NSA internal watchdog defends agency's privacy practices

The agency's collection of U.S. communications has privacy controls in place, a report says

The U.S. National Security Agency takes multiple steps to protect the privacy of the information it collects about U.S. residents under a secretive surveillance program, according to a report from the agency's privacy office.

Surveillance under presidential Executive Order 12333, which dates back to 1981, generally sets the ground rules for the NSA's overseas surveillance. It allows the agency to keep the content of U.S. citizens' communications if they are collected "incidentally" while the agency is targeting overseas communications.

But the surveillance of U.S. residents is conducted with several privacy safeguards in place, ensuring that the NSA collects the right information from the right targets and does not share the collected information inappropriately, according to the NSA Civil Liberties and Privacy Office report, released Tuesday.

NSA safeguards include privacy training for every employee, an oath of office that requires all employees to protect privacy and civil liberties and privacy oversight by six internal organizations, including the office that prepared Tuesday's report.

Consistent communication from NSA leadership on protecting privacy "has resulted in a work force that respects the law, understands the rules, complies with the rules, and is encouraged to report problems and concerns," the report said. "NSA takes several steps to ensure that each individual who joins its ranks understands from the first day on the job that civil liberties and privacy protection is a priority and a key personal responsibility."

The privacy safeguards inside the agency don't make up for a lack of "robust" judicial and congressional oversight of the program, the American Civil Liberties Union said. Oversight from both of those branches of government "are all but entirely lacking when it comes to surveillance under this order," Patrick Toomey, an ACLU staff attorney, said by email. "Rather, these rules can be changed by executive officials unilaterally and in secret, as they have been in the past."

The report doesn't address the privacy issues related to the NSA's separate bulk collection programs, "which means it leaves aside some of the NSA's most indiscriminate surveillance programs," Toomey added.

Targeted 12333 surveillance is separate from the so-called "bulk" collection programs disclosed by former NSA contractor Edward Snowden, including the NSA's collection of most U.S. telephone records and its collection of the online communications of foreigners allegedly connected to terrorism activities.

The NSA has not disclosed how many U.S. communications it has collected under its 12333 program, but a 2007 document released last month by the ACLU, obtained through a Freedom of Information Act request, describes the surveillance program as the "primary source of the NSA's foreign intelligence gathering authority."

It's "heartening" that the NSA has some privacy protections in place, but "significant concerns" remain, said Robyn Greene, policy counsel at think tank New America Foundation's Open Technology Institute.

"The report does not discuss any privacy protections that are applied to the NSA's bulk collection programs ... and it fails to address privacy protections applied to non-U.S. persons' information," she said by email.

Greene called on the NSA to "still be more transparent about the scope and privacy impacts of its targeted and bulk collection programs." The agency cannot be fully transparent about its 12333 surveillance because of national security concerns, the report said.

The NSA Civil Liberties and Privacy Office report details the privacy protection programs the agency has in place without listing any potential breaches in privacy protocols at the agency. The report lists several privacy risks in the NSA's surveillance of U.S. residents under the executive order, but then follows the risks with lists of privacy safeguards at the agency.

A potential risk in targeting people for surveillance is that the wrong people will be targeted, the report said. NSA safeguards allow only properly training employees to use the targeting system, require that a supervisor or senior analyst approve targeting requests, and require the agency to delete any information from incorrectly targeted people, the report said.

Asked why the report doesn't address whether there have been any violations of the agency's privacy protocols, an NSA spokesman said the purpose of the report was to examine the NSA's privacy practices against widely accepted fair information practice principles.

"The report makes valuable contributions to the agency's mission of enhancing transparency and contributing to the ongoing public dialogue on national security and privacy," NSA spokesman Michael Halbig said by email.

Halbig defended the NSA's 12333 surveillance by saying the agency follows the legal authority set out in the executive order and the U.S. attorney general. He declined to say how many surveillance targets the NSA has under 12333 authority.

The report doesn't address the privacy safeguards the agency has in place for foreigners targeted under 12333. In January, President Barack Obama directed U.S intelligence agencies to establish privacy protections for all information they collect, and the agency is still working on ways to apply that directive to the privacy of people living outside the U.S., the report said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags New America FoundationtelecommunicationRobyn GreeneU.S. National Security AgencygovernmentBarack ObamainternetprivacyMichael HalbigPatrick ToomeyAmerican Civil Liberties UnionsecurityEdward Snowden

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?