re: Mapping Terror Networks: Why Metadata Matters

quote:

---

That has already been shown to abuse the power?

---

quote:

---

The documents released today were provided to Congress at the time of the events in question and include orders and opinions from the Foreign Intelligence Surveillance Court (FISC), filings with that court, an Inspector General Report, and internal NSA documents. They describe certain compliance incidents that were discovered by NSA, reported to the FISC and the Congress, and resolved four years ago. They demonstrate that the Government has undertaken extraordinary measures to identify and correct mistakes that have occurred in implementing the bulk telephony metadata collection program – and to put systems and processes in place that seek to prevent such mistakes from occurring in the first place.

More specifically, in response to the compliance incident identified in 2009, the Director of NSA instituted a number of remedial and corrective steps, including conducting a comprehensive “end-to-end” review of NSA’s handling of telephony metadata obtained under Section 501. This comprehensive review identified additional incidents where NSA was not complying with aspects of the FISC’s orders.

The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC. As discussed in the documents, there was no single cause of the incidents and, in fact, a number of successful oversight, management, and technology processes in place operated as designed and uncovered these matters.

Upon discovery of these incidents, which were promptly reported to the FISC, the Court, in 2009, issued an order requiring NSA to seek Court approval to query the telephony metadata on a case-by-case basis, except when necessary to protect against an imminent threat to human life. Thereafter, NSA completed its end-to-end review and took several steps to remedy these issues, including making technological fixes, improving training, and implementing new oversight procedures. These remedial steps were then reported to the Court, and in September 2009, the Court lifted the requirement for NSA to seek approval to query the telephony metadata on a case-by-case basis and has since continuously reauthorized this program. The Intelligence and Judiciary Committees were informed of the compliance incidents beginning in February 2009 and kept apprised of the Government’s corrective measures throughout the process, including being provided copies of the Court’s opinions, the Government’s report to the Court, and NSA’s end-to-end review.

Upon discovery of these issues in 2009, NSA also recognized that its compliance and oversight infrastructure had not kept pace with its operational momentum and the evolving and challenging technological environment in which it functioned. Therefore NSA, in close coordination with the Office of the Director of National Intelligence and the Department of Justice, also undertook significant steps to address these issues from a structural and managerial perspective, including thorough enhancements to its compliance structure that went beyond this specific program. For example, in 2009, NSA created the position of the Director of Compliance, whose sole function is to keep all of NSA’s mission activities consistent with the law and applicable policies and procedures designed to protect U.S. person privacy by strengthening NSA’s compliance program across NSA’s operational and technical personnel. NSA also added additional technology-based safeguards, implemented procedures to ensure accuracy and precision in FISC filings, and initiated regular detailed senior leadership reviews of the compliance program. NSA has also enhanced its oversight coordination with the Office of the Director of National Intelligence and the Department of Justice.

Since 2009, the Government has continued to increase its focus on compliance and oversight. Today, NSA’s compliance program is directly supported by over three hundred personnel, which is a fourfold increase in just four years. This increase was designed to address changes in technology and authorities and reflects a commitment on the part of the Intelligence Community and the rest of the Government to ensuring that intelligence activities are conducted responsibly and subject to the rule of law. NSA’s efforts have proven successful in its implementation of the telephony metadata collection program since the changes made in 2009. Although there have been a handful of compliance incidents each year, these were the result of human error or provider error in individual instances and were not the result of systemic misunderstandings or problems of the type discovered in 2009. Each of these individual incidents upon identification were immediately reported to the FISC and remedied.

Moreover, the FISC in September of 2009 relieved the Government of its requirement to seek Court approval to query the metadata on a case-by-case basis and has continued to reauthorize this program. Indeed, in July of this year the FISC once again approved the Government’s request for reauthorization.

---