The Latest NSA Documents II: The Crap Hits the Fan

The story starts in May 2006, when the FISA Court granted the FBI’s application for telecommunications companies to turn over certain “tangible things” to the NSA under Section 215. The “tangible things,” in this case, consisted of the much-ballyhooed telephony metadata---the time and duration of each telephone call, the originating and terminating telephone numbers, and the type of device on which the call was made. Judge Malcolm Howard found sufficient evidence to believe that the metadata was relevant to investigations. The order is careful to note, though, that although the government is authorized to collect the information, it must follow minimization procedures set forth by the Attorney General.

The most striking portion of the document is the series of tight restrictions on NSA’s use of and access to the metadata. Most notably, although Judge Howard concedes that the data collected under the order “will necessarily be broad,” he orders that “use of [the] information for analysis shall be strictly tailored to identifying terrorist communications and shall occur solely according to the procedures described in the application, including the minimization procedures designed to protect U.S. person information.” Judge Howard also orders strict oversight, including periodic DOJ review of NSA justifications for metadata access, frequent random spot-checks by the NSA Office of General Counsel to ensure NSA agents were in compliance with the order, and the mandatory destruction of the metadata within five years.

Most importantly for present purposes, he includes the following restriction:

access to the archived data shall occur only when NSA has identified a known telephone identifier for which, based on  the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone identifier is associated with [REDACTED]; provided, however that a telephone identifer believed to be used by a U.S. person shall not be regarded as associated with [REDACTED] solely on the basis of activities that are protected by the First Amendment to the Constitution.

In the more-than-two years that followed, the government sought and received repeated renewals of this order, including in December 2008---just before it discovered a really big problem.

The next day, the Justice Department notified the FISA Court, as the government later summarized, that the alert list “included telephone identifiers that were not RAS-approved, as well as some that were.” In fact, it had included a lot of non-RAS-approved identifiers. A few days later, NSA shut down the alert list process while it sought to figure out how to fix things.

• Who within the executive branch knew of this violation and when they learned of it;

• The period of time over which such unauthorized querying had been conducted;

• How the violation was discovered;

• How numerous officials in the Justice Department in charge of reviewing the telephony metadata program failed to identify the program earlier;

• The NSA’s standard for tasking telephone identifiers for collection and any limits on that standard under the First Amendment;

• The form in which the government stores data derived from the queries run against the business records; and

• How the government would identify and destroy information derived from the inappropriate queries.