We’re usually very happy to see the government release documents shed light on unconstitutional surveillance. We’re less happy when the release is done Christmas week, in an attempt to ensure that they will get as little attention as possible.

That’s what happened this Christmas. On December 23, the National Security Agency (NSA) released over a decade’s worth of oversight reports from the NSA to the President’s Intelligence Oversight Board—documents that should have been released years ago pursuant to a FOIA lawsuit brought by EFF. And on December 24, the Department of Justice’s Office of the Inspector General released “A Review of the FBI's Use of Section 215 Orders for Business Records in 2006” [pdf], a document that had been previously released with more redactions.[1]

These releases encompass hundreds of pages. And while much of what they contain is routine reporting, they also contain some frank assessments of how the government has used surveillance tools to violate rights.

Review of FBI’s use of Section 215 Orders

This document, an Inspector General assessment of how the FBI uses Section 215 of the PATRIOT Act (the provision that the NSA uses to collect all telephone call records), was previously released in 2008. It was heavily redacted. This new version has a few new unredacted tidbits. It also has an entire appendix that had been completely classified, that describes the inception of the NSA’s telephone call records program.

This newly declassified appendix doesn’t contain much that we didn’t already know. But it is fascinating to read the description of the shift from President Bush’s surveillance program to the use of Section 215 orders:

For several reasons, including the public disclosure of one aspect of the NSA program in a December 2005 New York Times article, the government decided to seek collection of the telephone call-detail records under the authority of FISA and cease collection under the Presidentially-authorized NSA program.

Originally, every single reference to how the FBI uses Section 215 to assist to foreign governments was redacted. In this report they appear in several places, for instance:

Records for assistance to a foreign government are “processed pursuant to the Mutual Legal Assistance Treaty.”

The FBI assisted a foreign government by providing it with fraudulent identification used by a surveillance target, as well as “other evidence to be used in a potential criminal prosecution.” The OIG looked closely at this because it raised an issue of whether the records were relevant to a national security investigation (something required for Section 215 orders).

The FBI initiates 215 orders for foreign governments.

The second piece of the report addresses what the OIG calls:

[A] noteworthy item. In this case, the FISA Court had twice declined to approve a Section 215 application based on First Amendment concerns. However, the FBI subsequently issued NSLs for information [redacted] even though the statute authorizing the NSLs contained the same First Amendment restriction as Section 215 and the EOs authorizing the NSLs relied on the same facts contained in the Section 215 applications.

Highlights added to show originally redacted sections

The report goes on to describe this particular situation. Much of the description has been redacted wholesale, but combined with the newly unredacted pieces, a concerning story emerges. The FBI wanted information, and determined that it would get that information, regardless of the FISA court or DOJ’s opinion:

The Section 215 request was presented to the FISA Court [twice]. On both occasions the Court declined to approve the application and order…… [DOJ] e-mails state that the FISA Court decided that "the facts were: too 'thin' and that this request implicated the target's First Amendment rights."

Previously unredacted sections reinforce the story revealed by these new pieces:

The former Acting Counsel for Intelligence Policy stated that there is a history of significant pushback from the FBI when OIPR questions agents about the assertions included In FISA applications. The OIPR attorney assigned to Section 215 requests also told us that she routinely accepts the FBI's assertions regarding the underlying investigations as fact and that the FBI would respond poorly if she questioned those assertions.

This doesn’t sound like an agency committed to maintaining civil liberties. It sounds like an agency that is, predictably, concerned with completing investigations. And it should be incredibly disturbing to think that attorneys responsible for dealing with FISA applications would be concerned about pushback from the agency it is supposed to be acting as counsel for.

One other noteworthy tidbit: The report unredacts a footnote that states that some 215 order applications to the FISA court are approved without a DOJ attorney ever showing up in court.

NSA Oversight Reports

The newly released NSA oversight reports span over a decade and include hundreds of pages of combined annual reports for 2007-2010, and quarterly reports from 2001-2013. Executive Order 12333 requires the NSA to report intelligence activities they have reason to believe may be unlawful or contrary to Executive Order or Presidential Directive to the President's Intelligence Oversight Board. The government released the reports in response to Freedom of Information Act litigation by the American Civil Liberties Union. (Of course, EFF filed a FOIA lawsuit for these same documents back in 2009, but we received almost nothing of substance from NSA back then.)

The first notable thing about these reports is that nearly every single number has been redacted. For example, several of the reports contained standardized charts listing numbers of US person identities disseminated by the NSA. The content of these charts is redacted. Similarly, all information regarding computer network exploitation is redacted.

However, the reports still contain sufficient information to see patterns of problems in the NSA. One issue that comes up repeatedly is the failure to stop collection on numbers in a timely manner, due to lack of communication, confusion, or software problems. Similarly, the reports outline myriad instances of ostensibly accidental misuse of databases, including problems as mundane as accidentally sending a print job containing classified information to an office with individuals not authorized to see it.

This is important not because anyone expects the NSA to be completely mistake free. It’s important because it gives yet another reason why the NSA simply shouldn’t be collecting so much data—no matter what systems are in place, mistakes happen. People who are not supposed to see information see it. Analysts and other employees will, and do, make mistakes.

But of course, accidental misuse isn’t the only problem. The reports outline several places where systems are misused to target family members or partners. They correspond to descriptions of these incidents in a letter sent to Senator Chuck Grassley in response to his questions about misuse:

A soldier in a U.S. Army used the SIGINT (signals intelligence) system to target his wife, who was also a soldier.

“An NSA employee used the SIGINT system to target his foreign girlfriend.”

An NSA analyst “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting.”

And finally, an interesting tidbit in the 2001 report: Several incidents of “improper retrieval strategies” happened “in the immediate aftermath of the 11 September terrorist attacks when rumors were rife that the rules governing SIGINT collection were going to be suspended.” While no one disputes how horrifying the 9/11 attacks were, that doesn’t change the fact that the rules that limit government impingement on civil liberties exist precisely for situations where the government would be tempted to overstep its bounds.

The rules may not have been suspended after 9/11, but these newly released documents make one thing clear: the Government is clearly not fully capable of following the rules in the first place.