Fact Check: Why did the NSA breach privacy protections? – The Weekly Standard

National Security Agency analysts under the Obama administration improperly searched Americans' information, but the searches were conducted largely out of error, according to a review of publicly available intelligence documents reported on by Circa last week.

The website reported that Obama's NSA violated privacy protections by searching a subset of intelligence for Americans' information. The story draws in part from a partially declassified April 2017 Foreign Intelligence Surveillance Court opinion, which says that the NSA repeatedly and inappropriately queried, or searched, "U.S. person identifiers" within a swath of data. The data was collected under Section 702 of the Foreign Intelligence Surveillance Act, meaning that it targeted a foreigner, on foreign soil, for a foreign intelligence purpose.

The NSA at the time was not allowed to search a chunk of intelligence, known as "upstream," using U.S. person identifiers (like an American's email address)but it did, and "with much greater frequency than had previously been disclosed" to the FISC. Upstream data is obtained from "providers that control the telecommunications "backbone" over which telephone and Internet communications transit," according to an independent government oversight agency.

Of this, Circa wrote:

The admitted violations undercut one of the primary defenses that the intelligence community and Obama officials have used in recent weeks to justify their snooping into incidental NSA intercepts about Americans.

Circa has reported that there was a three-fold increase in NSA data searches about Americans and a rise in the unmasking of U.S. person's identities in intelligence reports after Obama loosened the privacy rules in 2011.

Officials like former National Security Adviser Susan Rice have argued their activities were legal under the so-called minimization rule changes Obama made, and that the intelligence agencies were strictly monitored to avoid abuses.

The intelligence court and the NSA's own internal watchdog found that not to be true.

This sounds nefarious, especially against the backdrop of a months-long controversy over unmasking and leaks. But as Circa hints some paragraphs later, the incidents, which were self-reported by the NSA to Congress and the FISC, were in part the result of a system design quirk.

"The system automatically includes in a search all authorities an analyst's credentials permit the analyst to access," Adam Klein, a senior fellow at the Center for a New American Security, told THE WEEKLY STANDARD. "That meant that analysts with access to upstream data had to opt out of querying upstream when setting their search criteria. That system design apparently resulted in non-compliant queries."

A January notice to the FISC also said that "human error was the primary factor" in a portion of these improper queries. The NSA in an announcement also claimed that the incidents were "not willful." And as Klein told TWS, "There have been no reported incidents of intentional misuse of Section 702 by the agencies responsible for implementing it."

The NSA inspector general report read:

For the queries into FAA 702 upstream data, SV concluded that analysts had not removed the FAA 702 upstream authority from their search criteria (that automatically defaulted on the basis of their credentials) or had not included the appropriate . . . limiters to prevent FAA 702 upstream data from being queried.

The NSA told the FISC about the incidents as the court conducted its annual review for 702 certifications. The non-compliance triggered a broader NSA review, and ultimately resulted in the agency declaring the end of "about" collectionor the gathering of communications that mention a target. "About" collection often scooped up entirely domestic communications, drawing the ire of civil liberties advocates. The NSA also announced that it would purge much of its upstream data, and the FISC gave the go-ahead for analysts to query upstream using U.S. person identifiers, now that "about" has ended.

The court's late March certification reflected that change. But the court was not pleased with the non-compliance. The FISC in October described it as "a very serious Fourth Amendment issue" and attributed the agency's delayed disclosure to "an institutional 'lack of candor.'"

Still, the incidentincluding the NSA's self-reporting and public announcementsexemplifies the extent of 702 oversight, Klein said.

"The program is subject to extensive oversight, including judicial supervision by the Foreign Intelligence Surveillance Court. The recent end of "about" collection in response to FISC oversight shows that it has real teeth," he said.

If you have questions about this fact check, or would like to submit a request for another fact check, email Jenna Lifhits at jlifhits@weeklystandard.com or The Weekly Standard at factcheck@weeklystandard.com.

Read more:
Fact Check: Why did the NSA breach privacy protections? - The Weekly Standard