A National Security Agency whistleblower unearthed a hot-shot analyst’s unauthorized “project” that targeted the communications of citizens or persons in the United States, according to a top secret inspector general report from 2016.
The project, or “experiment,” was not approved by the Foreign Intelligence Surveillance Court, the attorney general, the NSA director, or the director for the division that handles signals intelligence. It was also not vetted by the analyst’s chain of command or any NSA officers responsible for oversight.
Journalist Jason Leopold obtained a highly censored version of the 2016 report through a Freedom of Information Act (FOIA) lawsuit and co-authored a paywalled article about what that report revealed for Bloomberg.
On March 18, 2013, only a few months before NSA whistleblower Edward Snowden exposed several of the NSA’s mass surveillance programs, a whistleblower stumbled upon a colleague who was collecting or attempting to collect a “large volume of telephone numbers without any foreign intelligence purpose.”
The whistleblower, or “source,” who was a “global network analyst,” complained to several offices tasked with oversight. They then shared what they found with the inspector general’s office in May, and on June 18, while the NSA reeled from the unprecedented scrutiny brought about by Snowden’s disclosures, they contacted the Office of General Counsel, which is the NSA’s legal office.
A group of “management officials” at the NSA considered the whistleblower complaint in several meetings and email exchanges, but even with the fallout from Snowden, they largely maintained that the concerns were unfounded.
The unauthorized project started collecting—or attempting to collect data—that included US persons’ communications as early as 2012.
According to the whistleblower, multiple people in NSA oversight positions lacked the technical expertise to understand what the analyst was doing with their project. They did not understand why the analyst’s collection was in violation of clear procedures.
The inspector general concluded, “Although [the analyst] was told by different supervisors, oversight officials, and attorneys that his activities were acceptable, he was told by others to stop immediately.”
“[The analyst] acted with reckless disregard of the regulations, policies, and procedures that governed the use of the SIGINT system,” the inspector general added, which essentially means he abused his access to programs that enabled mass surveillance.
It is unclear if the analyst who acted recklessly suffered any consequences. He obviously was not prosecuted for engaging in misconduct.
“When I said in 2013 that while I was at the NSA I could pull the communications of anyone who passed through our net—including Americans—officials hotly contested the claim and a lot of folks believed them,” Snowden told Bloomberg. “But it was true, as the NSA itself secretly acknowledges.”
Snowden continued, “Defenders of broad surveillance authorities always insist that Americans don’t have to worry because our intelligence agencies are tightly constrained by law and policy. But time and again we’ve seen that when laws are violated and powers are abused, no one is held legally accountable.”
In fact, as Leopold highlighted, on April 21, 2014, a year into the investigation by the inspector general, the whistleblower contacted the office again to allege that the analyst was still targeting US communications.
“I wasn’t sure whether to report it or wait till he actually gets collection (if any),” the whistleblower wrote. “Also wasn’t sure whether to send the information to you or file a new report with the IG hotline.”
The NSA employee who abused his access was interviewed for the inspector general’s investigation and asserted that his “project” fell under Executive Order 12333, which is a toothless presidential order that US security agencies have invoked to justify the expansion of mass surveillance.
Asked about the “foreign intelligence purpose” of the project, the analyst told the inspector general that it was to “make the collection system healthier, the analytic powers richer, and the system more efficient.” (Part of his response was censored in the declassified report.)
One official claimed that the analyst had not asked for permission to pursue the project and had been told to “stop the project.” At least a few NSA employees saw it as an “experiment.”
There was no audit mechanism for ensuring the project was compliant with NSA procedures. The inspector general’s report said, “He was the only person working on the project, and each day he did not know what he might try to do, what made sense, was easily sustainable, repeatable, and defensible.” He proceeded “[kind of] by the seat of his pants.”
As Demand Progress, an advocacy organization which has challenged abuses of power that threaten civil liberties, noted, the investigation pointed to Title VII of the Foreign Intelligence Surveillance Act (FISA) that contains “Section 702,” which the US government has “abused for years to knowingly access Americans’ communications without a warrant.”
“The congressional intelligence committees have claimed to be robust overseers of intelligence agencies. If accurate, this inspector general report should not only be known to them, but also the subject of serious investigation,” declared Sean Vitka, a senior policy council for Demand Progress. “We call on the House and Senate intelligence committees to release what they know, including how many people this illegal activity impacted, what punishments the people involved faced, and what the committees have done to ensure this never happens again.”
“The government has abused its surveillance powers for too long and blatantly disregarded the privacy rights of the American people. Like the FBI’s recent wrongful spying on business, religious, civic, and community leaders, this adds to the mounting evidence that Title VII is simply too dangerous to reauthorize,” Vitka concluded.