NSA Emails Provide Little Insight Into Snowden's Pre-Leak Concerns, But Speak Volumes About Agency's Internal Controls

from the a-smoking,-tangentially-related-gun dept

Jason Leopold has secured another comprehensive set of Snowden-related documents from the NSA, dealing with the agency's search for evidence backing up his claim that he tried to take his complaints to intelligence community officials before heading to Hong Kong with a drive full of secret documents.

The long, detailed post -- written with the help of Marcy Wheeler and Ky Henderson -- covers the 800+ pages of internal emails released to Vice in response to a FOIA request. The headline suggests there's a smoking gun, but a few thousand words later, the conclusion seems to be, "There's possibly a smoking gun... and the NSA, due to malice or just incompetence, is going to be of no help in locating it."

What is undoubtedly true is that there was more to Snowden's concerns than the single email released to shore up the NSA's side of the story. There is evidence Snowden contacted other officials about his concerns, but the agency decided to present the single email as though that were the extent of Snowden's complaints.

This posed problems later as Snowden repeated his assertion to other news outlets, including NBC and Vanity Fair. These resulted in further search efforts from the agency which had already claimed to have uncovered everything that could be considered evidence of Snowden's "proper channels" claims.

The following morning, [NSA General Counsel Rajesh] De sent someone at NSA an email with the subject line "NBC/email." "I need very senior confirmation [Kemp/Moultrie) [a reference to the NSA's director of security and Ron Moultrie, then the NSA's deputy SIGINT director] that all possible steps have been taken to ensure there are no other emails from [Snowden] to OGC," De wrote. Those assurances apparently could not be provided — even though the agency had publicly been saying over the course of a year that no other relevant communications from Snowden existed.

What's been released by the NSA seems at odds with Snowden's claims that he made several efforts to bring his concerns to the proper authorities. Other communications were uncovered, but none of those dealt with privacy concerns or other whistleblowing attempts.

That certainly doesn't mean the NSA's first assertion that Snowden didn't raise concerns internally is correct either. The released documents show that its ability to search its own files is far less robust than the systems it uses to dig through the rest of the world's communications. For one, the agency appears to have been unable to retrieve emails related to Snowden's work with Booz Allen. Another heavily-redacted email says the NSA was able to gather and read through everything from Snowden's NSAnet and NSAgov accounts, but appends the phrase "that we've been able to obtain," suggesting the results of its search aren't as comprehensive as it would have the public believe.

What's far more disconcerting is the fact that the NSA -- the king of metadata -- isn't able to keep its own email metadata in working order.

What's remarkable about this FOIA release, however, is that the NSA has admitted that it altered emails related to its discussions about Snowden. In a letter disclosed to VICE News Friday morning, Justice Department attorney Brigham Bowen said, "Due to a technical flaw in an operating system, some timestamps in email headers were unavoidably altered. Another artifact from this technical flaw is that the organizational designators for records from that system have been unavoidably altered to show the current organizations for the individuals in the To/From/CC lines of the header for the overall email, instead of the organizational designators correct at the time the email was sent."

There's no telling where this falls on the stupid/malicious scale, but either way, it helps the NSA muddy the timeline waters and obscure the agencies/personnel involved in these email discussions. That admission is downright frightening considering what the agency does with the metadata it harvests.

Remember, this is the agency that “kills people based on metadata,” per its former Director, Michael Hayden. But “due to a technical flaw in an operational system,” it could not preserve the integrity of either the time or the aliases on emails obtained under FOIA.

That's the scary part. Here's the hypocritical part, as pointed out by attorney and CUNY law professor Douglas Cox, in response to Marcy Wheeler's post on the NSA's metadata problem:

[Y]our point is right on, even in more mundane contexts not involving drone strikes it is remarkable the disconnect between standards agencies impose and those they practice. When you are producing docs to a govt agency in response to doc requests, eg, you often have to abide by exacting standards in format including careful capture of metadata, but with FOIA you get things like this.

Among the things this careless approach to internal metadata accomplished was obscuring the genesis of one official's recounting of a face-to-face meeting with Snowden over surveillance concerns.

As noted, the compliance woman's story had to be corrected to match the dates up to when Snowden would have been at Fort Meade. "We received a call from D4 [Office of the Director of Compliance] questioning the dates (11 or 12 Jun) that [redacted] annotated during the discussions on" the Section 702 course, one of the other people in Oversight and Compliance wrote on April 10. She "has modified her dates to reflect 5-12 April 2013." NSA did not provide a version of the draft of the email with the incorrect date. When the chief of Oversight and Compliance provided a description of all the department's interactions with Snowden to the NSA chief of staff, Elizabeth Brooks, in June 2014, there was no mention of any other paper trail of the exchange, though earlier that same day the deputy chief had stated, generally, that that information had been provided to Ensor on June 10, 2013. One thing that is clear, however, is that the apology laying all these details out, written after several days of fact checking at the NSA and document review in June 2014, leaves out at least one key detail — that the OGC email and the face-to-face communication could have happened the same day, making it far more likely they should be treated as parts of the same exchange. More significantly, the apology claims that "in response to the June 2013 Agency All... she provided in writing her account of these engagements." If the timestamps on documents provided to VICE News are correct (something that the NSA has admitted is a problem with this FOIA response), she actually provided her side of at least the OGC contact even before the Agency All email. But there is no record she provided her written account, to either of these exchanges, until a year after the event, a detail — if true — that Rogers should have known.

Beyond that, there's the NSA's ongoing obsession with controlling this narrative. The agency refused to answer questions from Vice pertaining to these documents but it did send it an email informing it that it had already made the FOIA documents available at the ODNI's website, presumably in an attempt to undercut Leopold/Vice's "exclusive."

The jury is still out on Snowden's claims he took his complaints to the proper officials before deciding to leak the documents he obtained. The NSA's assertions of it just being one email would be far more believable if it could provide any evidence that it can handle its own internal email systems with any sort of competence. But as far as this release goes, there's nothing in it definitively pointing to multiple attempts by Snowden to raise concerns. But it's also a stack of documents whose release was overseen by the same agency he exposed and one that still needs every "victory" it can earn… or take.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ed snowden, emails, foia, internal controls, jason leopold, nsa, whistleblowing