Nothing to see here, move along: NSA praises itself for privacy, transparency

National Security Agency (NSA) in the Washington suburb of Fort Meade © Paul J. Richards
The National Security Agency just released its first ever transparency report, as required under last year’s law USA Freedom Act. The agency gave itself a glowing review, wrapping the actual extent of its snooping in dense bureaucratic language.

“The government has strengthened privacy safeguards by, among other things, ending the collection of telephone metadata in bulk, and having telecommunications providers, pursuant to court orders, hold and query the data,” said the report, which was compiled by the NSA’s Civil Liberties and Privacy Office (CLPO).

CLPO also said the NSA “identified and implemented policies, procedures, compliance safeguards, and metrics that minimize the civil liberties and privacy impact,” while enabling the agency to “demonstrate its good stewardship” of the authority given to the agency under the USA Freedom Act.

The report does shed some light on the NSA’s current domestic surveillance program, providing a flow chart of how the agency obtains approval to collect Call Data Records (CDR) on targeted phones, as well as all phone numbers once (“one-hop”) or twice (“two-hop”) removed.

According to the NSA’s internal privacy watchdog, the agency “satisfies” six out of eight “fair information practice principles,” namely listed as transparency, individual participation, purpose specification, data minimization, use limitation, data quality and integrity, security, and accountability and auditing.

Since actual transparency would require notifying individuals regarding the collection and use of their personally identifiable information, the report argued that “the robust public debate of the USA Freedom Act, as well as the Government's release of detailed information about NSA's implementation of the statute” were enough to “adequately address” the transparency principle.

Individual participation was outright impossible, the CLPO explained, since “direct individual participation thwarts the legitimate need to identify individuals engaged in international terrorism.”

Congress passed the suggestively named USA Freedom Act in June of 2015, following the scrutiny of NSA surveillance practices prompted by revelations from whistleblower Edward Snowden. Under its provisions, the NSA lost the ability to indiscriminately collect all metadata from US telephone traffic, among other things. That burden was shifted to the telecom companies, who became obligated to turn that information over to the NSA if presented with a court order.

However, the court in charge of those warrants is the same one that at the end of June granted the NSA’s request to continue the collections program under Section 215 of the Patriot Act for six more months, even though it had expired and was ruled “unconstitutional” by another panel of federal judges.

Also, the “reasonable, articulable suspicion” (RAS) used to justify a Foreign Intelligence Surveillance Court warrant “is the same legal standard used to implement the previous telephone metadata program under Section 215 of the USA PATRIOT Act,” the CLPO helpfully noted.

Those concerned about the internal privacy of their data within the structure of the NSA will be relieved to discover that sharing of information belonging to US persons “must be for a counterterrorism purpose or constitute evidence of a crime.” However, the NSA expects that the information it collects will “rarely, if ever,” be used “solely for a law enforcement purpose.”