National Security Agency personnel regularly searched call tracking data using thousands of numbers that had not been vetted in accordance with court-ordered procedures, according to previously secret legal filings and court opinions released by the Obama administration Tuesday.
The agency also falsely certified to the Foreign Intelligence Surveillance Court that analysts and technicians were complying with the court’s insistence that searches only be done with numbers that had a “reasonable, articulable suspicion” of terrorism, according to a senior intelligence official who briefed reporters prior to release of the documents .
The unauthorized searches went on for about three years until they were discovered in March 2009.
An internal inquiry into the misstatements also found that no one at the NSA understood how the entire call-tracking program worked. “There was nobody at NSA who really had a full idea of how the program was operating at the time,” said the official, who spoke on condition of anonymity.
Former NSA contractor Edward Snowden disclosed the program in June by leaking a top-secret FISA Court order authorizing it. The program — sometimes referred to as “business records FISA” or “Section 215” — collected information on the time, duration and numbers connected in virtually every call made to, from or within the United States. It did not authorize or involve listening to calls, which required a separate court order when involving people in the U.S. or U.S. residents overseas.
Despite the regular assurances offered to the court, NSA personnel were querying every day’s new batch of telephone company calling data using an “alert list” that at times included about 17,000 numbers, the documents show. Most of the numbers on that list — about 15,000 — had not been established to meet the “reasonable, articulable suspicion, officials said.
Director of National Intelligence James Clapper emphasized Tuesday that the breach of procedure was discovered by the NSA on its own initiative and, once the violation was found, was promptly disclosed to the court and Congress.
“The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned,” Clapper said in a statement. “These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC.”
However, the new disclosures give weight to claims that the FISA Court was ill-suited to oversee the complex program. The information could fuel calls for more rigorous oversight of the program.
In an opinion made public in part last month, Judge John Bates discussed the “alert list” practice in vague terms and said it indicated that the court’s orders “had been ‘so frequently and systematically violated that it can be said that this critical element of the overall…regime has never functioned effectively.’”
The breach clearly angered the judges serving on the court.
“The court is exceptionally concerned about what appears to be a flagrant violation of its Order in this matter,” Judge Reggie Walton wrote in a January 2009 order demanding more information about the offending practice.
The officials who briefed reporters Tuesday did not make clear where the “alert list” came from or precisely how numbers got on it. They did indicate it originated outside the NSA.
The court filings suggest that the “alert list” was something the NSA used when targeting communications between parties outside the United States under the agencies’ traditional, “signals intelligence” capabilities.
The practice was reported to the court in January 2009 and halted on the court’s order in March of that year.
As a result of the breach of the court’s orders, the FISA Court essentially put the NSA on probation by requiring it to come to the court in advance for permission for each new number to be searched, officials said. That advance-approval process — which did allow for exceptions in emergencies — continued through September 2009, officials added.
The fact that a process requiring advance, “case by case” approval was in place for a time could also support arguments from civil liberties groups and other critics that the courts should be involved each time a number is added to the list of those to be searched.
Officials emphasized that the “alert list” queries were not like the regular queries of the call database. Those often pored through five years of data and looked for patterns in calls that could be removed by up to “three hops” from the original number searched. By contrast, the “alert list” searches were confined to the incoming day’s data and numbers in direct contact with those searched.
“This was a much narrower, sort of rolling-basis query just to try to identify numbers of interest, so it didn’t go out multiple hops,” the senior official said.
The approximately court documents released Tuesday, which officials said totaled about 1,800 pages including some duplicates, were disclosed in connection with a Freedom of Information Act lawsuit brought by the Electronic Frontier Foundation. The Obama administration long resisted calls to release the documents even in redacted form, saying they would be incoherent after sensitive information was deleted.
However, after Snowden’s leaks about the program, officials said they were reviewing the legal records again and would be able to make some disclosures. Officials said the document release Tuesday was being made at President Barack Obama’s instruction.