NSA kept violating rules in phone database queries
By Joseph Menn, ReutersSAN FRANCISCO -- The National Security Agency routinely violated court-ordered privacy protections between 2006 and 2009 by examining phone numbers without sufficient intelligence tying them to associations with suspected terrorists, according to U.S. officials and documents that were declassified on Tuesday.
September 12, 2013, 12:12 am TWN
The Foreign Intelligence Surveillance Court, which oversees requests by spy agencies to tap phones and capture emails in pursuit of information about foreign targets, required the NSA to have a “reasonable articulable suspicion” that phone numbers were connected to suspected terrorists before agents could search a massive call database to see what other numbers they had connected to, how often and for how long.
But between 2006 and 2009, the agency used an “alert list” to search daily additions to the U.S. calling data, and that list contained mostly numbers that had merely been deemed of possible foreign intelligence value, a much lower threshold.
The alert list grew from about 3,980 phone numbers in 2006 to 17,835 by early 2009, and only 2,000 of the larger number met the required standard for certified reasonable suspicion of a terrorist tie, officials said.
Each inquiry could scan for the contacts that the holder of the phone number had called as well as those people's contacts, so that many more U.S residents could have been swept up.
But in official briefings for the press Tuesday, intelligence authorities said that those numbers on the alert list were only checked against new calls, not the historical record of all calls, so that no full “chain analysis” usually resulted.
“This was used by analysts to try to prioritize their work,” one official said. “If you're trying to pick 25 players for a major league baseball team, you might give 500 a tryout.”
But about 600 U.S. numbers were improperly passed along to the Central Intelligence Agency and Federal Bureau of Investigation as suspicious, the records show. In addition, scores of analysts from the sister agencies had access to the calling database without proper training.
The new disclosures add a fresh perspective to recent statements by the NSA Director Keith Alexander than only 300 or so numbers were run against the master calling database in 2012.
That was years after the secret court concluded it had been badly misled, ordered a temporary halt to the automated searches, and mulled contempt proceedings before the NSA drastically curtailed its practices.
In January 2009, the court ruled that the alert-list procedure was “directly contrary to the sworn attestations of several executive branch officials.”
Alexander and other officials responded with filings maintaining that no one at the NSA had fully understood all of the rules around the calling-records database, the software used to search it, and the significance of internal markings.