More like this

Security

NSA's Christmas Eve confession: We unlawfully spied on you for 12 years, soz

Agency cynically dumps blunder dossier at 1:30pm on Dec 24

Slipping out unpleasant news at awkward times is a well-known PR practice – but the NSA has excelled itself by publishing on Christmas Eve internal reports detailing its unlawful surveillance.

The agency dumped the docs online shortly after lunchtime on December 24, when most journalists are either heading home to their families or already drunk.

The quarterly reports were created for the President’s Intelligence Oversight Board (PIOB), and cover the spying powerhouse's conduct from the final quarter of 2001 to the first half of last year.

The files have been heavily censored, but still manage to show that, either by accident or design, NSA staff routinely engaged in illegal surveillance with almost no comeback from management.

Take, for example, the case of a female analyst who used the NSA's vast databases to conduct a little research on her husband. The report covering the first quarter of 2012 states that she accessed her hubby's personal telephone records to look for possible "targets," over a period of three years, and when found out was "advised to cease her activities."

In the same quarter, a spot check discovered three analysts without proper clearance were snooping through data collected under the Foreign Intelligence Surveillance Act. Follow-up checks found another nine analysts who were doing the same thing, and all had their access to that data revoked.

A report from 2003 found that at Edward Snowden's old office, the Kunia Regional Security Operations Center, a contractor working as a systems administrator used the account of an accredited analyst to conduct their own research. When this was discovered, the contractor got a briefing on proper security procedures, the report states.

Judging from the hundreds of reports of mistakes being made, the NSA should perhaps spend a little less time and money breaking into the computer systems of friendly powers, and a lot more training its staff.

Page after page of reports detail how someone accessed the wrong data by mistake, or inadvertently, or even a couple of cases of analysts ending up searching for their own data in the NSA's files. Emails containing raw signals intelligence were also sent out to people without clearance, who were then asked to delete the data and, presumably, try to forget they'd seen it.

Not that it matters that much; as long as the NSA continues to file the reports with PIOB, it is fulfilling its regulatory requirements by law. But it doesn't have to tell the public, which provides its tax-funded activities, however – that takes a lawsuit.

Which is why we have the documents now. The civil liberties body ACLU sued the NSA for the right to see the reports, and the courts sided with the group. The organization was only able to file the request thanks to knowing specifically what to ask for, thanks to internal documents leaked to the world by Edward Snowden. ®

Sponsored: The Nuts and Bolts of Ransomware in 2016