It’s fundraising week. Please donate if you can.
James Clapper’s office just released a bunch of documents pertaining to the Section 215 dragnet. It reveals a whole slew of violations which it attributes to this:
The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC. As discussed in the documents, there was no single cause of the incidents and, in fact, a number of successful oversight, management, and technology processes in place operated as designed and uncovered these matters.
More candidly it admits that no one at NSA understood how everything works. It appears they’re still not sure, as one Senior Official Who Refused to Back His Words admitted,
“I guess they have 300 people doing compliance at NSA.”
“I guess” is how they make us comfortable about their new compliance program.
Ultimately, this resulted them in running daily Section 215 collection on a bunch of numbers that–by their own admission–they did not have reasonable articulable suspicion had some time to terrorism. When they got caught, that number consisted of roughly 10 out of 11 of the numbers they were searching on.
The rest of this post will be a working thread.
Update: Here is the Wyden/Udall statement. It strongly suggests that the other thing the government lied about — as referenced in John Bates’ October 3, 2011 opinion — was the Internet dragnet.
With the documents declassified and released this afternoon by the Director of National Intelligence, the public now has new information about the size and shape of that iceberg. Additional information about these violations was contained in other recently-released court opinions, though some significant information – particularly about violations pertaining to the bulk email records collection program – remains classified.
In addition to providing further information about how bulk phone records collection came under great FISA Court scrutiny due to serious and on-going compliance violations, these documents show that the court actually limited the NSA’s access to its bulk phone records database for much of 2009. The court required the NSA to seek case-by-case approval to access bulk phone records until these compliance violations were addressed. In our judgment, the fact that the FISA Court was able to handle these requests on an individual basis is further evidence that intelligence agencies can get all of the information they genuinely need without engaging in the dragnet surveillance of huge numbers of law-abiding Americans.
The original order required NSA to keep the dragnet on “a secure private network that NSA exclusively will operate.” Yet on the conference call, the Secret-Officials-Whose-Word-Can’t-Be-Trusted admitted that some of the violations involved people wandering into the data without knowing where they were. And an earlier violation made it clear in 2012 they found a chunk of this data that tech people had put on their own server.
The order also requires an interface with security limitations. Again, we know tech personnel access the data outside of this structure.
That order also only approves 7 people to approve queries. That number is now 22.
(9) We need to see a copy of the first couple of reports NSA gave to FISC with its reapplications to see how things got so out of control.
(10) This approval was signed by Malcom Howard. Among other things he was in the White House during the Nixon-Ford transition period.
The original authorization for 215 was a hash. Reggie Walton got involved in 2008 and cleaned it up (though not convincingly) in this supplemental order. He relies, significantly, on the “any tangible thing” language passed in 2006. (2-3)