NSA Should Have Addressed Its Upstream Problem in 2013

I Con the Record has released a slew of documents pertaining to last year’s problem with upstream searches, including the opinion ultimately approving new certifications. I’m doing a working thread and suspect I will have concerns about FISC oversight that I haven’t had on past such reviews.

But for now, I’m aghast at this paragraph and accompanying footnote, describing how NSA’s office of compliance and IG were trying to get a grasp on the problems.

In anticipation of the January 31 deadline, the government updated the Court on these querying issues in the January 3, 2017 Notice. That Notice indicated that the IG’s follow-on study (covering the first quarter of 2016) was still ongoing. A separate OCO review, limited in many of the same ways as the IG studies, and covering the periods of April through December 2015 and April through July of 2016, found that some redacted] [improper queries were conducted by [redacted] analysts during those periods.21 The January 3, 2017 Notice stated that “human error was the primary factor” in these incidents, but also suggested that system design issues contributed. For example, some systems that are used to query multiple datasets simultaneously required analysts to “opt-out” of querying Section 702 upstream Internet data rather than requiring an affirmative “opt-in,” which, in the Court’s view, would have been more conducive to compliance. See January 3, 2017 Notice at 5-6. It also appeared that NSA had not yet fully assessed the scope of the problem: the IG and OCO reviews “did not include systems through which queries are conducted of upstream data but that do not interface with NSA’s query audit system.” Id. at 3 n.6. Although NSD and ODNI undertook to work with NSA to identify other tools and systems in which NSA analysts were able to query upstream data, id., and the government proposed training and technical measures, it was clear to the Court that the issue was not yet fully scoped out.

21 NSA further reported that OCO reviewed queries involving a number of identifiers for known U.S. persons who were not targets under Sections 704 or 705(b) of the Act, and which were associated with “certain terrorism-related events that had occurred in the United States.” January 3, 2017 Notice at 6. NSA OCO found [redacted] such queries, [redacted] of which improperly ran against Section 702 upstream Internet data. [redacted] of the improper queries were run in a system called [redacted] which NSA analysts use to of a current or prospective target of NSA collection, including under Section 702. Id. at 6-7. [my emphasis]

This passage seems to reveal several things: that NSA was querying upstream content before identifying whether something could be used as a target (which I suspect means it involved a triage process). It reveals that not all queries are being audited!!!!

And it also reveals that one reason NSA analysts were collecting upstream data is because over three years after DOJ and ODNI had figured out analysts were breaking the rules because they forgot to exclude upstream from their search, they were still doing so. Overseers noted this back in 2013!

NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([long redaction]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

This problem should have been fixed in the first full period when they were doing upstream searches. But for some reason … NSA never did.

Update: This language seems to say that this problem existed for the entire time they were conducting upstream in the 2011 fashion.

In May and June 2016, NSA reported to oversight personnel in the ODNI and DOJ that, since approximately 2012, use of to query communications in had resulted in inadvertent violations of the above-described querying rules for Section 702 information. Id. The violations resulted from analysts not recognizing the need to avoid querying datasets for which querying requirements were not satisfied or not understanding how to formulate queries to exclude such datasets. Id. at 1-2.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

2 replies
  1. SpaceLifeForm says:

    OT: “He’s a showboat,” Mr. Trump said. “He’s a grandstander.”

    Guess he would know all about that.



    While the White House has repeatedly said the FBI no longer had confidence in Comey, McCabe said the bureau had his back. “Director Comey enjoys broad support within the FBI and still does to this day,” he said.

    [It is hard work, hard work (Bush Jr.), to keep tripping over your middle appendage like this, but #UnfitForOffice has it down to an art form.

    Boente, Rosenstein, and McCabe best watch their back.]

Comments are closed.