In a white paper claiming “the American people deserve to know what we are doing to protect both” privacy and liberty, and security, the government (Ellen Nakashima, at least, doesn’t specify which agency generated this) also includes this assertion:
The [dragnet metadata] program is subject to strict controls and oversight: the metadata is segregated and queries against the metadata are documented and audited.
The detail is one that NSA Director Keith Alexander had already claimed in his testimony before the Senate Appropriations Committee last week. He claimed,
Every time we query that database, it’s auditible by the committees, by DOJ, by the court, by the Administration.
In a telling comment to the press the other day, though, Dianne Feinstein, whose staffers on the Intelligence Committee would be the ones auditing the queries, said this:
Asked to confirm that intelligence officials do not need a court order for the query of the number itself, Feinstein said, “that’s my understanding.”
I found it really strange that a person who should be solidly in the thick of the audits Alexander was boasting about didn’t even seem sure about how someone accessed the database.
But then, Alexander said they were “auditable,” not that they were audited by all these people.
One of just a few explanations about oversight in a document trying to prove the government protects our privacy and liberty might be more persuasive if they weren’t presented in the passive voice. It doesn’t sound like DiFi knows Congress could audit the document; I wonder if the FISA Court, which Alexander claims also can audit the data, knows it can (I’d also like to see someone audit the claim it is segregated; is it ever copied?).
The white paper’s statements about the 702/PRISM program are equally unsatisfying.
Congress requires the Government to develop and obtain judicial approval for “minimization” procedures to ensure appropriate protection of any information about U.S. persons that may be incidentally acquired. The Government did that, and its procedures were approved by the Foreign Intelligence Surveillance Court.
As I’ve noted repeatedly, the FISC doesn’t get to review compliance with these procedures, only the adequacy of them if applied as promised. And since this white paper makes no claims that the government can’t access this US person data — which, after all, includes content and metadata — it suggests the most sensitive collection for Americans has only internal (DOJ and ODNI review) safeguards for Americans’ Internet communications.
Effectively, in addition to providing further evidence for Mark Udall’s assertions that the government could accomplish what it says it is doing via other, far less sensitive means, this document only serves to show how inadequate the oversight of these programs is.