NSA internal watchdog defends agency's privacy practices

The agency's collection of U.S. communications has privacy controls in place, a report says

The U.S. National Security Agency takes multiple steps to protect the privacy of the information it collects about U.S. residents under a secretive surveillance program, according to a report from the agency's privacy office.

Surveillance under presidential Executive Order 12333, which dates back to 1981, generally sets the ground rules for the NSA's overseas surveillance. It allows the agency to keep the content of U.S. citizens' communications if they are collected "incidentally" while the agency is targeting overseas communications.

But the surveillance of U.S. residents is conducted with several privacy safeguards in place, ensuring that the NSA collects the right information from the right targets and does not share the collected information inappropriately, according to the NSA Civil Liberties and Privacy Office report, released Tuesday.

NSA safeguards include privacy training for every employee, an oath of office that requires all employees to protect privacy and civil liberties and privacy oversight by six internal organizations, including the office that prepared Tuesday's report.

Consistent communication from NSA leadership on protecting privacy "has resulted in a work force that respects the law, understands the rules, complies with the rules, and is encouraged to report problems and concerns," the report said. "NSA takes several steps to ensure that each individual who joins its ranks understands from the first day on the job that civil liberties and privacy protection is a priority and a key personal responsibility."

The privacy safeguards inside the agency don't make up for a lack of "robust" judicial and congressional oversight of the program, the American Civil Liberties Union said. Oversight from both of those branches of government "are all but entirely lacking when it comes to surveillance under this order," Patrick Toomey, an ACLU staff attorney, said by email. "Rather, these rules can be changed by executive officials unilaterally and in secret, as they have been in the past."

The report doesn't address the privacy issues related to the NSA's separate bulk collection programs, "which means it leaves aside some of the NSA's most indiscriminate surveillance programs," Toomey added.

Targeted 12333 surveillance is separate from the so-called "bulk" collection programs disclosed by former NSA contractor Edward Snowden, including the NSA's collection of most U.S. telephone records and its collection of the online communications of foreigners allegedly connected to terrorism activities.

The NSA has not disclosed how many U.S. communications it has collected under its 12333 program, but a 2007 document released last month by the ACLU, obtained through a Freedom of Information Act request, describes the surveillance program as the "primary source of the NSA's foreign intelligence gathering authority."

It's "heartening" that the NSA has some privacy protections in place, but "significant concerns" remain, said Robyn Greene, policy counsel at think tank New America Foundation's Open Technology Institute.

"The report does not discuss any privacy protections that are applied to the NSA's bulk collection programs ... and it fails to address privacy protections applied to non-U.S. persons' information," she said by email.

Greene called on the NSA to "still be more transparent about the scope and privacy impacts of its targeted and bulk collection programs." The agency cannot be fully transparent about its 12333 surveillance because of national security concerns, the report said.

The NSA Civil Liberties and Privacy Office report details the privacy protection programs the agency has in place without listing any potential breaches in privacy protocols at the agency. The report lists several privacy risks in the NSA's surveillance of U.S. residents under the executive order, but then follows the risks with lists of privacy safeguards at the agency.

A potential risk in targeting people for surveillance is that the wrong people will be targeted, the report said. NSA safeguards allow only properly training employees to use the targeting system, require that a supervisor or senior analyst approve targeting requests, and require the agency to delete any information from incorrectly targeted people, the report said.

Asked why the report doesn't address whether there have been any violations of the agency's privacy protocols, an NSA spokesman said the purpose of the report was to examine the NSA's privacy practices against widely accepted fair information practice principles.

"The report makes valuable contributions to the agency's mission of enhancing transparency and contributing to the ongoing public dialogue on national security and privacy," NSA spokesman Michael Halbig said by email.

Halbig defended the NSA's 12333 surveillance by saying the agency follows the legal authority set out in the executive order and the U.S. attorney general. He declined to say how many surveillance targets the NSA has under 12333 authority.

The report doesn't address the privacy safeguards the agency has in place for foreigners targeted under 12333. In January, President Barack Obama directed U.S intelligence agencies to establish privacy protections for all information they collect, and the agency is still working on ways to apply that directive to the privacy of people living outside the U.S., the report said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags New America FoundationtelecommunicationRobyn GreeneU.S. National Security AgencygovernmentBarack ObamainternetprivacyMichael HalbigPatrick ToomeyAmerican Civil Liberties UnionsecurityEdward Snowden

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?