The National Security Agency is deleting more than 685 million call records the government obtained since 2015 from telecommunication companies in connection with investigations, raising questions about the viability of the program.
The NSA’s bulk collection of call records was initially curtailed by Congress after former NSA contractor Edward Snowden leaked documents revealing extensive government surveillance. The law, enacted in June 2015, said that going forward, the data would be retained by telecommunications companies, not the NSA, but that the intelligence agency could query the massive database.
Now the NSA is deleting all the information it collected from the queries.
The agency released a statement late Thursday saying it started deleting the records in May after NSA analysts noted “technical irregularities in some data received from telecommunication service providers.” It also said the irregularities resulted in the NSA obtaining some call details it was not authorized to receive.
That points to a failure of the program, according to David Kris, a former top national security official at the Justice Department.
“They said they have to purge three years’ worth of data going back to 2015, and that the data they did collect during that time — which they are now purging — was not reliable and was infected with some kind of technical error,” said Kris, founder of Culper Partners, a consulting firm in Seattle. “So whatever insights they were hoping to get over the past three years from this program of collection … is all worthless. Because of that, they are throwing all the data away and basically starting over.”
Christopher Augustine, an NSA spokesman, disagreed with the claim that the program had failed.
“This is a case in which NSA determined that there was a problem and proactively took all the right steps to fix it,” he said.
The agency has reviewed and re-validated the intelligence reporting to make sure it was based only on call data that had been properly received from the telecommunication providers, he said. The agency declined to assign blame, and said the “root cause of the problem has since been addressed.”
Sen. Ron Wyden, D-Ore., a staunch advocate of privacy rights, placed the blame on the telecom companies providing the NSA with call records.
“This incident shows these companies acted with unacceptable carelessness, and failed to comply with the law when they shared customers’ sensitive data with the government,” he told The Associated Press in a written statement Friday.
Under law, the government can request information, such as the type of details that might be printed on a phone bill: the date and time of a call or text, a telephone calling card number, the duration of a call and to what phone number it was made. The details provided to the government do not include the content of any communications, the name, address or financial information of a customer, cell site location or GPS information.
If government investigators have reasonable suspicion that a certain phone number is being used by a terrorist, who might be in the U.S. or overseas, the government asks the phone companies which other numbers have been in touch with the suspicious number — something known as the “first hops” — and then which numbers are in touch with those numbers, the “second hops.”
The NSA collected more than 534.4 million details of calls and text messages in 2017 from American telecom providers like AT&T and Version, according to the most recent government report covering NSA surveillance activities that year. That was more than three times the 151.2 million collected in 2016.
The call records were part of an intelligence collection effort aimed at 42 targets in 2016 and 40 targets in 2017, according to the report. It defines a target as an individual, group of individuals, organization or entity.
Annual reports to Congress from the intelligence community are now required under the 2015 surveillance reform legislation. The law also requires the government to seek a court order to collect call records to obtain intelligence. Requests for records of U.S. citizens must be based on an investigation being conducted to protect against terrorism or clandestine intelligence activities and the probe cannot be conducted solely on activities protected by the First Amendment.
However, despite the reforms, the NSA still received some data from the telecommunications companies that the agency was not authorized to see and some of that data was erroneous, Augustine said.
“We cannot go into greater detail because those details remain classified. However, at no point in time did NSA receive the content of any calls, the name, address or financial information of a subscriber or customer, nor cell site location information or global positioning system information,” he said.
Privacy and civil rights advocates said the NSA announcement raised further concerns about the program.
“This is another in a series of failures that shows that many NSA spying programs have ballooned out of control and have repeatedly failed to meet the basic limits imposed by Congress and the FISA court,” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union in Washington. Guliani was referring to a U.S. federal court established and authorized under the Foreign Intelligence Surveillance Act to oversee requests for surveillance warrants.
She said the public has a right to know more about the cause and scope of the problem, such as how many of the records were obtained in error and whether the NSA notified any individuals that their information improperly ended up in the agency’s hands.