incidental – Techdirt (original) (raw)

Wacky NSA Slide Tells Agents Not To Worry About 'Incidental' Collection Of Info On Americans

from the keep-on-searching... dept

There are so many incredible bits and pieces in Barton Gellman’s Washington Post expose on NSA abuse, that we’ve got a bunch of posts today digging deeper into various parts. For example, Gellman reveals a somewhat wacky presentation slide, complete with a palm tree graphic and with the somewhat folksy title:

Lesson 4: So you got a U.S. Person Information?

And then explains what to do about it. They’re pretty clear that if you’re directly targeting a US person, that’s a problem (and it is, because that’s illegal). If it’s considered “inadvertent,” then you also have to stop, write up an incident report and notify people. That sounds reasonable. But… then there’s the “incidental” section. Here, incidental is described as:

You targeted a legitimate foreign entity and acquired information/communications to/from/about a U.S. Person in your results.

That doesn’t seem particularly “incidental” to me. But, here’s the kicker. While with all the other forms of collection the NSA is told to stop, when it’s “incidental” they’re told:

This does not constitute a USSID SP008 violation, so it does not have to be reported in the IG quarterly.

Note that the IG report is the one that was revealed, listing all of the abuses. Yet, here they seem to be indicating that these “incidental” collections of information (and note that it’s not just “metadata” here, but full “communications” as well) aren’t a real problem. They’re told to “apply… minimization procedures” to limit the info on US persons, but we’ve already seen what a joke those minimization procedures can be.

As Gellman also notes in his report, it appears that the info collected “incidentally” here gets added to NSA databases and can be searched freely:

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

Just last week, it was discussed that there’s a “loophole” that, according to Senator Wyden, allows for “warrantless searches for the phone calls or emails of law-abiding Americans.” Who knows if this is that particular loophole, but it does seem like a fairly large loop. Just say it’s “incidental” and boom, search away.

Remember, the IG report also reveals that a “programming error” meant that a ton of phone calls placed from Washington DC were “intercepted” by the NSA (because someone typed in 202, DC’s area code, instead of 20, Egypt’s country code) — and that mistake wasn’t reported. That doesn’t seem “incidental” to me.

Another example:

In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.

Think about that for a second. Any communication that mentions both Ericsson and “radio” or “radar.” Just for the hell of it, I just did a search on my own email account for the terms “Ericsson” and “radio” and it came back with a ton of results, including 47 from just 2013. In just my mailbox. Many of those are from various wireless news letters or PR announcements, but still…

Filed Under: americans, incidental, loophole, nsa, nsa surveillance, us persons

NSA-To-English Dictionary: I Don't Think These Words Mean What You Think They Do

from the if-you-can-redefine-the-language dept

For the last few weeks I’d been meaning to write up a “dictionary” of how the NSA translates certain words, completely different from the way any other English speaker does, in order to argue that what it does with its surveillance programs is “legal” under the law. I hadn’t gotten around to it because every time I started, it seemed like there was more breaking news. Thankfully Jameel Jaffer and Brett Max Kaufman from the ACLU beat me to it, and put together a fantastic NSA lexicon, which highlights how the NSA has simply changed the meaning of many basic English words in order to argue that their efforts are, in fact, legal and above board. You can and should read the full and detailed explanations that Jaffer and Kaufman have put together for each word, but I’m going to take their same list and simplify it down a little. In bold is the word, and after it is what the NSA thinks it means.

* Surveillance: When we actually access full content of your calls and emails, but not when we access all the data about who you talk to, where you are and what you do. * Collect: When we run a search on data we ~~collected~~ er… “stored for safe keeping.” * Relevant: Everything. It might become relevant in the future, thus it’s relevant today. * Targeted: As long as we’re collecting the info for an investigation that involves a “target” then any info is “targeted” even if that info has nothing to do with the “target.” * Incidental: Everything that we collect… er… store that may become “relevant” at some point but isn’t now even though it’s “targeted.” In short: everything. * Inadvertent: Stuff we did on purpose on a massive scale that looks bad when exposed publicly. * Minimize: A term we use to pretend that we delete information on Americans, but which has many exceptions, including if you encrypted your communications or if we have a sneaking suspicion that you’re 51% foreign based on a hunch. * No: When said to Congress in response to questions about whether we collect data on millions of Americans, this means “fuck you.”

I would imagine there are a few more words that will need to be added at some point.

Filed Under: collect, definitions, incidental, laws, legality, minimization, nsa surveillance, relevance, surveillance, targeted