Shocker: Despite domestic spying denials, NSA broke privacy rules thousands of times

Clever word games and crafty definitions don't change the truth; a lie is a lie and NSA unauthorized spying broke privacy rules thousands of times per year.

Surprise, or not so much, the NSA "has broken privacy rules or overstepped its legal authority thousands of times each year" since 2008, according to documents leaked to the Washington Post from NSA whistleblower Edward Snowden. This includes unauthorized surveillance of Americans.

That stands in stark contrast to official statements that the NSA may make a mistake "every now and then," but that it does not abuse its surveillance powers. Of course, those officials' skewed statements might be due to NSA word games. For example, the Post points out:

The NSA uses the term "incidental" when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, "does not constitute a . . . violation" and "does not have to be reported" to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

The "unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy" counted as only one "incident" that occurred as recently as February 2012; yet "each file contained an undisclosed number of telephone call records." The Post added, "NSA lawyers told the court that the agency could not practicably filter out the communications of Americans."

How odd, since NSA Chief Keith Alexander previously denied the NSA has dossiers on most all Americans; in fact, he claimed, "We don't hold data on U.S. citizens." Of course, he might view that as the truth because our definition of data is not even close to the NSA's.

Some Obama administration officials, speaking on the condition of anonymity, have defended Alexander with assertions that the agency's internal definition of "data" does not cover "metadata" such as the trillions of American call records that the NSA is now known to have collected and stored since 2006. Those records include the telephone numbers of the parties and the times and durations of conversations, among other details, but not their content or the names of callers.

The NSA's authoritative definition of data includes those call records. "Signals Intelligence Management Directive 421," which is quoted in secret oversight and auditing guidelines, states that "raw SIGINT data . . . includes, but is not limited to, unevaluated and/or unminimized transcripts, gists, facsimiles, telex, voice, and some forms of computer-generated data, such as call event records and other Digital Network Intelligence (DNI) metadata as well as DNI message text."

Some of the NSA privacy violations highlighted by The Post were from a May 2012 audit, which included "2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications." That number, however, was only "incidents" at NSA's Fort Meade headquarters and other facilities in the Washington area. Unnamed government officials "said the number would be substantially higher if it included other NSA operating units and regional collection centers."

The audit concluded that "most" of the unauthorized surveillance or privacy violations "were unintended. Many involved failures of due diligence or violations of standard operating procedure." 10 "incidents" were fat finger typo mistakes "in which an analyst enters an incorrect query and retrieves data about U.S phone calls or e-mails."

Another NSA official, speaking on the condition of anonymity, told The Post, "We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line."

Dianne Feinstein, chairman of the Senate Intelligence Committee, has staunchly defended NSA surveillance for national security; yet seemingly in CYOA mode, she told The Post that she had not received a copy of the leaked NSA audit until the paper asked her about it.

John DeLong, NSA director of compliance, told Reuters that "NSA analysts make 20 million queries of intelligence databases on average each month" and any mistakes made were "tiny" in the overall picture. He added, "These are not willful violations, they are not malicious, these are not people trying to break the law." He called willful violations "extremely rare." In those cases, "mistakes can lead to the removal of database access for an NSA employee." Although he promised more documents will be released "soon," that doesn't mean they will tell us anything.

We've seen how the NSA defines words differently than we might, which conveniently helps the agency step around the law and our privacy rights. Although we are supposed to be pacified with the knowledge that there is oversight, NSA documents tell analysts what to say and what not to say about its "targeting rationale" to agency's "FAA overseers."

One of those FAA overseers admitted that the court "lacks the tools to independently verify how often the government's surveillance breaks the court's rules that aim to protect Americans' privacy." U.S. District Judge Reggie B. Walton, who was deemed the "chief judge of the Foreign Intelligence Surveillance Court," said, "The FISC is forced to rely upon the accuracy of the information that is provided to the Court. The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders."

It is way beyond time for NSA surveillance reform legislation.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2013 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations