The NSA's Quiet Acknowledgement

Michael Rogers Chief of NSA

U.S. Navy Admiral Michael Rogers, upon his taking the helm of the NSA in April 2014; photo NSA

The NSA's Quiet Acknowledgement
| published January 7, 2015 |

By Thursday Review editors


While most Americans were enjoying their Christmas Eve—quietly, perhaps, at home with holiday food, gift-wrapping, Christmas lights, and eggnog—or perhaps engaged in the more hectic task of frenzied last-minute gift-buying—a long, detailed government report was issued with little fanfare and even less mainstream media attention.

That lengthy report and review, posted on the website of the U.S. National Security Administration late on the afternoon of Christmas Eve, reveals what some have already suspected, others have feared, and still others have defended: that the NSA’s massive data harvesting program may have violated the civil rights of millions of Americans in every walk of life.

At the core of that report was a tacit admission that the NSA violated the laws governing surveillance of U.S. citizens—many of those laws set in place decades earlier. Furthermore, the NSA may have violated the spirit and the meaning of the U.S. Constitution with some of that surveillance.

The report which journalists, researchers and other interested parties will see has been heavily redacted: hundreds of names have been removed, and thousands of specifics have been taken out. But the report nevertheless offers an acknowledgement that the NSA—or at least some of its analysts, planners and developers, took the mission of the secretive agency far beyond what was intended, approved, or perhaps even constitutional. Though it explains away much of the abuse as some combination of ineptitude, misinformation, misunderstanding or confusion, it also acknowledges that some of the overreaches were, perhaps, deliberate.

The NSA, which was already in the routine and often humdrum business of monitoring certain types of communications and transmissions for the purposes of national security, found its role in protecting the United States escalated overnight in the days, weeks and months following the terror attacks of September 11, 2001. Understandably, the level of political pressure in those crisis-mode days was extreme, to say the least. Even now, bitter and contentious debate rages over the interrogation methods used in the months and years after 9/11: were those detainees, held by CIA and military operatives, treated to merely harsh forms of questioning and deliberate stress? Or were they tortured? And in either case, was the information extracted from such programs useful in preventing terrorist acts?

Those same questions may now be asked of the NSA’s deeply penetrative program of data harvesting and data analysis, begun as early as 2003 with the blessing of Congress and a highly secretive authorizing panel which was, in essence, a shadowy court. Was that information useful in the interdiction of terror?

Honest and intellectually decent liberals and conservatives may disagree about the political and social environment which predominated in the weeks and months after 9/11. What is not debatable is that those conditions changed—some would argue—forever. The frequently asked question of “when we will go back to normal” was often answered by “this is the new normal.” The political pressure to prevent another 9/11—believed to have been avoidable if the competing agencies of the FBI and the CIA had been more cooperative—was intense, and the NSA was challenged to find ways to more effectively track and flag precisely the sort of potentially suspicious data which had tragically escaped collaboration by the CIA and the FBI.

With the advent of the internet, cell phone communications, digital storage, and other cyber advances, the NSA found that it needed also to become more technologically proficient at collecting and flagging suspicious communications. Under provisions set in motion by Congress in 2002, the NSA began working in tandem with laws designed to allow for more aggressive forms of snooping—and soon afterward, partly under the cover of a special secret court established to review cases, the NSA ramped up its data collection to include, by some estimates, billions of pieces of information.

As the digital age rapidly progressed, it became apparent that the NSA would need more than its existing computer operations centers in places like Washington, Maryland and Texas. So funding was secured, and construction commenced, on a massive computer and data center located in the scrubby-grasslands south of Salt Lake City, Utah. There, in a vast, heavily air-conditioned set of buildings with more square footage than ten major shopping malls combined, the NSA would begin assembling the biggest set of computers and files servers on Earth—a kind of mega-data center capable of processing, disseminating, synthesizing and sorting a billion bytes of data every day. (See "Your Best Secrets Worth Tracking, and Keeping; Thursday Review; June 13, 2013).

That program operated largely unsupervised and unconstrained for years, mostly in secret. But in the spring of 2013, a computer analyst and cyber-contractor named Edward Snowden revealed the true scope of the NSA’s activities, much of it dating back to late 2003.  The depth of that surveillance, as revealed in Snowden's pilfered documents, sent shockwaves through the political and social fabric, and even threatened America’s relationship with many of its allies.

Snowden, we learned that spring and summer, had been using inexpensive flash drives to systematically copy thousands of files. Soon afterwards, press reports would tell us the vast scope of what the NSA’s data harvest had collected: personal emails, overseas phone calls, cell phone and smart phone data, credit card activities, computer uploads and downloads, text messages, search engine requests, browser activity. All of that seemed shocking enough, but when Americans learned of the companies and services involved—some cooperated with the NSA, others felt pressured, still others were simply co-opted from within—the reach of the surveillance seemed limitless. AOL, Yahoo!, Microsoft, Facebook, Google, AT&T, Verizon, Amazon, Sprint, and a dozen more were willingly or unwittingly playing ball with the NSA.

The political storm was intense. Even as U.S. authorities tried in vain to catch Snowden, who had fled first to Hong Kong and later to Moscow, a firestorm erupted in the media, among civil rights groups, and among members of Congress—liberal, moderate and conservative. At the time, the ACLU and various libertarian groups joined forces to take immediate legal action.

In December 2013, Federal Judge Richard Leon ruled that the NSA’s data collection was not only unconstitutional, but even “Orwellian” in scope and magnitude. But a few weeks later, Federal Judge William Pauley of the U.S. District Court of Appeals (Southern District of New York) reversed the lower court decision, declaring that issues of national security and interdiction in potential terror plots trump concerns over privacy. Several Congressional inquiries were launched, and the President—under political pressure from all sides—established a special panel to review the matter.

After months of intense controversy, President Barack Obama weighed-in on the subject, meeting with reporters in January 2014 to acknowledge that the NSA had probably gone too far in its widespread surveillance, the result, he said, of “inadequate oversight.” But the President was also blunt and unswerving on one point: the business of spying must go on, and some of that will involve the bulk dissemination and analysis of data, information vital, he said, for law enforcement in the interdiction of terror plots. President Obama said that some ground rules would be established, including a mandate that traditional surveillance checks and balances would be required before any aggressive data harvesting could be directed toward any individual or group: warrants, judge’s signature, court orders—one of these authorizations would be required.

Also created was the Privacy and Civil Liberties Oversight Board, a special panel designed to keep a vigilant eye on those who are vigilant about surveillance and security—cops who will watch the cops, as it were. That panel issued a report January 2014 recommending, among other things, that the practice of bulk harvesting of data, especially the records of cell phone and land line calls, be discontinued immediately. The panel concluded that such massive forms of collection were of little practical use, but were in fact profoundly invasive of individual privacy.

The NSA’s recent report includes passages from the panel’s 2014 report, and exposes some parts of the surveillance program as having been beset by human flaws and human error. But the report also points to misunderstandings and misinterpretations about what was allowed by Congress and the law. Also at issue: misunderstandings about how to collect data about overseas calls made by Americans (or calls received from foreign countries by Americans on their cell phones or land line phones).

The NSA had addressed some of these concerns back in early October, when it released its so-called “Transparency Report,” a document crafted to demonstrate the NSA’s newer kinder, gentler template for collecting and understanding the critical data it collects and filters. The October 2014 report was in response to Executive Order 12333, which was the White House’s major directive to the NSA to curb some—but clearly not all—of its massive information gathering operations. (For those who might be interested, a summary of the October statement and the October report can be viewed and downloaded by going to the NSA’s main website).

The NSA’s report—like President Obama’s January 2014 missive—illuminates the complexity of striking a balance between spying and no spying. Stressing that the NSA must find itself flexible in its interpretation of the Fair Information Practice Principles (FIPPs), the generally and widely accepted template employed by most agencies of the Federal government “to evaluate how systems, processes, or programs impact individual privacy,” the NSA says it “cannot offer direct transparency because that would alert foreign intelligence targets that they are under surveillance.”

Thus the central conundrum: Americans who initiate or receive phone calls to or from foreign lands; U.S. citizens who use Skype or other chat services to communicate with relatives or friends in other countries; people who use platforms like Yahoo, AOL or Gmail to keep in contact with friends or business associates in other countries; or Americans who use the text messaging services of Verizon or AT&T to keep in touch with family or friends in faraway lands—all of these variations might mean that the NSA would feel well within its stated mission to collect, monitor, or otherwise analyze the content of those interactions, especially if by mining that data evidence of terror might be found.

Example: here at Thursday Review, our editors and writers have routine email and text message conversations (using, for example, Facebook) with our contacts, writers, and artists in lands as divergent as the United Kingdom, Australia, Turkey, Romania, Laos, The Philippines, Hong Kong, and Brazil. It would not be clear, based on the contents of some of those emails and text messages, whether our communications would be flagged—or ignored—by the harvesting technologies and data combing tools used by the NSA.

But the report issued on Christmas Eve is of particular note. In the third paragraph of the Executive Summary, the reports’ authors say the “NSA goes to great lengths to ensure compliance with the Constitution, laws and regulations.”

“As conveyed in the released materials,” the summary says, “as array of technical and human-based checks attempt to identify and correct errors, some amount of which [will] occur naturally in any large, complex system.” But it goes on to stress to the reader that the “NSA takes even unintentional errors seriously and institutes corrective action.”

“Data incorrectly acquired,” it says, “is almost always deleted, referred to as the ‘purge’ process.” Again, a tacit admission that the agency had greatly overstepped its intended role by collecting vast troves of personal information harvested, often, by the mere flagging of a few critical words or key phrases.

The NSA’s report, however, dodges any full-scale form of accountability. For example, it lists only about a dozen instances (most of which are redacted for security purposes) in which there was “intentional misuse of a signals intelligence system,” and in these cases the NSA promised thorough investigations, followed by appropriate reportage to the Inspector General of the NSA, and if necessary to Senate committee charged with the agency’s oversight.

The report also fairly points out that in any great convergence of bureaucracy and technology, the latitude for misunderstanding and misuse is ample—especially in a digital age in which so much personal information is neatly packaged into cyber packets accessible through means far beyond the control of most Americans. In the ten-year period during which the NSA began gathering those vast troves of data, from 2003 to 2013, there was a paradigm shift in the way the world transmits and stores information.

In their 2013 book Big Data: A Revolution That Will Transform How We Live, Work, and Think, authors Kenneth Cukier and Viktor Mayer Schoenberger stress just how vast that transformation has been.

“As recently as the year 2000,” the authors write, “only one-quarter of all the world’s stored information was digital. The rest was preserved on paper, film, and other analog media. But because the amount of digital data expands so quickly—doubling around every three years—that situation was swiftly inverted. Today, less than two percent of all stored information is non-digital.”

Because of a lack of genuine oversight, and a lack of understanding by hundreds of it employees and contractors, the NSA was unrestrained in its methodologies during that period, throwing its wide net around virtually all information being processed and transmitted, and even seeking the cooperation of the mega-companies which helped usher-in that transformation. Some companies, like Facebook, Google, AOL, and Apple expressed some combination of confusion or uncertainty as to how they had been drawn in to the NSA’s programs—in some cases through back-door processes. Other companies cooperated more willingly, as it has been alleged of AT&T and Verizon. These quasi-partnerships raise separate issues of the convergence between government and the corporate world where personal privacy and constitutional rights are at stake.

In the end, the question of whether the NSA engaged in a vast overreach and a wholesale violation of constitutional rights remains unanswered for some, but demonstrably answered for others. Only time will tell if the NSA is truly operating under the kinder, gently constraints it now advertises as central to its mission of collecting and analyzing the sort of information valuable in protecting American lives and providing security to U.S. institutions.

Related Thursday Review articles:

Washington Divided on Issue of CIA Interrogations; R. Alan Clanton; Thursday Review; December 11, 2014.

Turnkey Tyranny: Or, If I Am Not Doing Anything Wrong, I Have Nothing to Fear, Right?; Kevin Robbie; Thursday Review; January 6, 2014.

Reining-In the NSA, Sort Of; R. Alan Clanton; Thursday Review; January 17, 2014.