NSA 'systematically violated' safeguards for phone surveillance program, declassified opinion says
The National Security Agency “systematically violated” a surveillance court’s privacy safeguards for almost three years in searches of phone records, according to a declassified 2009 opinion released on Tuesday.
U.S. District Judge Reggie Walton, now presiding judge of the Foreign Intelligence Surveillance Court, set limits on the program in the 2009 opinion, report the Wall Street Journal, the Washington Post, the New York Times, Bloomberg News and the Guardian. Walton was appointed to the court in 2007 and elevated to presiding judge in February 2013, according to this bio.
The court’s privacy safeguards “have been so frequently and systematically violated,” Walton wrote, that they “never functioned effectively.”
The documents were released in response to a lawsuit by the American Civil Liberties Union and the Electronic Frontier Foundation. This press release has more information.
The phone surveillance program was developed through a provision of the Patriot Act that allows collection of business records “relevant to an authorized investigation,” the Wall Street Journal explains. The NSA collects phone numbers dialed, but not the content of the calls. Records of virtually every phone call in the United States are collected and stored for five years, according to the Times.
According to the documents released Tuesday, the NSA compares the phone call records collected each day with an “alert list” of phone numbers possibly linked to terrorism. The NSA must have a “reasonable, articulable suspicion” that the alert list numbers are linked to terrorism.
But only about 10 percent of the 17,800 numbers on the alert list met the standard, the NSA revealed to the court, spurring the 2009 opinion. “The government has compounded its noncompliance with the court’s orders by repeatedly submitting inaccurate descriptions of the alert list process” to the court, Walton wrote.
The NSA had explained its error to the court in a declaration that said “from a technical standpoint, there was no single person who had a complete understanding of the BR [Business Records] metadata architecture.”