As soon as Dianne Feinstein said she didn’t receive notice of 12333 violations …
By law, the Intelligence Committee receives roughly a dozen reports every year on FISA activities, which include information about compliance issues. Some of these reports provide independent analysis by the offices of the inspectors general in the intelligence community. The committee does not receive the same number of official reports on other NSA surveillance activities directed abroad that are conducted pursuant to legal authorities outside of FISA (specifically Executive Order 12333), but I intend to add to the committee’s focus on those activities.
… I recognized something Marc Ambinder laid out here: the Intelligence Committees wouldn’t get notice of collection of US person content off switches.
NSA gives Congress detailed narratives of violations of the FISA-authorized data sets, like when metadata about American phone records was stored too long, when a wrong set of records was searched by an analyst or when names or “selectors” not previously cleared by FISA were used to acquire information from the databases. In these cases, the NSA’s compliance staff sends incident reports to the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence for each “significant” FISA violation, and those reports include “significant details,” the official said.
But privacy violations of this sort comprise just one third of those analyzed by the inspector general. Of the 2,776 violations reported by the NSA from May 2011 to May 2012, more than two-thirds were counted as E.O. 12333 incidents. And the agency doesn’t provide Congress detailed reports on E.O. 12333 violations.
In some ways, it’s a distinction without a difference: it does not matter to U.S. citizens whether their phone call was accidentally intercepted by an analyst focusing on U.S.-based activities or those involving a foreign country. But the difference is relevant as it keeps Congress uninformed and unable to perform its oversight duties because the NSA doesn’t provide the intelligence committees with a detailed narrative about the latter type of transgressions.
For example, if someone’s e-mails were inadvertently obtained by the NSA’s International Transit Switch Collection programs, it would count as 12333 error and not a FISA error, even though the data was taken from U.S. communication gateways, and NSA would not notify Congress. The document specifies four such programs: ORANGEBLOSSOM, FAIRVIEW, STORMVIEW and SILVERZEPHYR.
That’s important because the violation the FISA Court ruled illegal on October 3, 2011 involved some kind of upstream collection. Here’s how Barton Gellman described it.
In what appears to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection.
The operation to obtain what the agency called “multiple communications transactions” collected and commingled U.S. and foreign e-mails, according to an article in SSO News, a top-secret internal newsletter of the NSA’s Special Source Operations unit. NSA lawyers told the court that the agency could not practicably filter out the communications of Americans.
In October 2011, months after the program got underway, the Foreign Intelligence Surveillance Court ruled that the collection effort was unconstitutional. The court said that the methods used were “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion, and it ordered the NSA to comply with standard privacy protections or stop the program.
Now, that collection should have been briefed to Congress, because it counts as Section 702 collection (which is why the FISC got to review it). But maybe it didn’t, until the FISC ruled it.
But what if it wasn’t?
As I noted earlier, the NSA started counting violations of US person collection differently in the first quarter of 2012 which (they claim) resulted in a significant increase of those violations. Which suggests there may be a tie between the 702 collection and the 12333 collection.
But I do wonder whether Congress didn’t see the illegal practice because it was hidden under 12333 collection?