NSA Compliance Problem: Spies Don’t Follow Rules

FISA court judge slams NSA for failing to follow rules limiting surveillance.

The National Security Administration (NSA) documents its covert surveillance programs before launching them, checks their legality with proper federal courts, and regularly reports on the value of those programs to the proper authorities in Congress, according to documents released by the Director of National Intelligence this week.

What the NSA doesn’t do is consistently follow the rules laid down by courts, or let Congress know about what one Federal Intelligence Surveillance Court (FISC) judge called its “serious compliance programs.” Among the violations was a systematic over-collection of data on the email of U.S. residents that showed “those responsible for conducting oversight at the NSA had failed to do so effectively.”

Approximately 2,000 pages of court orders, legal evaluations and NSA documents were released by the office of James Clapper, U.S. Director of National Intelligence, late Nov. 18 in response to lawsuits filed by the American Civil Liberties Union and the Electronic Frontier Foundation.

The program described in the documents, whose name or codename was not disclosed, ended in 2011. Its goals and procedures are similar enough to the PRISM and MUSCULAR programs revealed in classified documents released by NSA whistleblower Edward Snowden to provide good analogues for current programs, wrote Clapper, who defended the programs, the NSA’s integrity, and its respect for rules.

“We focus on uncovering the secret plans and intentions of our foreign adversaries, as we’ve been charged to do,” Clapper wrote of the U.S. intelligence community. “But what we do not do is spy unlawfully on Americans, or for that matter, spy indiscriminately on the citizens of any country. We only ‘spy’ for valid foreign intelligence purposes, as authorized by law, with multiple layers of oversight, to ensure we don’t abuse our authorities.”

According to the declassified opinion of FISC Judge John Bates, however, the NSA did abuse its authority and ‘spy’ in ways not authorized by the law or for valid intelligence purposes.

“As detailed herein, the government acknowledges that NSA exceeded the scope of authorized acquisition continuously during more than [redacted] years of acquisition under these orders,” Bates wrote, adding that the NSA did ask, and get formal approval for, several Internet surveillance projects over an undisclosed number of years, which were approved by the FISC under guidelines of the Federal Intelligence Surveillance Act (FISA).

The approvals included requirements, such as that monitored Internet accounts needed to be associated with a targeted international terrorist group, that the data collected include only specific types of metadata, and that accounts used by U.S. residents be monitored only if the reasons for doing so didn’t include activities protected by the First Amendment, which guarantees freedom of speech and religion.

The latter requirement was an effort to prevent the targeting of U.S. residents whose opinions raised the hackles of intelligence officials, but for whom there was no credible evidence of wrongdoing.

The NSA documents include arguments that large-scale data collection is necessary to build a database that could be mined for signs of illegal activity, and that the NSA needed a huge volume of data to ensure its “analytic tools are likely to generate investigative leads.”

The documents also contain repeated assurances from NSA officials that they have the programs under control and that all the data collection was being handled in accordance with limitations imposed by the courts that approved them.

Those assurances were untrue, Bates concluded: “Given NSA’s longstanding and pervasive violations of the prior orders in this matter, the Court believes it would be acting well within its discretion in precluding the government from accessing or using such information.”

Bates’ ruling did narrow the scope of the NSA’s request to extend its surveillance programs, but approved the application as a whole based on NSA’s assurance that the data was critical to national security and because “high-level officials at the Department of Justice and NSA have personally assured the Court that they will closely monitor the acquisition and use of bulk PR/TT collection [surveillance data] to ensure that the law, as reflected in the Court’s orders, is carefully followed.”

The Snowden documents show the NSA didn’t follow those rules, either.

“These documents paint a distressing picture of the failure to properly oversee the NSA’s sweeping surveillance of Americans,” ACLU attorney Patrick Toomey told The Wall Street Journal. “The government repeatedly violated the court’s authorizations, only to have the court approve more and more far-reaching collection.”