There hasn’t been a whole lot of outrage over the NSA’s Christmas Eve data dump listing their many privacy violations over the last several years. Then again, there frequently isn’t a whole lot to work with. A lot of the report looks like this:
Or this:
The report contains pages upon pages filled with lists of protocol breaches and violations, but often the most important information—like how many times these improper searches occurred—is redacted.
The most blatant abuse seems to be the case of a female NSA analyst who searched through her husband’s phone records for three to four years, and obtained names for targeting. The investigation into that is “ongoing” and she does not appear to have been punished yet.
But the countless small errors are just as alarming: miscommunication, files being “misrouted,” software glitches, files “mistakenly accessed,” searches “mistakenly performed,” “inadvertent intercepts.” There’s a lot of improper “tasking” and delayed “detasking,” terms the NSA uses in describing the process of targeting a personal email or phone number.
Many of these errors resulted in unauthorized people having access to targets’ information. In one instance, “an NSA analyst mistakenly shared information associated with a USP [U.S. person] in an e-mail to a customer.” Oops! Often NSA analysts believed that such-and-such (usually redacted) was a permissible search, but were mistaken. And often the reason for an error is—you guessed it!—redacted.
What, for example, is going on is this instance of targeting a personal cell phone?
What about these “questionable intelligence activities of a serious nature” and “potential crime”?
Or this “tool being improperly used by a U.S. service member” to do something redacted, but which is listed under “Crimes reporting”?
And what in the world was going on here?
Even if each item were a single occurrence, this would be a hefty record of screw-ups—but the redacted numbers leave in question how many times all these mistakes and misroutes could have been happening for them to need to be redacted in the first place.
When there are indications of frequency, they’re vague, like the program authorized to intercept the communications of government contractors and examine whether security systems are at risk, which would “often result in the acquisition of non-public communications or other non-public information about or concerning USPs.”
Then there are other troubling censored items, like a brief mention of a newly-instituted program “that gives analysts greater and faster insight into a target’s location.” The text that follows is, naturally, redacted.
It’s also worth mentioning that the NSA’s release was in response to an ACLU Freedom of Information of Act request; the NSA left that tidbit out in its introduction to the reports.
