers have to be approved by the FISC.
Still, they might legitimately ask to see what is in the corporate store, the database including some or all past query results, which may include hundreds of millions of Americans’ call records. And Nadler and Sensenbrenner — as members of the Judiciary Committee — can legitimately claim to play an oversight role over the dragnet.
So why don’t they just ask to shop the corporate store, complete with all the US person data, as permitted by this dragnet order? While they’re at it, why not check to see if the 6 McClatchy journalists whose FOIA NSA just rejected have been dumped into the corporate store? (No, I don’t think giving Congress this access is wise, but since they have it, why not use it?)
Incidentally, this access for legislative personnel is not unprecedented. Starting on February 25, 2010 and lasting through 3 orders (so until October 29, 2010, though someone should check my work on this point) the dragnet orders included even broader language.
Notwithstanding the above requirements, NSA may share certain information, as appropriate, derived from the BR metadata, including U.S. person identifying information, with Executive Branch and Legislative Branch personnel in order to enable them to fulfill their lawful oversight functions…
Of course at that point, most of Congress had no real understanding of what the dragnet is.
Now that they do, Nadler and Sensenbrenner should use the clear provision of the dragnet order as an opportunity to develop a better understanding of what happens to query results and how broadly they implicate average Americans’ privacy.
Update: Added short explanation of corporate store.