New Documents Reveal NSA Improperly Collected Americans’ Call Records Yet Again

Compliance Violation Came Just Four Months After NSA Announced It Fixed “Root Problems” and Would Delete Over 600 Million Call Records

June 26, 2019 7:45 am

Media Contact
125 Broad Street
18th Floor
New York, NY 10004
United States

NEW YORK — The National Security Agency improperly collected Americans’ call records in October 2018, just four months after the agency publicly asserted it had fixed “root problems” that caused earlier failures to comply with the law, according to new government documents the American Civil Liberties Union released today. The documents also shed new light on the previous compliance violation that led to the NSA’s in May 2018 to begin purging over 600 million phone records, including that the agency relied on improperly collected information to seek approval for spying on one or more individuals.

The documents were obtained as part of an ACLU lawsuit and include previously undisclosed reports prepared by the NSA concerning the agency’s call record program, which the NSA uses to conduct large-scale surveillance and collection of Americans’ call records under Section 215 of the Patriot Act.

“These documents further confirm that this surveillance program is beyond redemption and a privacy and civil liberties disaster,” said Patrick Toomey, staff attorney with the ACLU’s National Security Project. “The NSA’s collection of Americans’ call records is too sweeping, the compliance problems too many, and evidence of the program’s value all but nonexistent. There is no justification for leaving this surveillance power in the NSA’s hands.”

In response to the new information in the reports, the ACLU sent a letter to the House Judiciary Committee urging it to end the call detail record authority under Section 215 of the Patriot Act. The ACLU is also calling on the committee to investigate and make public additional information about recent compliance violations.

Congress is expected to debate expiring Patriot Act provisions this year.

The NSA’s call record program has suffered repeated compliance violations. In June 2018, the agency announced that it had started deleting over 600 million call records after discovering an earlier violation. At the time, little information was provided to the public about the violation. The reports released today by the ACLU, however, show the NSA improperly collected Americans’ call records in November 2017 and February 2018, and that the 2018 compliance violation likely contributed to the agency’s decision to begin purging millions of call records. The government also concluded that the improper collections had a “significant impact on civil liberties and privacy.”

The records further show the NSA relied on the improperly collected information from the February 2018 violation to seek approval from the Foreign Intelligence Surveillance Court (FISC) to spy on individuals. The NSA later informed the FISC of this error, but the redacted report does not provide further information about whether this use of “inaccurate information” in “targeting requests” resulted in the improper surveillance of individuals. Moreover, the report does not indicate that any remedial action taken by the agency included notification to individuals whose information may have been improperly obtained as a result of the errors.

Another oversight report reveals that, on or around October 12, 2018, the NSA discovered it had once again obtained private information about Americans’ phone calls that the agency was not authorized to collect under Section 215. The NSA subsequently stopped collecting information from the communications provider in question, but resumed collection once the provider indicated that it had resolved the problem.

The timing of the October 2018 compliance violation is notable for two reasons. First, it came just four months after the agency announced it had remediated the “root cause of the problem” that led to earlier compliance violations. The fact that Americans’ call records were improperly collected just months later indicates that problems of the same or another kind persisted. Second, the October violation also comes around the same time that news reports indicate the NSA decided to shutter its call record program. The agency has not yet confirmed these reports or stated that it intends to permanently end the program.

The full impact of the October 2018 incident remains unclear, but the breadth and complexity of the NSA call records program may have compounded the effects of the errors. At the time of the oversight report, the NSA’s investigation to determine the privacy and civil liberties impact of the violation was still “open” and ongoing. The NSA’s quarterly report to the Intelligence Oversight Board for the first quarter of 2019 may contain further information about the October violation, but it was not included in the FOIA documents. The ACLU is filing a new Freedom of Information Act request to obtain that report.

The ACLU in March 2018 joined a coalition of nearly 40 groups including EFF, NAACP, Brennan Center, and National Immigration Law Center in a letter to the House Judiciary Committee urging the committee hold hearings over the reauthorization of Section 215 and other provisions of the Patriot Act. The letter also requested that the committee obtain and make public information critical to determining how surveillance authorities are being used and the impact they have on individuals’ rights.

The documents can be found here: /legal-document/nsa-foia-documents-quarterly-reports...

The ACLU’s letter to the House Judiciary Committee can be found here: /letter/aclu-letter-house-judiciary-committee-regard...