For Christmas, the NSA Gave Us a List of Its Surveillance Screw-Ups
While we were all watching The Interview Christmas Eve, the National Security Agency (NSA) released a whole bunch of reports detailing (not that we can read the details with the redactions) all the times it screwed up its surveillance tools and possibly violated somebody's privacy.
The NSA introduction page says the docs were posted on Tuesday, but David Lerman at Bloomberg News reports they went up Wednesday afternoon. The introduction also declines to mention that the release of the documents is a direct result of a freedom of information lawsuit filed by the American Civil Liberties Union (ACLU), making the NSA appear to be more compliant and transparent than it would be otherwise (this has been an ongoing trend with NSA document releases).
Of course, there's going to be attention on some of the more obvious violations. From Fox News:
The reports show violations including communications from people in the U.S. being "inadvertently targeted or collected" by the agency. Some of the violations resemble the disclosures of NSA programs by Edward Snowden.
The report cites incidents of "poorly constructed data queries" that targeted Americans, improper handling of data and information used improperly.
Some incidents showed how a U.S. Army sergeant used an NSA system to "target his wife," which led to a reduction in rank and further punishment.
But while those incidents may be the most disconcerting, actually looking through a report will show dozens upon dozens of less sexy, but nevertheless important bureaucratic and technical issues with the operations of the tools the NSA uses for surveillance. The most recent report (pdf) is for the fourth quarter of 2012. By this time, the NSA has had years to hammer out all sorts of problems with its system. Yet, the quarterly report contains 20 pages of brief descriptions of mistakes. Most are not of sinister intent, like the sergeant who targeted his wife, but many of them are from database queries that have not been properly handled or a due to a failure of oversight over who is supposed to have access to what, where. And several of the entries in just this one report are completely redacted. How much worse do those entries have to be that we're not allowed to see a single word about what happened?
Should we care about this? Recall the case of Khalid El-Masri, the German-Lebanese man mistakenly arrested and tortured by the CIA in a black site in Afghanistan. This cascade of bureaucratic mistakes doesn't have to be of ill intent to cause some serious harm to somebody. When the NSA extends its data gathering to people two or three steps away from its target, the next El-Masri could be any of us, entirely because of some analyst's error.
And, of course, these are only the mistakes or errors the NSA knows about and have reported. They are their own oversight. Every one of these disclosures about their surveillance programs comes with a lengthy explanation about how complex their system of internal oversight is, but it's still dependent on the NSA being honest and transparent. The fact that the ACLU had to fight the NSA to get just this extremely vague information is a reminder of how little the NSA actually supports transparency.