The National Security Agency violated the court-approved rules for operating the bulk phone records collection program for years, violating Americans’ privacy rights, according to a cache of court and government documents released Tuesday by National Intelligence Director James Clapper.
Since former intelligence contractor Edward Snowden leaked information about the phone metadata program, government officials have promised that Americans’ sensitive phone call information is put into a database and rarely searched. But what the officials failed to note is that for years, the NSA compared each day’s incoming data to a list of thousands of suspect phone numbers, called the “alert list,” before the numbers made it into the database. The vast majority of the alert list numbers were not allowed to be used in this way.
Stressing the privacy protections in place for the program, officials have described a process wherein only a limited number of suspicious phone numbers -- 300 in the last year -- were used to query the database. For each of those numbers, there must be a “reasonable articulable suspicion” that it is linked to terrorist activity -- what is referred to at the NSA as “RAS approved.”
The major violation revealed in Tuesday’s documents is that for nearly three years after the Foreign Intelligence Surveillance Court (FISC), which oversees the NSA’s data requests, authorized the bulk phone program in May 2006, the NSA was using unapproved phone numbers, called “selectors,” to compare against incoming numbers. To make matters worse, the NSA misled the court so that the error was not discovered for years. Senior intelligence officials Tuesday said that it had not meant to mislead the court.
Senior intelligence officials stressed Tuesday that the errors were unintentional, due to the fact that "there was nobody at the NSA who had a full understanding of how the program worked.” According to a FISC order from March 2009 addressing the violations, however, the court wrote that the government's excuse for non-compliance stemmed from an interpretation of the FISC's orders that "strains credulity."
"[S]uch an illogical interpretation of the Court's Orders renders compliance with the RAS requirement merely optional," Judge Reggie B. Walton wrote.
Tuesday’s disclosures were the result of a lawsuit filed years ago by the Electronic Frontier Foundation, whose legal case was aided by Snowden’s disclosures.