The National Security Agency under former President Barack Obama routinely violated American privacy protections while scouring through overseas intercepts and failed to disclose the extent of the problems until the final days before Donald Trump was elected president last fall, according to once top-secret documents that chronicle some of the most serious constitutional abuses to date by the U.S. intelligence community.
More than 5 percent, or one out of every 20 searches seeking upstream Internet data on Americans inside the NSA’s so-called Section 702 database violated the safeguards Obama and his intelligence chiefs vowed to follow in 2011, according to one classified internal report reviewed by Circa.
The Obama administration self-disclosed the problems at a closed-door hearing Oct. 26 before the Foreign Intelligence Surveillance Court that set off alarm. Trump was elected less than two weeks later.
Circa has reported that there was a three-fold increase in NSA data searches about Americans and a rise in the unmasking of U.S. person’s identities in intelligence reports after Obama loosened the privacy rules in 2011.
Officials like former National Security Adviser Susan Rice have argued their activities were legal under the so-called minimization rule changes Obama made, and that the intelligence agencies were strictly monitored to avoid abuses.
The intelligence court and the NSA’s own internal watchdog found that not to be true.
“Since 2011, NSA’s minimization procedures have prohibited use of U.S.-person identifiers to query the results of upstream Internet collections under Section 702,” the unsealed court ruling declared. “The Oct. 26, 2016 notice informed the court that NSA analysts had been conducting such queries inviolation of that prohibition, with much greater frequency than had been previously disclosed to the Court.”
The American Civil Liberties Union said the newly disclosed violations are some of the most serious to ever be documented and strongly call into question the U.S. intelligence community’s ability to police itself and safeguard American’s privacy as guaranteed by the Constitution’s Fourth Amendment protections against unlawful search and seizure.
“I think what this emphasizes is the shocking lack of oversight of these programs,” said Neema Singh Guliani, the ACLU’s legislative counsel in Washington.
“You have these problems going on for years that only come to the attention of the court late in the game and then it takes additional years to change its practices.
“I think it does call into question all those defenses that we kept hearing, that we always have a robust oversight structure and we have culture of adherence to privacy standards,” she added. “And the headline now is they actually haven’t been in compliacne for years and the FISA court itself says in its opinion is that the NSA suffers from a culture of a lack of candor.”
The NSA acknowledged it self-disclosed the mass violations to the court last fall and that in April it took the extraordinary step of suspending the type of searches that were violating the rules, even deleting prior collected data on Americans to avoid any further violations.
“NSA will no longer collect certain internet communications that merely mention a foreign intelligence target,” the agency said in the statement that was dated April 28 and placed on its Web site without capturing much media or congressional attention.
In question is the collection of what is known as upstream “about data”about an American that is collected even though they were not directly in contact with a foreigner that the NSA was legally allowed to intercept.
The NSA said it doesn’t have the ability to stop collecting ‘about’ information on Americans, “without losing some other important data. ” It, however, said it would stop the practice to “reduce the chance that it would acquire communication of U.S. persons or others who are not in direct contact with a foreign intelligence target.”
The NSA said it also plans to “delete the vast majority of its upstream internet data to further protect the privacy of U.S. person communications.”
Agency officials called the violations “inadvertent compliance lapses.” But the court and IG documents suggest the NSA had not developed a technological way to comply with the rules they had submitted to the court in 2011.
Officials “explained that NSA query compliance is largely maintained through a series of manual checks” and had not “included the proper limiters” to prevent unlawful searches, the NSA internal watchdog reported in a top secret report in January that was just declassified. A new system is being developed now, officials said.
The NSA conducts thousand of searches a year on data involving Americans and the actual numbers of violations were redacted from the documents Circa reviewed.
But a chart in the report showed there three types of violations, the most frequent being 5.2 percent of the time when NSA Section 702 upstream data on U.S. persons was searched.
The inspector general also found noncompliance between 0.7 percent and 1.4 percent of the time involving NSA activities in which there was a court order to target an American for spying but the rules were still not followed. Those activities are known as Section 704 and Section 705 spying.
The IG report spared few words for the NSA’s efforts before the disclosure to ensure it was complying with practices, some that date to rules issued in 2008 in the final days of the Bush administration and others that Obama put into effect in 2011.
“We found that the Agency controls for monitoring query compliance have not been completely developed,” the inspector general reported, citing problems ranging from missing requirements for documentation to the failure to complete controls that would ensure “query compliance.”
The NSA’s Signal Intelligence Directorate, the nation’s main foreign surveillance arm, wrote a letter back to the IG saying it agreed with the findings and that “corrective action plans” are in the works.