Until at Least 2014, NSA Was Having Troubles Preventing Back Door Searches of Upstream Searches

Since NSA’s practice of conducting back door searches — searches of already collected data based off the targeting of foreigners — became widely known, the spooks have offered a few assurances about why we don’t have to worry about these back door searches. For example, the US person identifiers have to be pre-approved and the NSA won’t conduct back door searches of upstream data, which sometimes includes entirely domestic communications.

According to the Semiannual Reports on Section 702 released some weeks ago, those assurances are fairly hollow, or at least were during the 2013 to 2014 timeframe.

The March 2014 report, which covers the period from December 1, 2012 through May 31, 2013, revealed that the semiannual review process could not directly monitor back door searches on US person identifiers because that information is not kept in a centralized place.

It should be noted both that NSA’s efforts to review queries are not limited to Section 702 authorities and that, at this time, content queries are not specifically identified as containing United States person identifiers. As such, and as the Government previously represented to Congress, NSD and ODNI cannot at this time directly monitor content queries using United States person identifiers because these records are not kept in a centrally located repository. While the changes described above in NSA’s super audit process have not changed this status, NSA is exploring whether future queries using United States person identifiers could be identified and centralized. In the meantime, and in accordance with NSA’s minimization procedures, NSD and ODNI review NSA’s approval of any United States person identifiers used to query unminimized Section 702- acquired communications.

This appears to indicate that internal overseers could not audit the actual queries completed, but instead only reviewed the identifiers used to query data to make sure they were approved. Which, in turn, means the NSA’s targeting of foreigners and dissemination of reports on them got monitored more closely than NSA’s spying on Americans.

The following report — completed in October 2014 and covering the period June 1, 2013 through November 30, 2013 — reports a predictable consequence of the inability to monitor the actual queries conducted as back door searches: prohibited back door searches on upstream data.

(TS//SI//NF) The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([redacted]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

While the actual number is redacted, the number is high enough to refer to to “many” improper searches of upstream content.

That explicit violation of the rules set by Bates in 2011 was part of a larger trend of back door search violations, including analysts not obtaining approval to query Americans’ identifiers.

(TS//SI//NF) In addition, section 3(b)(5) of NSA’s Section 702 minimization procedures requires that queries using United States person identifiers must be first be approved in accordance with NSA internal procedures. In this reporting period, [redacted] NSA was in non-compliance with this requirement, either because a prior authorization was not obtained or the authorization to query had expired. For example, in NSA Incidents [redacted] NSA analysts performed queries using United States person identifiers that had not been approved as query terms. These queries occurred for a variety of reasons, including because analysts continued queries on terms that they suspected (but had not confirmed) were used by United States persons, forgot to exclude Section 702 data from queries [redacted], or did not realize that [redacted] constitute a United States person identifier even if the analyst was seeking information on a non-United States person.

Among other things, the third redaction in this passage appears to suggest that analysts conduct back door searches on data generally, presumably including both EO 12333 and 702 obtained data, but have to affirmatively exclude Section 702 data to stay within the rules laid out in the minimization procedures.

Consider the timing of this: the reporting of “many” back door search and other US person query violations occurred in the first post-Snowden period. While the fact NSA did back door searches was knowable from the 2012 SSCI report on Section 702 renewal, it did not become general knowledge among members of Congress and the general public until Snowden leaked more explicit confirmation of it. And all of a sudden, as soon as people started complaining about back door searches and Congress considered regulating it, NSA’s overseers discovered that NSA wasn’t following an explicit prohibition on searching upstream data. One of several risks of back door searching upstream data is it may amount to searching data collected domestically, or even entirely domestic communications.

And while the details get even more redacted, it appears the problem did not go away in the following period, the December 1, 2013 through May 31, 2014 reviews reported in a June 2015 report. After a very long redaction on targeting, the report recommends NSA require analysts to state whether they believe they’re querying on a US person.

Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent instances of otherwise approved United States person query terms being used to query upstream Internet transactions, which is prohibited by the NSA minimization procedures.64

The footnote that modifies that discussion is entirely redacted.

The June 2015 report was the most recent one released, so it is unclear whether simply requiring analysts to confirm that they are querying Americans solved the improper back door searches of upstream data. But at least as of the most recently released report, the two most troubling aspects of Section 702 surveillance — the upstream searching on Internet streams and back door unwarranted searches on US person identifiers — were contributing to “many” violations of NSA’s rules.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

5 replies
  1. SpaceLifeForm says:

    OT: Missing some dots. South Korea and Iraq?
    Or did NSA get misleading intel?

    https://theintercept.com/snowden-sidtoday/3008462-the-partnership-dissemination-cell-information/

    Another SIDtoday article described Third Party information sharing agreements with Turkey, Japan, South Korea, and Jordan, saying that those partners were second only to certain European allies in the extent of sharing. It said the NSA shared information with Turkey and Japan on terrorism and with South Korea and Jordan on Iraq.

  2. martin says:

    quote: “Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. “unquote

    The joint oversight team “believes” NSA should assess modifications to systems used to query raw Section 702-acquired data. right. ok.

    To require analysts to identify when “they believe” they are using a United States person identifier as a query term. un hun. right.

    Hahahaha. That’s funnier than shit. That’s like a cop saying..”Hey..I BELIEVE you should tell me if you BELIEVE you ran a red light.

    sheeezushchrist. These morons never cease to fucking amaze me.

    quote”But at least as of the most recently released report, the two most troubling aspects of Section 702 surveillance — the upstream searching on Internet streams and back door unwarranted searches on US person identifiers — were contributing to “many” violations of NSA’s rules.”unquote
    Many violations. right
    In a parallel universe….

    Judge: “As an analyst for NSA, who violated the law many many times, you are hereby sentenced to 5 years in a Federal penitentiary.

    Analyst: “But …but… but your honor..I was only following orders.”

    Judge. “Yes, and your superior is facing 10 years. Court is dismissed”(gavel smacks”

    In this universe.

    DNSA..raises middle finger to FISC..LOL, knowing NO ONE will be held accountable..EVEH. ..then cackles.

  3. martin says:

    Who is kidding who here? NO ONE AT NSA will NEVER be held accountable for breaking the law. PERIOD. They are above the law. It’s all just a fucking charade. Just like Clapper lying to Congress. This isn’t just laughable. It’s goddamned pathetic.

    • martin says:

      quote” NO ONE AT NSA will NEVER…”unquote

      correction…”..will EVEH…”

      god I’d kill for an edit button here.

  4. blueba says:

    Off topic I know but wanted to mention something relevant to this blog – encryption and privacy.

    Those evil Chinese are at it again, are developing and actually deploying on a limited basis quantum communications. They have put up satellites and have ground infrastructure in place for what they hope will be a global communications system. One feature of quantum communications is that it can’t be intercepted without the sender and receiver knowing immediately.

    Now we read (those of us willing to stomach all the lies in the commie press) that the Chinese have made a breakthrough in creating quantum chips.

    Of course their communications system and other quantum technologies have all been stolen from the great Empire of the Exceptionals, I mean, their quantum looks just like US quantum – except better. Of course they can’t call the Premier’s wife a fat pig so their science must be inferior and they gave up innovation after gun powder.

    http://www.globaltimes.cn/content/985866.shtml

    http://en.people.cn/n3/2016/0812/c98649-9099416.html

Comments are closed.