NSA data center at Camp Williams near Bluffdale, Utah
In 2017, the NSA had a banner year of spying on Americans, managing to collect three times the number of call records than it did in the previous year. Now, it says there were some "technical irregularities" that resulted in it sucking up data the agency is not allowed to have. Its troubling solution is just to delete all call detail records it's collected since 2015.
On Thursday, the NSA released a statement saying that it began "deleting all call detail records (CDRs) acquired since 2015 and in May because "several months ago NSA analysts noted technical irregularities in some data received from telecommunications service providers." While the NSA still retains broad surveillance powers through the Foreign Intelligence Surveillance Act (FISA), the Freedom Act of 2015 modified procedures so that it had to go to private telecom companies with a court order to request CDRs on a case-by-case basis, as opposed to the virtually limitless collection of call metadata it employed prior to revelations by former NSA subcontractor Edward Snowden. But surveillance, uh, finds a way.
In typical NSA fashion, it's not going into details about exactly what technical irregularities caused it to collect "some CDRs that [it] was not authorised to receive." It did say it was "infeasible" to sort out which records were collected following proper procedures and which ones were not. It's the kind of inevitable situation an agency will find itself in when it targets just 40 individuals and ends up storing the records of 534 million US phones.
The NSA's statement goes to great lengths to emphasise its commitment to "transparency" and to reiterate that it doesn't collect the "the content of any calls." But the metadata that it collects on phone records can be pieced together to reveal far more about a person than a casual conversation on the phone. And as we saw with the recent Supreme Court ruling on location-data tracking by police, the courts are starting to wake up to the clear violation of the fourth amendment this kind of collection can be.
While the NSA claims the "root cause of the problem has since been addressed for future CDR acquisitions," its method of nuking the records of its surveillance mistakes could face pushback from privacy advocates. The NSA has a bit of a binge-and-purge approach to its data collection tactics that it's previously been scolded over. In January, it admitted that it had destroyed records of internet communications it intercepted between 2001 and 2007 despite a court order barring it from doing so while various lawsuits are pending. It also destroyed backup records on three different occasions and never implemented some of the procedures it told a federal court it would take to preserve the records.
The NSA's "technical irregularities" claim is reminiscent of the FBI's assertion in May that "programming errors" caused it to wildly inflate the number of encrypted phones it couldn't access in various criminal cases. It makes you wonder why we're trusting these agencies with all this information if they're as incompetent as they claim to be.