NSA Collected More Records Than Court Allowed

  /     /     /  
Publicated : 22/11/2024   Category : security


NSA Collected More Records Than Court Allowed


New documents show the Foreign Intelligence Surveillance Court is stumped by the NSAs systemic overcollection.



The Electronic Privacy Information Center (EPIC)
has obtained documents
that show that the National Security Agency consistently violated some of the restrictions the Foreign Intelligence Surveillance Court (FISC) placed upon the NSAs Internet Metadata program.
Despite all the redactions, the documents make it evident that compliance officials did not provide adequate oversight, and that the NSA collected more information than it was authorized to collect, widely shared information with agents and agencies not authorized to view it, and tried to persuade the court to act outside its own authority and grant wider permissions than legislation would allow.
The details about what precisely
was
approved by the FISC are mostly redacted. Whatever they are, the NSA acquired more categories of information than it was permitted to acquire. However, the court seems to waver in its assessment of whether the NSA officials were just ignorant or willfully playing dumb.
From
the documents
:
As described by the government, the unauthorized collection resulted from failures to [REDACTED] in the manner required... By the governments account, the lack of required [REDACTED] did not result from technical difficulty or malfunction, but rather from a failure of those NSA officials who understood in detail the requirements... The government assessed the violations to have been caused by poor management, lack of involvement by compliance officials, and lack of internal verification procedures -- not by bad faith.
No matter the reason, the NSA committed what the court called systemic overcollection for years. Nearly every stored record included at least one piece of data the agency was not authorized to keep.
The government has said nothing about how the systemic overcollection was permitted to continue... On the record before the Court, the most charitable interpretation possible is that the same factors identified by the government [REDACTED] remained unabated in full effect: non-communication with the technical personnel directly responsible [REDACTED] resulting from poor management. However, given the duration of this problem, the oversight measures ostensibly taken since [REDACTED] to detect overcollection, and the extraordinary fact that NSAs end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired, it must be added that those responsible for conducting oversight at NSA failed to do so effectively.
The documents further state:
The Court had specifically directed the government to explain whether this unauthorized collection involved the acquisition of information other than the approved Categories... In response, the Deputy Secretary of Defense stated that the Director of NSA has informed me that at no time did NSA collect any category of information... other than the [REDACTED] categories of meta data approved... This assurance turned out to be untrue.
Regarding the information obtained through unauthorized collection, the Court ordered the government to describe whether it has been, or can be, segregated from information that NSA was authorized to collect, how the government proposes to dispose of it, and how the government proposes to ensure that [it] is not included ... in applications presented to this Court.
Upon review, the NSA decided that the collected data could
not
be sufficiently segregated. It simply eliminated access to the database altogether.
However, the NSA still wanted to access and use some of the records it had collected without authorization, asserting that the records were important to national security. The FISC was ultimately swayed by the governments assertions and therefore granted, albeit reluctantly, the right to access, use, and disseminate the overcollected information.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSA Collected More Records Than Court Allowed