Feeds

Declassified documents show NSA staff abused tapping, misled courts

And that's just the non-redacted stuff

Reducing security risks from open source software

The US Office of the Director of National Intelligence (ODNI) has declassified 1,800 pages of documents that indicate that the NSA routinely overstepped its authority and misled oversight bodies about the surveillance of US citizens.

"In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive intelligence collection programs undertaken under the authority of the Foreign Intelligence Surveillance Act (FISA) while being mindful of the need to protect national security," said James Clapper, director of national intelligence in a Tumblr posting.

"These documents were properly classified, and their declassification is not done lightly. I have determined, however, that the harm to national security in these circumstances is outweighed by the public interest."

The documents are currently being pored over by legal experts, but early scans show that between May 24, 2006 and February 17, 2009, the NSA was monitoring 17,835 phone accounts, barely 2,000 of which had "reasonable articulable suspicion" of wrongdoing – a requirement for such surveillance to be legal.

During a judicial review of the program, the NSA said that the problems stemmed from the fact that the information-gathering infrastructure was so complex that "there was no single person with a complete understanding of the FISA system architecture," but that a thorough technical review carried out in 2009 should have sorted things out.

In addition, many NSA analysts were able to access the metadata on phone records without proper training or authorization, or in 32 cases without even knowing that they were accessing restricted data. Filters designed to stop over-collection of data were not activated for months after their installation.

FISC Judge Reggie Walton, in a 2009 ruling, was certainly less than impressed. "To approve such a program, the Court must have every confidence that the government is doing its utmost to ensure that those responsible for implementation fully comply with the court's orders. The Court no longer has such confidence."

In a statement, the Electronic Frontier Foundation pointed out that Director "depends what you mean by collect" Clapper is somewhat disingenuous in saying the documents were released as part of a drive for openness, since the Department of Justice was forced to declassify the documents after the EFF won a Freedom of Information Act case last week.

"Incredibly, intelligence officials said today that no one at the NSA fully understood how its own surveillance system worked at the time so they could not adequately explain it to the court," said Trevor Timm, EFF digital rights analyst. "This is a breathtaking admission: the NSA's surveillance apparatus, for years, was so complex and compartmentalized that no single person could comprehend it.

"As it's been clear to us and to an increasing percentage of the American public, making public how the government interprets our laws is not only NOT dangerous, but is vital to our democracy." ®

Maximizing your infrastructure through virtualization

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.