Declassified Files Show FBI and NSA Routinely Broke Privacy Rules Under Obama

The documents cover compliance with privacy rules between 2009 and 2016. Released under a Freedom of Information Act request from the ACLU, they offer extensive detail on the two spying agencies' apparent inability to obey their own rules. In all, the memos outline over 90 incidents in which the FBI and NSA violated restrictions on data collection, with many episodes involving multiple people and multiple violations over extended periods of time.

The NSA was quick to respond that the missteps documented in the files represent less than one percent of the data it collected during the period, and praised its internal compliance program for rooting out the abuses.

However, such reassurances will likely provide little comfort to privacy advocates, as the data was collected under Section 702 of the Foreign Intelligence Surveillance Act. Highly controversial, the provision allows for warrantless surveillance of foreign individuals and powers, and retain data incidentally collected on US citizens (again without warrant).

Moreover, the ACLU stated the two agencies' privacy protection rules are "weak" and "full of loopholes" — as a result, the scale of effective abuse is likely even higher than that documented. The US' strict rules on the procurement of warrants before enacting searches and collecting information on private individuals date back to the country's very founding — and theoretically extend to modern US citizens' phone calls, emails, and internet browsing in the 21^st century.

The memos arguably confirm what civil liberties and privacy campaigners have long suspected, and feared — under Section 702: improperly obtained data on private US citizens was retained, rather than destroyed, the names of innocent Americans were shared within the intelligence community without redaction, data the agencies were precluded from intercepting was intercepted, the NSA repeatedly failed to comply with documentation requests justifying intercepts or searches, "overly broad" queries were used to "overcollect" data, and improper searches of intercepted data were regularly conducted.

In one complaint, an NSA analyst made the same improper query concerning a particular US individual "every work day" between 2013 and 2014.

Lesser crimes still have the capacity to shock — while the NSA is required to delete incidentally secured data on US citizens within five days, on average it took 19 days for the agency to comply with the rule. In one instance, 131 business days elapsed before removal. On occasion, the NSA also granted itself immunity from rules requiring the immediate destruction of improperly intercepted communications in order to justify extended retention — the agency is supposed to destroy any intercept if it determines the data was domestically gathered (i.e. if someone was intercepted on US soil without a warrant, when the agency thought they were still overseas).

Former Bush administration Homeland Security official Stewart Baker told the Daily Caller it is extremely difficult to exclude American communications from Section 702 intercepts since it is hard to instantly determine if any given party to a phone or email conversation is an American citizen.

Baker described Section 702 as an "effective program that can't really work if we try to exclude Americans' communications," and suggested tightening up the unmasking rules.

The Heritage Foundation reached a similar conclusion in a May 2016 report, concluding that the effectiveness of 702 intercepts against terrorist conspirators justified renewal of the program in 2017. Heritage researchers viewed the majority of the compliance violations known at the time as mistakes, rather than deliberate abuse.

The FISA Amendments Act, which includes Section 702, is set to expire December 31. Despite President Donald Trump's criticism of intercepts, his administration generally favors renewal, on a potentially permanent basis. The NSA alone targets over 100,000 individuals annually under Section 702.

In annual and quarterly compliance reports on Section 702 violations, intelligence agencies estimate the number of violations has averaged between 0.3 percent and 0.6 percent of total number of intercepts since 2009.

The actual compliance incident total is classified, but publicly available data suggests the number is in the thousands since Section 702 was fully implemented. An equivalent assessment of violations during the Trump administration's first year will be released next spring.

The continuation of Section 702 is not without supporters, however — Mark Rossini, a former FBI Special Agent, is among them.

"There's no one I worked with in the 18 years I worked for the US government that specifically abused their authority to target someone. How can you be held accountable — face disciplinary action and be demoted or fired — when you had no intent to commit such violations? Show me a single example where an NSA employee targeted an enemy of theirs. Show me a systemic pattern of authorized abuse," Mr. Rossini told Sputnik.

He added that citizens must educate themselves about what the US government does and doesn't do, beyond sensationalist media headlines — and urged against falling into conspiracy theory on intelligence topics.

"702 should continue absent any specific evidentiary claim that someone's life has been ruined, or their liberties have been violated. Don't just believe what you want to believe because you don't want to accept reality," Mr. Rossini concluded.