Confirmed: CIA, NSA, IRS collected and shared Americans' personal information
On a mission to detect untrustworthy employees, nearly 30 government agencies collected and shared the personal information of thousands of Americans, many of whom had no ties to the federal government.
A list of 4,904 people was created by US officials investigating two men for allegedly teaching people how to pass polygraph tests. This list was shared with agencies such as the Internal Revenue Service, the CIA, the Food and Drug Administration, and the National Security Agency (NSA), who then entered the names in their database. They are keeping the list in the event that one of the flagged individuals submits to a lie detector test for a federal job.
As McClatchy reports, however, a large number of names on the list belong to individuals who don’t work for the government. Some were firefighters, nurses, police officers, Rite Aid employees, American Red Cross employees, a cancer researcher, and more.
Many of the marked individuals never actually received instruction from the two polygraph instructors under investigation, nor did some even contact the suspected teachers, they merely bought a book or DVD from one of the men, and many wanted to pass a polygraph test for personal reasons rather than for employment purposes.
This data collection program doesn’t come anywhere close to the size of the tracking efforts carried out by the NSA, but some say it raises even more questions about the government’s ability to keep tabs on people who may not even be related to any ongoing investigation.
“This is increasingly happening – data is being collected by the federal government for one use and then being entirely repurposed for other uses and shared,” Fred Cate, an Indiana University-Bloomington law professor who specializes in information privacy and national security, said to McClatchy. “Yet there is no constitutional protection for sharing data within the government.”
In the wake of the Edward Snowden revelations, many federal agencies have been pressured to monitor their employees more closely, and officials told McClatchy that one reason for having such an extensive list is to help the government identify potential security violators.
As was noted in the article, it’s not clear how helpful beating a polygraph would be in this hunt. Snowden notably took two polygraph tests for his job at the NSA, and did not use any special technique to pass them.
The simple act of teaching polygraph-beating techniques is protected by the first amendment. However, federal prosecutors claim that doing so and submitting themselves to government tests amounts to obstruction.
So far, only one of the two men under investigation has been prosecuted. Indiana man, Chad Dixon, pled guilty to obstruction after he was caught on record advising undercover agents to keep secret the fact that they were learning polygraph techniques.
Although operational guidelines for federal agencies typically prohibit sharing the private data of non-government employees, the Pentagon and FBI both said this is allowed for law enforcement purposes. Neither commented specifically on the polygraph situation.
“The FBI routinely receives names of individuals from various law enforcement and criminal justice agencies to check previous criminal-history data or any other derogatory information that exists in our records,” said agency spokesman Paul Bresson to McClatchy. “After processing the names, we supply our results back to the submitting agency.”
Meanwhile, the New York Times reported Thursday that the CIA is “collecting bulk records of international money transfers handled by companies like Western Union.” The gathered data excludes transfers within the US or bank-to-bank transactions, officials told the Times.
The program operates under Patriot Act authority and is overseen by the Foreign Intelligence Surveillance Court.
Anonymous officials added that identities of any Americans from the data the CIA sees must be withheld, per rules governing the program, thus “requiring a tie to a terrorist organization before a search may be run, and mandating that the data be discarded after a certain number of years.”