A year ago, Congress passed the Protect America Act, a broad surveillance effort allowing the National Security Agency to monitor international communications of citizens. The privacy implications of the legislation’s verbiage were immediately recognized, but the law was probably backward compatible with what the NSA said they were doing or the bill’s authors understanding of what the NSA was doing.
It seems the bill wasn’t broad enough, or perhaps the descriptions of what was happening were distorted. Actually, the New York Times reports,
[T]he N.S.A. had been engaged in “overcollection” of domestic communications of Americans. They described the practice as significant and systemic, although one official said it was believed to have been unintentional.
From a network perspective, this sort of mistake is easy to make. When dealing with network or Internet routing, (which is what allows the wiretapping to copy/redirect traffic) something called a bit-mask looks for specific patterns in Internet addresses, signifying the originator or destination of the traffic. The bit-mask is essentially a secret decoder ring included in a cereal box – drop the first 4 characters and read the next 12. And it’s not just one bit-mask that’s controlling the data collections – it’s likely hundreds or thousands of rules differentiating satellite traffic from ground, international calls vs. local exchanges. I’ll give them the benefit of the doubt on this one. Policy and change control will keep many of these problems at bay, and the Times story suggests that the Department of Justice verified the over-collection issue has been rectified.
Within the same story, the Times reports on potential abuses of power. Should the NSA have followed the same protocols and procedures with everyone, even a Congressman? When exceptions are made, people’s judgment may cloud a real problem – Robert Hanssen anyone? It’s really a non-starter, as this was before the Protect America Act, and there was no court that authorized the taps. Someone made the right choice.
Admiral Dennis Blair, the Director of National Intelligence, responded to the allegations says in a statement:
Under these authorities the officers of the National Security Agency collect large amounts of international telecommunications, and under strict rules review and analyze some of them. These intercepts have played a vital role in many successes we have had in thwarting terrorist attacks since 9/11. On occasion NSA has made mistakes and intercepted the wrong communications. The numbers of these mistakes are very small in terms of our overall collection efforts, but each one is investigated, the Congress and the courts are notified, corrective measures are taken, and improvements are put in place to prevent reoccurrences.
Let me clear, I do not and will not support any surveillance activities that circumvent established processes for their lawful authorization and execution. Additionally, we go to great lengths to ensure that the privacy and civil liberties of U.S. persons are protected.
They’re doing a hard job, and no one could envy them. But there is an erosion of civil liberties going on, and we all must keep watch of the watchers. Even innocent mistakes could be costly.