April 28, 2017 / by emptywheel


NSA Had Found “Many” Improper Queries on Upstream US Person Data at Least by 2013

As noted, the government has shut down some upstream about collection. According to Charlie Savage, they did so, because “last year, officials said, the N.S.A. discovered that analysts were querying the bundled messages in a way that did not comply with those rules.”

While it’s not clear it’s the same problem, DOJ and ODNI have been aware that NSA analysts conducted improper queries of upstream data. The October 2014 Semiannual Report covering the period from June 1 through November 30, 2013, for example, describes the oversight teams finding enough instances of analysts querying upstream data with US person identifiers that it qualified “many” of the violations to be inadvertent.

The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([long redaction]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

At least at this point, analysts had to affirmatively exclude upstream 702 from queries to avoid the search. A previous semiannual report described tracking such queries as difficult because all the data wasn’t in one place.

The following review period, December 1, 2013 to May 31, 2014, reviewers felt that NSA should require analysts to reveal whether they knew they were using a US person identifier to prevent similar queries.

Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent instances of otherwise approved United States person query terms being used to query upstream Internet transactions, which is prohibited by the NSA minimization procedures.64

The footnote explaining the need is redacted.

Again, it’s not clear that this is the problem that led to the shut-down of upstream about queries. But it is clear that problems go back years.

Copyright © 2017 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2017/04/28/nsa-had-found-many-improper-queries-on-upstream-us-person-data-at-least-by-2013/