As was noted here earlier, the NSA surprised many people by shutting down its email collection. This collection was authorized by the FISA Amendments Act, which is due for renewal at the end of this year. Since the point the collection began, it was clear the NSA was also harvesting (inadvertently, it said) US persons’ communications.
Ron Wyden, along with a few other lawmakers, has been asking the NSA for years to turn over information on this program — specifically, how many US persons had been swept up “incidentally” in the bulk collection. For years, the NSA has refused to do so, claiming it would be impossible to compile this information and, somewhat hilariously, claiming it would violate the privacy of those swept up in the collection to query the database for incidental collections.
This decision to shut down the program may result in that answer never being given to Wyden. The ODNI (Office of the Director of National Intelligence) may decide the shutdown renders this particular query moot. It shouldn’t. Now that the email program has been shut down EXPLICITLY because it sweeps up too many US persons’ in the dragnet, the answer is more important than ever. And the ODNI has recently (and very belatedly) promised to deliver this number and should keep that promise even though the program has been shut down. Not only that, but this shutdown only affects the collection of email. It doesn’t prevent the NSA from collecting other internet-based communications. With fewer people using email as their primary communication method, the NSA will still have plenty of communications to harvest.
There’s another good reason for turning over that number: the Section 702 collection has been plagued with problems pretty much since its inception. The FISA court determined in 2011 that the program — as operated by the NSA — was unconstitutional. Apparently some fixes were made as the program was allowed to continue. But as Marcy Wheeler pointed out a year ago, the program has never not been violating the Foreign Intelligence Surveillance Act.
In his November 6, 2015 opinion reauthorizing Section 702, presiding judge Thomas Hogan described two more definite violations of 50 U.S.C. §1809(a)(2), and one potential one, bringing the list of times the FISC caught NSA illegally surveilling Americans to four, and potentially five, times.
Fall 2009 confession/July 2010 opinion: Collection of categories of data under the bulk PRTT program not permitted by the FISC (Bates’ opinion describes a category violation reported to FISC in the very first PRTT docket, along with NSA’s assurances it would never happen again)
June 2010 confession/December 10 2010, May 13, 2011 opinions: Retention of overcollected data from a traditional FISA warrant in mission management systems ultimately not deemed necessary for collection avoidance
May 2011 confession/October 3, 2011 opinion: Collection of entirely domestic communications on upstream surveillance MCTs
July 13, 2015 confession/November 6, 2015 opinion: Retention of 702 communications that had been otherwise purged in mission management systems, even though FISC had ruled against such retention in 2011
[Potential] July 13, 2015 confession/November 6, 2015 opinion: Retention of data that should have been purged or aged off in compliance databases
This is the authority the NSA wants approved at the end of the year. This shutdown might be an attempt to finally make the program legal — or at least legal enough to survive a closer examination as the issue heads towards a vote.
This shutdown — along with the NSA’s long history of abuse — also explains why there were no Section 702 approvals from the FISA court. As Wheeler suggested when the information was first released, the lack of approvals in 2016 indicated the program had “serious issues.” Her post from last year shows the program has always had “serious issues.” The number of requests the government made in 2016 was redacted from the report, but the footnote attached to it suggests it was more than one.
Perhaps the court no longer found the program Constitutional, at least not the way the NSA routinely operated it. While incidental collection is always a problem with bulk surveillance, the internal controls, which NSA talking points claim prevent abuse, apparently aren’t controlling much or preventing much. It appears the NSA can’t find a way to operate this part of the Section 702 program without collecting (and querying) US persons’ communications, so it has decided to shut it down, rather than spend any more time and effort trying to talk the FISA court into approving its ritualistic abuse.
Despite having years to improve its practices and improve its segregation of collected data, the agency apparently did very little to rein this program in. A 2014 DOJ/ODNI report quoted by Wheeler shows misuse of collected data continued to increase even as the NSA sought orders to collect even more.
The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([long redaction]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.
This continued abuse and misuse is highly problematic, although the ODNI has been the last entity to officially recognize this. The “upstream” collection not only results in vast amounts of intercepted communications, but is one the FBI’s favorite sources for intel. The ODNI denies to this day the FBI’s searches of the NSA’s collections are “backdoor searches,” but it’s information and communications the FBI certainly can’t collect itself under its legal authorities. The supposedly foreign-facing collection is routinely used by a domestic law enforcement agency to obtain US persons’ communications without a warrant. That’s a “backdoor” search, no matter how the ODNI portrays it.
No matter what else comes of it, this shutdown is huge. Even though it’s a smaller part of a larger internet communications collection program, it’s still a significant closure. And once again, this is a result of Snowden’s leaks. Wyden’s persistent pestering about incidental collection likely played a small part as well. But without documents clearly showing how much the program collected and how it was being used, the NSA would most likely still be trying to find a way to push these requests past the FISA court. And without this additional scrutiny, the court itself might have found itself more easily persuaded.