NSA deleting millions of phone call and text records over privacy violations

The NSA blames 'technical irregularities' in the call record data it received from telecoms for the mass purge of over 685 million phone and text message records.

NSA deleting millions of phone call records over privacy violations

“Technical irregularities” have the NSA scrambling to delete millions upon millions of phone and text message data records the agency should never have obtained under the USA Freedom Act.

While The New York Times reported the number of call detail records (CDR) the NSA was deleting was in “hundreds of millions,” the Associated Press clocked the number at “more than 685 million call records.” If that number is correct, then it came from the 534 million records the NSA collected in 2017 – a year in which NSA phone record surveillance tripled – as well as the 151 million records collected in 2016, which was the first full year after the USA Freedom Act surveillance rules kicked in.

In a public statement, the NSA admitted it started deleting all call detail records acquired since 2015.

The NSA’s statement added:

NSA is deleting the CDRs because several months ago NSA analysts noted technical irregularities in some data received from telecommunications service providers. These irregularities also resulted in the production to NSA of some CDRs that NSA was not authorized to receive. Because it was infeasible to identify and isolate properly produced data, NSA concluded that it should not use any of the CDRs.

The NSA had a little chat with the Justice Department and the Office of the Director of National Intelligence before deciding “the appropriate course of action was to delete all CDRs.”

You cannot ponder what things are uNSAfe for privacy without seeing the NSA smackdab in the middle of it, but the agency assured us that “the root cause of the problem has since been addressed.”

Who is to blame?

Sen. Ron Wyden (D-Ore.) didn’t blame the NSA, but the telecom companies making the call records available for the NSA to query. The telecoms are the ones holding onto the CDRs, but the NSA can collect it thanks the USA Freedom Act of 2015 and Title V of FISA.

“This incident shows these companies acted with unacceptable carelessness and failed to comply with the law when they shared customers’ sensitive data with the government,” Wyden told the Associated Press.

The NSA started purging the records on May 23, and NSA spokesman Christopher Augustine wants us to be grateful.

“This is a case in which NSA determined that there was a problem and proactively took all the right steps to fix it. We cannot go into greater detail because those details remain classified. However, at no point in time did NSA receive the content of any calls, the name, address or financial information of a subscriber or customer, nor cell site location information or global positioning system information,” he said.

That’s “cold comfort,” according to Liza Goitein of the Brennan Center for Justice at New York University. Goiten told the Daily Beast, “Over and over again, NSA says we don’t have to worry because these violations are inadvertent. At some point, that’s cold comfort when we’re trusting NSA to collect hundreds of mill of our records and they’re persistently failing to adhere to the legal limits.”


Copyright © 2018 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)