The National Security Agency (NSA) didn’t follow some of its own required procedures meant to protect the privacy of U.S. citizens, a new report by the NSA’s Inspector General revealed Monday.
In its semi-annual report to Congress, the Office of the Inspector General for the NSA found failures in the agency’s procedures under Section 702 of the Foreign Intelligence and Surveillance Act (FISA).
Section 702 of FISA describes how U.S. intelligence agencies may conduct warrantless surveillance of the communications of suspicious non-citizens on foreign soil. The section also describes how intelligence officials may access the sensitive information and communications of U.S. persons (USPs), if there is probable cause they are working for or in contact with suspicious non-citizens.
The inspector general’s report said evaluation efforts “revealed several issues that, if not addressed, have the potential to impact the effectiveness of the Agency’s internal controls used to protect the civil liberties and privacy rights of USPs.”
The report said investigators found NSA queries for U.S. person “selectors” — the agency’s term or FISA search terms — that did not follow Foreign Intelligence Surveillance Court (FISC)-approved procedures.
“While NSA has implemented both preventative and detective controls, the Agency has not completed the development of a preventative system control that performs pre-query validation to notify analysts of potential
noncompliance with NSA query procedures or policy problems prior to query execution,” the report said.
The report further discovered the NSA did not always document USP selector information on its FISA search tools.
“The lack of consistency limited the ability to fully and accurately search the
module’s contents,” the report said. “Furthermore, data standards were not fully addressed in NSA’s tool, and the tool lacked standard operating procedures that were accessible to analysts with access to the tool.”
The report also said the agency’s Rules-Based Targeting (RBT) — the NSA targeting tool’s method of automating site selections when targeting a given selector — and the agency’s surveillance targeting distribution raised the likelihood that the agency might inadvertently choose selectors that are prohibited under the applicable NSA signals intelligence (SIGINT) collection authorities.
The inspector general made 13 recommendations to better protect the private information of USPs from improperly being accessed. The report said the agency completed seven of those recommendations before the publication of the report and the agency has actions planned that satisfy the other recommendations.
“The NSA remains fully committed to the rigorous and independent oversight provided by the NSA inspector general’s office,” an NSA spokesman told CNN. “NSA continues to employ measures to assist analysts in conducting their work compliantly with civil liberties and privacies protections. As the OIG included in its report, the agency has in place multiple processes to aid in ensuring query compliance.”