NSA Had Found “Many” Improper Queries on Upstream US Person Data at Least by 2013

As noted, the government has shut down some upstream about collection. According to Charlie Savage, they did so, because “last year, officials said, the N.S.A. discovered that analysts were querying the bundled messages in a way that did not comply with those rules.”

While it’s not clear it’s the same problem, DOJ and ODNI have been aware that NSA analysts conducted improper queries of upstream data. The October 2014 Semiannual Report covering the period from June 1 through November 30, 2013, for example, describes the oversight teams finding enough instances of analysts querying upstream data with US person identifiers that it qualified “many” of the violations to be inadvertent.

The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([long redaction]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

At least at this point, analysts had to affirmatively exclude upstream 702 from queries to avoid the search. A previous semiannual report described tracking such queries as difficult because all the data wasn’t in one place.

The following review period, December 1, 2013 to May 31, 2014, reviewers felt that NSA should require analysts to reveal whether they knew they were using a US person identifier to prevent similar queries.

Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent instances of otherwise approved United States person query terms being used to query upstream Internet transactions, which is prohibited by the NSA minimization procedures.64

The footnote explaining the need is redacted.

Again, it’s not clear that this is the problem that led to the shut-down of upstream about queries. But it is clear that problems go back years.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

2 replies
  1. RickR says:

    I’m all in with Wyden and the ACLU on the principle but the NSA timing is curious. Recall back in November WaPo reported that both Carter (SoD) and Clapper (DNI) had recommended to Obama that Rogers be terminated for “poor performance”. Interpret that as you will. Trump did not intend to retain Rogers but after an irregular meeting with Trump, he was kept on.
    This move may be an effort to delegitimize the information gathered (regardless of search procedure) that has entangled the Trump campaign with Russia and (possibly) other international entities. Clearly Trump was shocked by all this and seeks to eliminate even the possibility of his associates both inside and outside the government falling into the same trap.
    I assume that the identities of foreign entities under surveillance is highly classified so warning US citizens of contact with those entities requires a high level of clearance. That could get very sticky for the administration so just eliminate the NSA practice, or don’t and say you did.

Comments are closed.