National Security Agency broke court rules with queries of phone database
Organisation declassifies documents on privacy protections between 2006 and 2009
The National Security Agency campus in Fort Meade, Maryland. The agency has secretly circumvented or cracked much of the digital scrambling that protects global commerce, e-mails, phone calls, medical records and web searches, according to newly disclosed documents. Photograph: Government handout via The New York Times
The National Security Agency routinely violated court-ordered privacy protections between 2006 and 2009 by examining phone numbers without sufficient intelligence tying them to associates of suspected terrorists, according to US officials and newly declassified documents.
The Foreign Intelligence Surveillance Court, which oversees requests by spy agencies to tap phones and capture email in pursuit of information about foreign targets, required the NSA to have a “reasonable articulable suspicion” that phone numbers were connected to suspected terrorists before agents could search a massive call database to see what other numbers they had connected to, how often and for how long.
But between 2006 and 2009, the agency used an “alert list” to search daily additions to the US calling data, and that list contained mostly numbers that merely been deemed of possible foreign intelligence value, a much lower threshold.
The alert list grew from about 3,980 phone numbers in 2006 to 17,835 by early 2009, and only 2,000 of the larger number met the required standard for certified reasonable suspicion of a terrorist tie, officials said.
Each inquiry could scan for the phone number’s called contacts and then those people’s contacts, so that many more US residents could have been swept up.
But in official briefings for the press yesterday, intelligence authorities said that those numbers on the alert list were only checked against new calls, not the historical record of all calls, so that no full “chain analysis” usually resulted.
“This was used by analysts to try to prioritise their work,” one official said. “If you’re trying to pick 25 players for a major league baseball team, you might give 500 a tryout.”
But about 600 US numbers were improperly passed along to the Central Intelligence Agency and Federal Bureau of Investigation as suspicious, the records show.
In addition, scores of analysts from the sister agencies had access to the calling database without proper training.
The new disclosures add a fresh perspective to recent statements by the NSA Director Keith Alexander than only 300 or so numbers were run against the master calling database in 2012.
That was years after the secret court concluded it had been badly misled, ordered a temporary halt to the automated searches, and mulled contempt proceedings before the NSA drastically curtailed its practices.
In January 2009, the court ruled that the alert-list procedure was “directly contrary to the sworn attestations of several executive branch officials.”
Alexander and other officials responded with filings maintaining that no one at the NSA had fully understood all of the rules around the calling-records database, the software used to search it, and the significance of internal markings.