The Office of the Director of National Intelligence (ODNI) provided another redacted information data dump today, which ends the Electronic Frontier Foundation's legal battle with them over a Freedom of Information Act request.
At the heart of the matter was a Foreign Intelligence Surveillance Court decision from 2011 that determined that the National Security Agency and the FBI were somehow violating the Fourth Amendment with its surveillance methods. The details were unknown because the report was classified. EFF sued and won, and today the 85-page document was released.
Hilariously, ODNI arranged for a background media call to take questions from reporters, but they did it before the documents were released so nobody could ask any directly relevant questions from what the documents actually said. (Somebody posted the press call online on Soundcloud if you're feeling particularly masochistic)
The report is highly technical and significantly redacted, but here's a number of discoveries from the memo:
- The NSA's collection of "upstream" data, that is data gathered without the cooperation of Internet service providers, includes the acquisition of tens of thousands of Internet transactions annually involving Americans within the United States who are not connected to any sort of legitimate investigation.
- The NSA does not have the technology to avoid collecting domestic Internet transactions by the thousands in its upstream data collection. They are swept up automatically as part of the process and they have no way to exclude them before hand or even know whether they're going to snag protected communications in advance.
- Until 2011, the Foreign Intelligence Surveillance Court, charged with judicial oversight to make sure laws weren't being broken, did not know that this was happening. And this was not the first time the Court felt that it was being misled. From a footnote:
The Court is troubled that the government's revelations regarding NSA's acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program.
- The footnote goes on to explain that in 2009, the court discovered it had been misled about how a business records data program worked from the very inception of the program in 2006. The bottom third of the footnote is entirely redacted, so it's not clear whether they might be discussing the other example of being misled.
- The NSA acquires more than 250 million Internet communications each year, but only 9 percent arrive from this upstream collection method. The other 91 percent are provided directly to the NSA by Internet service providers. The problematic records the report refers to only come from the upstream collection.
In the end, though, the FISA court accepted that the NSA needed to keep the upstream collection method operating in order to gather intelligence, but ordered them to improve its process of minimizing potential access, exposure and distribution of domestic information. NSA agreed to further segregate any such transactions and purgie them from their systems in two years, rather than the five years as previously ordered.
Ultimately, that means this domestic data collection is still happening, it's just (allegedly) being protected from view more carefully and (allegedly) being destroyed more quickly.