Wall Street Journal columnist L. Gordon Crovitz wrote a misleading and error-filled column about NSA surveillance on Monday, based on documents obtained by EFF through our Freedom of Information Act lawsuit. Since we’ve been poring over the documents for the last week, we felt it was important to set the record straight about what they actually reveal.
Edward Snowden thought he was exposing the National Security Agency's lawless spying on Americans. But the more information emerges about how the NSA conducts surveillance, the clearer it becomes that this is an agency obsessed with complying with the complex rules limiting its authority.
That’s an interesting interpretation of the recently released documents, given that one of the two main FISA court opinions released says the NSA was engaged in “systemic overcollection” of American Internet data for years, and committed “longstanding and pervasive violations of the prior orders in this matter.” The court summarized what it called the government’s “frequent failures to comply with the [surveillance program’s] terms” and their “apparent widespread disregard of [FISA court imposed] restrictions.”
[The documents] portray an agency acting under the watchful eye of hundreds of lawyers and compliance officers.
Again, this is not what the actual FISA court opinions portray. “NSA’s record of compliance with these rules has been poor,” and “those responsible for conducting oversight failed to do so effectively,” FISA court Judge Bates wrote in the key opinion released last week. In another FISA court opinion from 2009, released two months ago, the NSA admitted that not a single person in the entire agency accurately understood or could describe the NSA’s whole surveillance system to the court.
It's true that the number of compliance officers at the NSA has increased in recent years, but as the Washington Post reported, so has the number of privacy violations.
These documents disprove one of Mr. Snowden's central claims: "I, sitting at my desk, certainly had the authority to wiretap anyone, from you or your accountant, to a federal judge, to even the president if I had a personal email," he told the Guardian, a British newspaper.
Here, Crovitz is setting up a strawman. Snowden wasn’t talking about the NSA’s legal authority, but their technical authority to conduct such searches. Snowden was likely referring to XKeyScore, which the Guardian reported allowed NSA analysts to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals.”
We actually have a specific example that proves Snowden’s point. As the New York Times reported in 2009, an NSA analyst “improperly accessed” former President Bill Clinton’s personal email. More recently, we’ve learned that the NSA analysts abused the agency vast surveillance powers to spying on ex-spouses or former lovers.
The NSA also released the legal arguments the Justice Department used in 2006 to justify collection of phone metadata-the telephone number of the calling and called parties and the date, time and duration of the call.
Metadata collection is about connecting the dots linking potential terrorist accomplices. The Clinton administration created barriers to the use of metadata, which the 9/11 Commission concluded let the terrorists avoid detection. Since then, metadata has helped stop dozens of plots, including an Islamist plan to blow up the New York Stock Exchange in 2008.
Again, not true. As Intelligence Committee members Sen. Ron Wyden and Sen. Mark Udall have continually emphasized, there is “no evidence” that the phone metadata program is effective at stopping terrorists. Independent analyses have come to the same conclusion. When called out on that number in a Congressional hearing, even NSA Director Keith Alexander admitted the number was exaggerated.
The only “disrupted plot” the NSA can point to that was solely the work of the phone metadata program was a case where a man from San Diego sent a few thousand dollars to the al-Shabaab organization in Africa in 2008. In other words, the metadata did not disrupt an active terrorist plot inside the US at all.
The declassified brief from 2006 made clear that such metadata "would never even be seen by any human being unless a terrorist connection were first established," estimating that "0.000025% or one in four million" of the call records "actually would be seen by a trained analyst."
The major 2009 FISA court opinion released in September, that apparently Mr. Crovitz either didn’t read or conveniently left out of his piece, showed that the NSA had been systematically querying part of this phone records database for years for numbers that the agency did not have a “reasonable articulable suspicion” were involved in terrorism—as they were required to have by the FISA court. Of the more than 17,000 numbers that the NSA was querying everyday, the agency only had “reasonable articulable suspicion” for approximately 1,800 of them.
The FISA court concluded, five years after the metadata program was brought under a legal framework, that it had been “so frequently and systematically violated that it can fairly be said that this critical element of the overall…regime has never functioned effectively.”
These documents clearly do not paint a picture of an agency with a clean privacy record and a reputation for following court rules, as Mr. Crovitz claims, and in fact, they show why it is vital Congress passes substantive NSA reform immediately. You can go here to take action.