NSA says illegal data collection was caused by too complex tech
Posted on 12 September 2013.
NSA's repeated claims about having its surveillance apparatus under control have taken another hit after the agency has been legally forced to publish a huge batch of previously classified documents.

Among other things, one of the documents showed that the NSA "had improperly queried the bulk telephony metadata by using an automated 'alert list' process that resulted in the use of selectors that had not been individually reviewed and determined to meet he required reasonable articulable suspicion standard."

As it turns out, in those three years the agency ended up monitoring some 17,835 phone accounts, when only 1,935 of these had met that standard.

Director of National Intelligence James Clapper dubbed this as "compliance incidents", which "stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. "

"Upon discovery of these incidents, which were promptly reported to the FISC, the Court, in 2009, issued an order requiring NSA to seek Court approval to query the telephony metadata on a case-by-case basis, except when necessary to protect against an imminent threat to human life," he says. "Thereafter, NSA completed its end-to-end review and took several steps to remedy these issues, including making technological fixes, improving training, and implementing new oversight procedures. These remedial steps were then reported to the Court, and in September 2009, the Court lifted the requirement for NSA to seek approval to query the telephony metadata on a case-by-case basis and has since continuously reauthorized this program."

This is not the first time that the FISC court heard from the NSA that it had been "mistakenly" siphoning data and / or communications that it had no legal permission to do.

Nevertheless, FISC judges have repeatedly proven to be sympathetic and have not decided to put a stop to the surveillance program. In this particular case, they simply temporarily restricted the access to the data to a team of NSA data integrity analysts.

EFF's Trevor Tim has also pointed out that Clapper said that they were releasing the documents because they were directed to do so by the US president.

"That statement is misleading," he pointed out. "They are releasing this information because a court ordered them to as part of EFF's Freedom of Information Act lawsuit, filed almost two years ago on the tenth anniversary of the Patriot Act."

"Incredibly, intelligence officials said today that no one at the NSA fully understood how its own surveillance system worked at the time so they could not adequately explain it to the court. This is a breathtaking admission: the NSA's surveillance apparatus, for years, was so complex and compartmentalized that no single person could comprehend it," he added.

"The intelligence officials also acknowledged that the court has to base its decisions on the information the NSA gives it, which has never been a good basis for the checks and balances that is a hallmark of American democracy."









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //