NSA Kills People Based on Metadata, But Can’t Preserve Its Own Personnel Metadata for a Simple FOIA

Over at Vice News, I’ve got a story with Jason Leopold on 800 pages of FOIAed documents from the NSA pertaining to their response to Edward Snowden. Definitely read it (but go back Monday to read it after VICE has had time to recover from having NSA preemptively release the documents just before midnight last night).

But for now I wanted to point out something crazy.

There were some funny things about the documents handed over to Leopold, some of which I’ll get into over time. By far the funniest is their claim that this email, from SV2 to SV and cc’ed to SV4:

Screen Shot 2016-06-04 at 1.02.58 PM

Is the same as this email, from E63 to SV and cc’ed to SV43.

Screen Shot 2016-06-04 at 1.05.49 PM

We asked them about that — it was one of the few questions from a list of very detailed questions they actually gave us answers to. Here’s how they explained it.

Due to a technical flaw in an operating system, some timestamps in email headers were unavoidably altered. Another artifact from this technical flaw is that the organizational designators for records from that system have been unavoidably altered to show the current organizations for the individuals in the To/From/CC lines of the header for the overall email, instead of the organizational designators correct at the time the email was sent.

Remember, this is the agency that “kills people based on metadata,” per its former Director, Michael Hayden.

But “due to a technical flaw in an operational system,” it could not preserve the integrity of either the time or the aliases on emails obtained under FOIA.

Update: I asked Douglas Cox, who works on these kinds of issues at CUNY School of Law, about this. Here’s what he had to say:

This is an illustration of why most federal agencies are still “print and file” for email preservation purposes, because many can’t seem to properly preserve email in electronic format. Agencies are supposed to be managing emails electronically by the end of this year, but there are doubts many will get there that soon.

If they had a hard copy version and then screwed up the original electronic version by bringing it on to the live system, that would account for differing headers in copies of “same” email, which is bad enough. To the extent they did not have hard copy and they screwed up the only copy in electronic form that is clearly worse. It does raise a real issue.

But your point is right on, even in more mundane contexts not involving drone strikes it is remarkable the disconnect between standards agencies impose and those they practice. When you are producing docs to a govt agency in response to doc requests, eg, you often have to abide by exacting standards in format including careful capture of metadata, but with FOIA you get things like this.

The artifact in the email — which comes from a string that shows the Compliance training woman modifying her version of the face-to-face interaction with Snowden a year after it happens — must reflect who was printing out documents in timely fashion for the FOIA, and who wasn’t (or perhaps which communications threads they figured they’d include and which they wouldn’t). It may also reflect which of these people are actually complying with Federal Records Act guidelines.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

8 replies
  1. earlofhuntingdon says:

    “Do as I say, not as I do.” Michael Hidden. (Oops, unavoidable alteration.)

  2. sigis says:

    Due to a technical flaw in an operating system[we exploited a vulernability known to allow email message headers to be changed], some timestamps in email headers were unavoidably altered[we changed them because of the situation you put us in].

  3. TarheelDem says:

    Kudos to you and Jason Leopold for your work. Grindingly, painstakingly evidence what is going on for anyone who has ever worked in a mammoth organization engaged in CYA.

    First, it was the perceptions of the agency and of Snowden. No accountability.
    Then, it was, oops, the failure of training of new hires that conveniently ignored Constitutionality. No accountability.

    Interesting to was DiFi’s concern to cover until she couldn’t.

    The dog in the operating system ate my homework is not credible. How much money did they waste faking the FOIA response?

    • emptywheel says:

      Leopold and I had a bet on who put DiFi up to releasing the email. I won’t say whom I bet on but I think I won.

  4. pdaly says:

    I read the Vice News article written by you, Jason Leopold and Ky Henderson and liked your step-by-step dissection of the unfolding of the news cycle and the government’s ongoing attempts to control it.
    https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive
    .
    Did the NSA ever fix the training manual that triggered Snowden’s original question to the NSA’s Office of Legal Counsel?
    .
    To quote from your article for those who haven’t followed the link:
    .
    “On April 5, 2013 … Snowden clicked the “email us” link on the internal website of the NSA’s Office of General Counsel (OGC) and wrote, “I have a question regarding the mandatory USSID 18 training.”
    .

    United States Signals Intelligence Directive 18 (USSID 18) encompasses rules by which the NSA is supposed to abide in order to protect the privacy of the communications of people in the United States.
    .

    Referring to a slide from the training program that seemed to indicate federal statutes and presidential Executive Orders (EOs) carry equal legal weight, Snowden wrote, “this does not seem correct, as it seems to imply Executive Orders have the same precedence as law. My understanding is that EOs may be superseded by federal statute, but EOs may not override statute.”
    .
    .

    This response by the NSA’s OGC is telling.
    Again, from your article:
    .
    “About 20 minutes after Snowden sent the email, an OGC office manager forwarded it to the Signals Intelligence Oversight and Compliance training group — the people who had designed the test.
    .

    “OGC received the question below regarding USSID 18 training but I believe this should have gone to your org instead,” the office manager wrote. “Can you help with this?” The office manager also cc’d Snowden.
    .

    But the next working day, April 8, the email and question were sent right back to the OGC. The woman who did this would later explain to NSA investigators, “Although I felt comfortable answering his question, I thought it was more appropriate for OGC [NSA’s Office of Legal Counsel] to respond since the authority documents include legalities and the individual wanted them ranked in precedence order.”
    So she forwarded the email to two OGC attorneys who “had recently provided the hierarchy of the authorities” in the training program to which Snowden was referring.”

  5. pdaly says:

    oops. I inserted “NSA’s Office of Legal [sic] Counsel” instead of “General Counsel” in my above quote of your article–initially planned to quote just that paragraph.

Comments are closed.