Re: NSA data mining shared with the DEA
Yeah we did know it was coming since I read it yesterday (along with the supporting documentation they provided.) And I'll tell you that the supporting documents don't at all paint the picture that the WP paints in their "interpretation" of the attached documents. For instance, the charts on pages 5 and 6 of the reports clearly show that the VAST majority of these incidents were from "roamer" situations where the NSA was targeting a valid foreign target that then popped up in the US, keeping in mind that EO 12333 prevents the NSA from targeting people who are in the US, regardless of whether they are a citizen or a foreigner. They also commented in the article about numerous serious infractions, but reading through the report there were only 2 significant issues of non-compliance mentioned - data found in a database on development machines (I'm assuming where they develop the tools and run data through to test them) and an incident of a US green card holder not being de-tasked when it was found he was a green card holder. Hardly the surveillance of millions of Americans. While the report refers to various appendices for complete detail on these cases, the Washington Post has not provided the appendices for us to read.
I also noted the article seemed to play loose with the information given. I'm assuming this is because they don't expect most readers to actually read the documentation. For instance, they used the following quote in the article as support of their claim that this information is more detailed than what is given to the intelligence agencies:
The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
As you can see, they are making a claim that this is more detail than Congress receives by summarizing this training document as telling people to cut out details, when if you read the document, you'll see that the information is not classified in the reporting tool so they tell them to leave out extraneous information to seemingly avoid putting classified information in there. They also state this later in the article on page 3:
Members of Congress may read the unredacted documents, but only in a special secure room, and they are not allowed to take notes. Fewer than 10 percent of lawmakers employ a staff member who has the security clearance to read the reports and provide advice about their meaning and significance.
I think that is also telling that certain members of Congress like to complain they're not kept informed, yet they don't even take the steps of getting their staff cleared to view this information they want to see.
In the very next quote, they state, without providing any supporting documentation at all:
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.
Yet in a different article by the WP, they expand on the fact that metadata only was collected and not the "interception of calls", which metadata collection was authorized by the court, so it was indeed not something that had to be reported as an infraction of the rules.
Here's another little jewel they hide away in the article:
The documents provided by Snowden offer only glimpses of those questions. Some reports make clear that an unauthorized search produced no records. But a single “incident” in February 2012 involved the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy, according to the May 2012 audit. Each file contained an undisclosed number of telephone call records.
So even though an incident among the "thousands of violations of privacy rules" yields no results (indicating it would seem that data is actually not collected on Americans), it's still counted as an incident. So while the number may be 2,200 (keeping in mind this is a compliance report, meaning it encompasses violations of anything, including internal NSA rules or standard procedures), it would seem that what the NSA considers an incident isn't what normal people would consider an incident (i.e. they fat fingered a phone number and heard all of my phone conversations.) Additionally, incidents like the one described at the end, where old data was found on development servers, are fairly common across any enterprise (old data left on development machines) and, while it should be remedied immediately upon discovery, isn't some insidious plot to collect and retain data on people.
I especially love this comment though:
The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.
If you read the "What's a violation" document, you'll see that incidental doesn't cover collecting records of an American, but instead covers collection of communications from a foreign target that contains information or is to/from a US person. In that case, the document states that the information concerning the US person should be removed and the foreign target should be the focus of the reporting. And it's not considered a violation because there are court approved minimization procedures in place for this exact purpose (they were leaked earlier, remember?) and so you're not violating a court order or policy because that exact situation is accounted for in the court order and policy. The last line is yet another example of WP's editorial contributions to make everything seem so malicious and that is actually a complete lie, given that the rest of the article and linked documentation is about NSA compliance reporting. They state earlier in the article that these reported violations can involve searches of US person data, yet then turn around and say the data can be searched freely. It's not the case that both can be true. You can either search freely or you can search and violate the regulations and laws.
I like the quote at the end from NSA the best though:
“I realize you can read those words a certain way,” said the high-ranking NSA official who spoke with White House authority, but the instructions were not intended to withhold information from auditors. “Think of a book of individual recipes,” he said. Each target “has a short, concise description,” but that is “not a substitute for the full recipe that follows, which our overseers also have access to.”
While the point being made is that the WP obtained the summary document without the details document that went with it which Congress does get, it also basically sums up the WP's summary of the documents and the exclusion of other documents they claim to have that they don't provide us. They provide us concise summaries of what they view to be important (usually mixed in with their own opinions), but don't provide us the full recipe to draw our own conclusions.
