The FBI and National Security Agency improperly searched, stored and distributed raw intelligence on Americans, according to recently declassified documents about the controversial Section 702 surveillance program.
The documents, released earlier this month in response to a lawsuit from the American Civil Liberties Union (ACLU), reveal specific violations that the FBI and NSA disclosed to the Foreign Intelligence Surveillance Court (FISC) or the Justice Department's national security division during President Barack Obama’s time in office, between 2009 and 2016.
Reviewing the documents, The Hill found more than 90 incidents that specifically cited an impact on Americans, who are not supposed to be affected by 702 surveillance. Many of the incidents involved multiple people, multiple violations, or extended periods of time, the newspaper noted.
One analyst ran the same search on an American citizen “every work day” for a period of time in 2013 and 2014.
In 2015, the NSA issued a report that included the name of an American “whose identity was not foreign intelligence,” according to one incident report. The agency eventually discovered the error and “recalled” the information.
There were several other instances where names of Americans were improperly shared with other intelligence agencies without being redacted, violating minimization procedures. The information had to be recalled and purged after the fact, according to The Hill.
“CIA and FBI received unminimized data from many Section 702-tasked facilities and at times are thus required to conduct similar purges,” one report said.
The FBI disclosed three instances of “improper disseminations of US persons identities” between December 2013 and February 2014.
Though the law requires the NSA to notify other intelligence agencies within five days if and when it wrongly disseminates information about Americans, the documents showed that the average notification time was 19 days, and in some cases took as long as 131 business days.
The NSA says the mistakes amount to less than 1 percent of surveillance intercepts through the Section 702 program, which was established by Congress in late 2008.
“The National Security Agency has in place a strong compliance program that identifies incidents, reports them to external overseers, and then develops appropriate solutions to remedy any incidents,” NSA spokesman Michael Halbig told The Hill. “Quite simply, a compliance program that never finds an incident is not a robust compliance program.”
“We believe that, particularly when compared with the overall level of activity, the compliance incident rate is very low,” Alexander Joel, head of the Office of Civil Liberties, Privacy and Transparency for the director of national intelligence, told The Hill.
Oversight and compliance procedures intended to safeguard Americans are “robust and effective,” the FBI said in a statement. “Section 702 is vital to the safety and security of the American people. It is one of the most valuable tools the Intelligence Community has, and therefore, is used with the utmost care by the men and women of the FBI so as to not jeopardize future utility.”
The ACLU, which obtained the documents on July 11 after filing a Freedom of Information Act (FOIA) lawsuit, is not convinced.
“The NSA claims it has rules to protect our privacy, but it turns out those rules are weak, full of loopholes, and violated again and again,” said Patrick Toomey, an ACLU attorney in New York who was involved in the FOIA litigation.
“What we’re now seeing is a history of the NSA not being able to police itself,” Neema Guliani, ACLU chief legislative counsel, told The Hill. “All of this raises questions about whether the procedures the agencies have put forth are really being followed in all cases.”
Shortly before the end of his term in office, in January 2017, Obama "eviscerated" the previously existing limits on sharing of raw NSA intelligence with domestic law enforcement agencies. The full effect of that decision will not be known until the next NSA compliance report, due in April 2018.