The National Security Agency on Tuesday released a report attempting to outline the privacy and civil liberty protections that go into the collections of signal intelligence under authority from a decades-old executive order, known as 12333.
The report, from the NSA Civil Liberties and Privacy Office, casts little new information, and the NSA admits its protections are limited because of the nature of its work.
“Because NSA has a national security mission, the principles of transparency and individual participation are not implemented in the same manner they are by organizations with a more public-facing mission,” the report states.
{mosads}The NSA Civil Liberties and Privacy Office was established in January following criticism of the agency stemming from revelations about secret surveillance programs leaked by Edward Snowden last year.
The office is separate from the independent federal Privacy and Civil Liberties Oversight Board, which released reports earlier this year on NSA surveillance. When the NSA posted a job listing for a privacy and civil liberties officer last year, some balked, saying that many times the position is used as another way to justify the programs.
“I can’t seem to find the part of the NSA Civil Liberties and Privacy Office report that slams the NSA for violating our civil liberties,” tweeted Chris Soghoian, the principal technologist at the American Civil Liberties Union.
The 12333 executive order, dating back to the Reagan era, has gained increased attention lately after the ACLU published documents that found it to be the authority that most governs NSA surveillance.
The order differs from other authority that governs collection of phone metadata in the United States, on which Congress has focused most. . The order authorizes the collection of electronic foreign communications. While Americans can’t be targeted without a court order, their information can be inadvertently swept up in other foreign investigations.
As disclosed previously, the new NSA report states that the information collected can be retained for up to five years before it has to be destroyed, unless there is a national security exception. The information can be retained longer if it is relevant to litigation.
In the new report, the NSA notes there is risk that the agency “could inadvertently collect data that is not related to the target.” It says automated systems guard against that and deletes “data it should not have received.” The agency also says it is transitioning to more modern cloud-based repositories to store the data.
When an American is identified as being incorrectly targeted during a specific foreign intelligence search, that information is deleted, according to the NSA.
“In the event an incorrect entity is targeted, all selectors associated with that entity must be removed from targeting and, if that entity is a U.S. Person, the data must be deleted from NSA system,” according to the document.
The report states that all analyst searches of signal intelligence “are documented” and they are required to record why certain queries are made.