Wacky NSA Slide Tells Agents Not To Worry About 'Incidental' Collection Of Info On Americans

from the keep-on-searching... dept

There are so many incredible bits and pieces in Barton Gellman's Washington Post expose on NSA abuse, that we've got a bunch of posts today digging deeper into various parts. For example, Gellman reveals a somewhat wacky presentation slide, complete with a palm tree graphic and with the somewhat folksy title:
Lesson 4: So you got a U.S. Person Information?
And then explains what to do about it. They're pretty clear that if you're directly targeting a US person, that's a problem (and it is, because that's illegal). If it's considered "inadvertent," then you also have to stop, write up an incident report and notify people. That sounds reasonable. But... then there's the "incidental" section. Here, incidental is described as:
You targeted a legitimate foreign entity and acquired information/communications to/from/about a U.S. Person in your results.
That doesn't seem particularly "incidental" to me. But, here's the kicker. While with all the other forms of collection the NSA is told to stop, when it's "incidental" they're told:
This does not constitute a USSID SP008 violation, so it does not have to be reported in the IG quarterly.
Note that the IG report is the one that was revealed, listing all of the abuses. Yet, here they seem to be indicating that these "incidental" collections of information (and note that it's not just "metadata" here, but full "communications" as well) aren't a real problem. They're told to "apply... minimization procedures" to limit the info on US persons, but we've already seen what a joke those minimization procedures can be.

As Gellman also notes in his report, it appears that the info collected "incidentally" here gets added to NSA databases and can be searched freely:
The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.
Just last week, it was discussed that there's a "loophole" that, according to Senator Wyden, allows for "warrantless searches for the phone calls or emails of law-abiding Americans." Who knows if this is that particular loophole, but it does seem like a fairly large loop. Just say it's "incidental" and boom, search away.

Remember, the IG report also reveals that a "programming error" meant that a ton of phone calls placed from Washington DC were "intercepted" by the NSA (because someone typed in 202, DC's area code, instead of 20, Egypt's country code) -- and that mistake wasn't reported. That doesn't seem "incidental" to me.

Another example:
In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.
Think about that for a second. Any communication that mentions both Ericsson and "radio" or "radar." Just for the hell of it, I just did a search on my own email account for the terms "Ericsson" and "radio" and it came back with a ton of results, including 47 from just 2013. In just my mailbox. Many of those are from various wireless news letters or PR announcements, but still...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: americans, incidental, loophole, nsa, nsa surveillance, us persons


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 16 Aug 2013 @ 3:55am

    Just for the hell of it, I just did a search on my own email account for the terms "Ericsson" and "radio" and it came back with a ton of results, including 47 from just 2013.

    Obviously you are a terrorist selling weapons to.. Pakistan?

    link to this | view in thread ]

  2. icon
    RyanNerd (profile), 16 Aug 2013 @ 4:16am

    Oh incidentally...

    You're under arrest.

    link to this | view in thread ]

  3. identicon
    Michael, 16 Aug 2013 @ 5:07am

    Between the plam tree and the rather poor English in this slide, I would have to say that the person who drafted this presentation is only producing "adequate work quality"

    http://www.techdirt.com/articles/20130807/15104624103/government-considers-dissatisfacti on-with-us-policies-to-be-high-threat.shtml

    link to this | view in thread ]

  4. identicon
    The Real Michael, 16 Aug 2013 @ 5:13am

    I believe this is a PR stunt, that they're intentionally lying to the public. Only if they intended to profile as many people as possible would they have need for a huge database.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 16 Aug 2013 @ 5:16am

    It does seem incomplete to talk about 'incidental' information without mentioning the guidance provided concerning the 'minimization' policy.

    link to this | view in thread ]

  6. identicon
    FM Hilton, 16 Aug 2013 @ 5:33am

    Governmental idiocy

    It's only a Powerpoint presentation because they figure if they can't read it, we can't either.

    link to this | view in thread ]

  7. identicon
    horse with no name, 16 Aug 2013 @ 5:33am

    trolled

    OMG. Techdirt got trolled... you know that isn't a real slide, right?

    link to this | view in thread ]

  8. icon
    Mark Harrill (profile), 16 Aug 2013 @ 5:52am

    System working as designed


    Remember, the IG report also reveals that a "programming error" meant that a ton of phone calls placed from Washington DC were "intercepted" by the NSA (because someone typed in 202, DC's area code, instead of 20, Egypt's country code) -- and that mistake wasn't reported. That doesn't seem "incidental" to me.




    When programming applications, if data validation isn't included its not an accident, its either by design or lack of funds. In this case, the NSA probably spec'd the system to be as free from restriction as possible so agents have maximum flexibility in running their searches. Therefore the program was never intended to be restrictive and subject to oversight, instead the NSA planned the system to be as permissive as possible. Also, agents have to report the "accidental" search results, how come the system isn't automatically finding these kind of results and creating a report? Sickening...

    link to this | view in thread ]

  9. This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 16 Aug 2013 @ 6:13am

    Mike, Google has already fully indexed your email!

    "I just did a search on my own email account" -- Your italicized notion that it's "your own" is laughable! After you re-wrote the story jeering at those who object to Google arguing there's no expectation of privacy!

    By focus on NSA you're tacitly telling us "not to worry" about Google. But what's the diff between the NSA's unconcern about privacy and your unconcern regarding Google except for scale?

    Losing privacy for the benefit of "commercial" entities doesn't reduce the damage of that loss.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 16 Aug 2013 @ 6:29am

    Re: Mike, Google has already fully indexed your email!

    But what's the diff between the NSA's unconcern about privacy and your unconcern regarding Google except for scale?


    Consent.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 16 Aug 2013 @ 6:40am

    What the hell is up with the tiki-themed slide? NSA goes Gilligan's Island.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 16 Aug 2013 @ 6:43am

    Re:

    We like to have fun here.

    link to this | view in thread ]

  13. icon
    lfroen (profile), 16 Aug 2013 @ 6:56am

    Re: Mike, Google has already fully indexed your email!

    Ah, It's you again. Let's say for argument sake that Mike, indeed, is Google employee. Now what?
    Yes, he won't tell bad things about them. Never ever. Now, unless YOU want to employ him - can you shut the fuck up, please.
    Since I don't live in US, I don't really care about this NSA scandal. And yes, Google scanning all emails for commercial purposes. Don't care either.
    When I have something to hide - I don't post in on Facebook and don't send it over email.

    link to this | view in thread ]

  14. icon
    Rikuo (profile), 16 Aug 2013 @ 9:07am

    Re: Re: Mike, Google has already fully indexed your email!

    Short, sweet, and to the point. I like your answer.

    link to this | view in thread ]

  15. icon
    That One Guy (profile), 16 Aug 2013 @ 9:10am

    Re:

    Isn't that kind of a given at this point? I doubt even the NSA's frontmen believe the crap they are trying to pass off as truth these days, it's pretty freakin' obvious that they are either intentionally making a database on american citizens, or just don't care if they 'happen' to do so by 'accident'.

    link to this | view in thread ]

  16. icon
    Mike Masnick (profile), 16 Aug 2013 @ 9:41am

    Re:

    It does seem incomplete to talk about 'incidental' information without mentioning the guidance provided concerning the 'minimization' policy.

    You're right. Which is why we did mention it.

    Did you not read the post?

    link to this | view in thread ]

  17. identicon
    Reintika Putri, 6 Dec 2013 @ 9:37pm

    helpfull

    Thank you for your article about the NSA Wacky Slide Tells Agents Not To Worry About 'incidental' Collection Of Info On Americans helped me in solving my task.

    link to this | view in thread ]

  18. identicon
    Reintika Putri, 6 Dec 2013 @ 9:40pm

    helpfull

    Thank you for your article about the NSA Wacky Slide Tells Agents Not To Worry About 'incidental' Collection Of Info On Americans helped me in solving my task.

    4 Presentation

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.