Wacky NSA Slide Tells Agents Not To Worry About 'Incidental' Collection Of Info On Americans

from the keep-on-searching... dept

Lesson 4: So you got a U.S. Person Information?

You targeted a legitimate foreign entity and acquired information/communications to/from/about a U.S. Person in your results.

This does not constitute a USSID SP008 violation, so it does not have to be reported in the IG quarterly.

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

There are so many incredible bits and pieces in Barton Gellman's Washington Post expose on NSA abuse , that we've got a bunch of posts today digging deeper into various parts. For example, Gellman reveals a somewhat wacky presentation slide , complete with a palm tree graphic and with the somewhat folksy title:And then explains what to do about it. They're pretty clear that if you're directly targeting a US person, that's a problem (and it is, because that's illegal). If it's considered "inadvertent," then you also have to stop, write up an incident report and notify people. That sounds reasonable. But... then there's the "incidental" section. Here, incidental is described as:That doesn't seem particularly "incidental" to me. But, here's the kicker. While with all the other forms of collection the NSA is told to stop, when it's "incidental" they're told:Note that the IG report is the one that was revealed, listing all of the abuses. Yet, here they seem to be indicating that these "incidental" collections of information (and note that it's not just "metadata" here, but full "communications" as well) aren't a real problem. They're told to "apply... minimization procedures" to limit the info on US persons, but we've already seen what a joke those minimization procedures can be.As Gellman also notes in his report, it appears that the info collected "incidentally" here gets added to NSA databases and can be searched freely:Just last week, it was discussed that there's a "loophole" that, according to Senator Wyden, allows for "warrantless searches for the phone calls or emails of law-abiding Americans." Who knows if this is that particular loophole, but it does seem like a fairly large loop. Just say it's "incidental" and boom, search away.Remember, the IG report also reveals that a "programming error" meant that a ton of phone calls placed from Washington DC were "intercepted" by the NSA (because someone typed in 202, DC's area code, instead of 20, Egypt's country code) --. That doesn't seem "incidental" to me.Another example:Think about that for a second.that mentions both Ericsson and "radio" or "radar." Just for the hell of it, I just did a search onaccount for the terms "Ericsson" and "radio" and it came back with a ton of results, including 47 from. In just my mailbox. Many of those are from various wireless news letters or PR announcements, but still...

Filed Under: americans, incidental, loophole, nsa, nsa surveillance, us persons