http://www.techdirt.com/articles/20131119/13573025294/nsa-memo-shows-unlimited-access-to-bulk-records-unnecessary-to-keep-us-safe-terrorists.shtml
(Click here for full version)<< NSA Memo Shows Unlimited Access To Bulk Records Unnecessary To Keep US Safe From Terrorists (Failures) >>by Tim Cushingfrom the but,-of-course,-the-program-must-not-be-restricted-in-any-waydept on Wednesday, November 20th, 2013 @ 8:34AMThe DNI's recent document dump has sprung loose an April 2009 "notification memorandum" from the NSA, which provides updates on its "end-to-end" reviews of both the Section 215 (phone metadata) and the Section 402 (email metadata) bulk records collections. As was noted in earlier posts, both programs were suspended by the FISA court because of the NSA's routine abuse FISA Act limitations. The declassified document is addressed to the Senate Select Committee on Intelligence (SSCI). There's no indication this information was also disseminated to the House Intelligence Committee, but perhaps that will surface in the future. The memo spends a few introductory paragraphs detailing the efforts the NSA has made to clean up its act before delving into more interesting details -- including the limitations placed on the Section 215 collection by the Judge Walton, as well as a new problem it uncovered during its 60-day "end-to-end" reviews. Here are the rules the NSA was forced to comply with under Walton's court order.Since the March 5, 2009 FISA Court order, the Court's approval has been required for each selector before it is tasked for BR FISA metadata analysis. On Mar 21 NSA resumed manual access to BR FISA metadata, allowing chaining [redacted] of FISA Court-approved selectors associated with [redacted] following multiple operational and technical reviews to ensure compliance.This explains ODNI counsel Robert Litt's hesitancy to store metadata at a "neutral site." To do so would mean returning to 2009's restrictions -- which were brought on by the agency's own malfeasance. Utilizing a neutral site would likely mean the FISA court would be approvingselectors rather than granting permission for rolling, 90-day collections of all phone records. Also of note is how fewcourt-approved selectors there were at that point.A limited number of NSA analysts are now performing manual queries against 209 FISA Court-approved high-priority selectors daily…Once again, hauling in millions of phone records seems like overkill. Since the agency has had (serious) trouble with adhering to the RAS (reasonable articulable suspicion) requirement, it would make more sense to return to this limitation if the Section 215 program is to remain running. With two bulk data programs suspended or significantly altered between 2009-2010, the US still somehow managed to avoid being overrun with terrorist attacks. If the program can't be eliminated, at the very least, it should return to this more minimal standard -- seeking court approval for RAS-compliant selectors and searching offsite, rather than simply amassing millions of non-relevant phone records. Further down, more incidents of data abuse/misuse are detailed, this time at the hands of other agencies which were given access to the metadata collections[Redacted; presumably includes a start date] NSA and DIA entered into a pilot program which allowed the DlA's Joint Intelligence Task Force - Combating Terrorism (JITF-CT) access to counterterrorism-related SIGINT information, including SIGINT collected pursuant to the Foreign Intelligence Surveillance Court's (FISC) [redacted] . Access to this FISA data was controlled and was limited to JITF-CT who had undergone training on the application of NSA minimization procedures to the FISA data and who were subject to NSA oversight of their activities. Moreover, these personnel were required to coordinate with NSA regarding dissemination of the information outside of JITF-CT.The NSA made these Task Force members "employees" in order to grant them the privileges needed to access the metadata collection in its unminimized form. While conducting a review of its systems in 2008, the NSA found that one database (name redacted in memo) "lacked sufficient controls." The database was shut down and resurrected with "correct" controls implemented. Unfortunately, it was this "uncontrolled" database that its new honorary employees had access to. The NSA revoked Task Force members' access to the databases but was unable to determine explicitly whether any sort of unauthorized access had occurred. Instead of presenting a possible worst-case scenario, the agency memo delivers this powerful statement of (misplaced) faith.[A sentence and half worth of redacted text] there is no way to determine whether, in fact, JITF-CT analysts accessed it without authorization. However, even if such access occurred, the analysts were trained in routine minimization procedures and were required to coordinate with NSA regarding dissemination of information outside JITF-CT…Of course. Because the training and minimization procedures have always prevented actual NSA employees from abusing the bulk records collections. This isn't the only case of problematic shared access. Another agency is discussed in a heavily-redacted paragraph. This unnamed agency was given access to unminimized X-KEYSCORE SIGINT data. Among the other unredacted sentences is one stating that this access is "predicated" on the principle that "collaboration is essential" to prevent terrorist attacks. Whichever agency isnot being named here doesn't seem to have held up its end of the bargain, which resulted in the (perhaps temporary) suspension of its access to the data.On review of this access NSA is considering whether allowing this [redacted] access to unminimized SIGINT collection fully complies with NSA procedures.Whether or not that access has been returned is still open for debate considering the agency's name has been hidden away under the black and turquoise [!?] ink. Whatisn't open to debate is the fact that the NSA continues to struggle with handling its data collections responsibly. As more documents are pried loose thanks to the ACLU and EFF's efforts, I'm sure we'll see even more evidence that the agency isn't nearly as careful as its defenders assert it is.DOCUMENTPAGESZoomp. 4p. 5p. 6LoadingLoading«Page 6 of 6»3 Comments
by Anonymous Coward on Nov 20th, 2013 @ 8:55am
has taken long for this pearl of wisdom to come out, has it? everyone knew this. the security services knew it, but whoever the Fascist arse hole is that is forcing it to be done, not just here but in almost every so-called democratic country as well, whether friend or foe, just wants to be able to carry on doing it. it has nothing to do with terrorism! it is all about trying to ensure that certain laws that will be of benefit to certain countries and certain industries, can go through and that anyone trying to organise resistance and marches against governments can be identified, arrested (probably in the dead of night, as in Nazi Germany) so as to put the fear of Christ up them! it makes me wonder if the relatives of those that were taken to countries like the USA and UK have started a new movement, to try to finish what Hitler started! why else would every country be trying to stifle everything that would benefit the people and promote everything that will benefit industries and be detrimental to the people?[reply]
by Anonymous Coward on Nov 20th, 2013 @ 9:11am
I think I hear Mike Rogers yelling about something.... That's probably a good thing.[reply]
Re: by Anonymous Coward on Nov 20th, 2013 @ 10:22am
yeah, it's frightening really. As I see it there has to be an end game in mind here - but it's secret, right? cause, that's they way it rolls.A) They're doing it because they canB) Chaos is about to be created by ruling elites and nature and it needs to be controlled/policedC) it's all about future and present manipulation of populations into accepting a reality they will surely otherwise disagree withD) All of the above[reply]
Leave a comment...
NameEmailURLSubjectComment <<>>
No comments:
Post a Comment