NSA Releases Reports on Unauthorized Surveillance of Americans

The National Security Agency (NSA) released years of edited briefings it gave to an oversight group on Christmas Eve, documenting years of unauthorized surveillance on Americans that the agency argues was accidental. In its reports NSA names the oversteps “unintentional errors.”
NSA Releases Reports on Unauthorized Surveillance of Americans
Adm. Michael Rogers, commander of the U.S. Cyber Command and director of the National Security Agency, testifies during a hearing before the House Select Intelligence Committee on Nov. 20. Photo by Alex Wong/Getty Images
Jonathan Zhou
Updated:

The National Security Agency (NSA) released years of edited briefings it gave to an oversight group on Christmas Eve, documenting years of unauthorized surveillance on Americans that the agency argues was accidental. In its reports NSA names the oversteps “unintentional errors.”

The release contained quarterly reports it had given to the president’s Intelligence Oversight Board between the fourth quarter of 2001 and the second quarter of 2013, dealing mostly with accidental surveillance of Americans mistaken for foreign nationals.

The catalog of individual instances of unauthorized surveillance at NSA showed that it was a routine affair.

“The vast majority of compliance incidents involve unintentional technical or human error,” the NSA wrote on its website. “In the very few cases that involve the intentional misuse of a signals intelligence system, a thorough investigation is completed, the results are reported to the IOB and the Department of Justice as required, and appropriate disciplinary or administrative action is taken.”

President Ronald Reagan issued in 1981 an executive order that authorized an expansion of intelligence gathering which included the tracking of communication of foreign nationals. U.S. persons are granted addition protections to their privacy as a result of their Fourth Amendment rights, and the reports detail that accidental data gathered on US persons were to be deleted.

MORE:

“An array of technical and human-based checks attempt to identify and correct errors, some amount of which occur naturally in any large, complex system,” the NSA said.

However, the reports are heavily redacted, and information about the number of unauthorized surveillance of US persons as well as the amount of time it took to purge improperly collected data is not available in the public versions of the reports. The catalog of individual instances of unauthorized surveillance showed that it was a routine affair.

In one instance from a 2010 report, an NSA analyst had unauthorized access to a database for one month based on a verbal confirmation with a manager before access was revoked.

The National Security Agency headquarters at Fort Meade, Md., as seen from the air, on Jan. 29, 2010. On Christmas Eve the NSA released redacted briefings of mistaken, unauthorized activity by agency employees given to the Intelligence Oversight Board. (Saul Loeb/AFP/Getty Images)
The National Security Agency headquarters at Fort Meade, Md., as seen from the air, on Jan. 29, 2010. On Christmas Eve the NSA released redacted briefings of mistaken, unauthorized activity by agency employees given to the Intelligence Oversight Board. Saul Loeb/AFP/Getty Images

Adjusting the Data

Since the Snowden revelations in 2013, some have charged that the NSA deliberately manipulates how it obtains data to subject more Americans to surveillance.

Harvard researchers Axel Arnbak and Sharon Goldberg published a paper in 2014 on how the NSA can manipulate IP addresses to categorize certain internet activity from U.S. persons as data from foreign nationals, creating a legal loophole to spy on Americans.

“There are several loopholes in current U.S. surveillance law to conduct largely unrestrained surveillance on Americans by collecting their network traffic abroad while not intentionally targeting a U.S. person,” the researchers wrote.

The reports noted instances of intentional errors, although the number of substantiated cases are rare.

“If an intelligence agency can construct plausible presumptions that surveillance does not intentionally target a U.S. person and when the surveillance is conducted abroad, the permissive legal regime under [the 1981 executive order] applies.”

Previously secret NSA rules authorized that data accidentally obtained from U.S. persons could be kept if, going through the appeals process to the director, the data contains “significant foreign intelligence information,” “evidence of a crime,” “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property,” the Guardian reported in 2013.

The Guardian obtained this information from ex-NSA analyst and whistleblower Edward Snowden.

The reports also noted instances of intentional errors, although the number of substantiated cases are rare.

“The analyst reported that, during the past two or three years, she had searched her spouses’ personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,” according to a report from the first quarter of 2012.

A letter sent to Sen. Chuck Grassley (R-Iowa) from the NSA Inspector General on Sept. 11, 2013, documents 12 cases since 2003 of substantiated “willful misuse of surveillance authorities,” the majority of which dealt with analysts querying for data on their significant other.

Jonathan Zhou
Jonathan Zhou
Author
Jonathan Zhou is a tech reporter who has written about drones, artificial intelligence, and space exploration.
Related Topics