Navy Officer Working For The NSA Caught Trying To Search Her Boyfriend's Son's Phone

from the self-starter-goes-for-illegal-snooping-right-out-of-the-gate dept

The NSA often makes statements following document leaks about its undying interest in protecting the rights of Americans, no matter how much might be swept up intentionally/incidentally by its surveillance programs. Undoubtedly, there is some sincerity in this statement. But the following story, based on information liberated by a Jason Leopold FOIA request, shows the NSA can be sincere about its desire to protect Americans' privacy while still doing very little to uphold that ideal.

A Navy officer stationed in Iraq “deliberately and without authorization” used an NSA database to try to pry into the mobile phone of her boyfriend’s son, according to a top secret NSA inspector general report obtained by BuzzFeed News.

The NSA discovered the violation about a month after it happened. The officer was undergoing training and had already taken two courses pertaining to the search and use NSA collections. But when this violation occurred, she had been given full access to NSA data stores to complete her final course.

During a training exercise, she entered her boyfriend’s son’s telephone number into a search field and tried to access data covering the span of a month on the prepaid telephone number. That phone was also used by other members of her boyfriend’s family, the report said.

But the officer had an excuse: according to the report [PDF], she said it was the "only telephone number she could think of at the time." The Inspector General found this excuse to be dubious at best.

"She could not explain why this telephone number came to mind instead of her own telephone number or any other number."

Now, here's where we get to the NSA's professed respect for Americans' Fourth Amendment rights. The level of respect will vary from person to person. Obviously, the Navy officer had zero respect for her boyfriend's son's rights. More troubling, her instructor apparently felt this violation wasn't a big deal.

When she entered the phone number, the system displayed a "bright red warning sign." This scared the officer but her instructor's response showed little concern about the violation the officer was attempting to engage in.

[H]er trainer, an Army officer, told her “not to worry” and to just clear out the various search fields on the database.

Neither the Navy officer nor her trainer reported the incident.

The NSA discovered the violation during an audit and reported it. This is good, but it's also limited to what the NSA chooses to report.

The Inspector General has noted in the past it is limited in its oversight abilities by the NSA and its reporting systems. The IG often has trouble compiling the information needed to make a determination about potential violations and there have been times where the NSA has actually destroyed information the IG has needed for investigations.

Much of what we know about the NSA's violations is self-reported. But this relies on the agency being forthcoming -- something it's not particularly known for. The gap between what's discovered and what's handed over by the agency has been noticed by its Congressional oversight and the FISA court. The latter, in particular, has noted the agency often delivers notification of violations months or years after the violations occur and has been routinely unwilling to clarify technical issues when discussing violations with the court.

In this case, the Navy officer claimed the violation was an "accident" that occurred during training. The Inspector General's office, however, viewed it as a deliberate misuse of highly-sensitive data. It appears the NSA sided with the officer. The only "punishment" handed out was another round of training. So, when the NSA claims it's doing everything it can to protect Americans from unlawful surveillance, it's a half-truth at best. If it was doing everything it could, it would have pushed this officer out of the rotation and replaced her with someone more likely to uphold the ideals the NSA claims it holds.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: audits, nsa, spying, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    ThaumaTechnician (profile), 1 Dec 2017 @ 10:54am

    The son was displaying the indicia of terrorists.

    Y'know the one: breathing in and out. So she had to investigate.

    link to this | view in thread ]

  2. icon
    Ninja (profile), 1 Dec 2017 @ 11:00am

    Re: The son was displaying the indicia of terrorists.

    It's kinda sad when you joke but it doesn't sound funny because we were joking about NSA abusive, unconstitutional surveillance not too long ago...

    Still, have my funny vote.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 1 Dec 2017 @ 11:21am

    selective enforcement

    When these disciplinary actions happen, it's usually because the person is already on someone's shitlist and they're just waiting for the first opportunity to write this person up.

    link to this | view in thread ]

  4. icon
    JoeCool (profile), 1 Dec 2017 @ 11:21am

    Maybe plausible

    "She could not explain why this telephone number came to mind instead of her own telephone number or any other number."

    I can't remember my own number (I keep it on a slip of paper in my wallet) because I never call it. I don't remember friend's numbers because they're in my contact list. I can easily see this as being one of the only numbers she could recall if she had been there when they got the phone, or if she had to call that phone without contact info.

    link to this | view in thread ]

  5. icon
    tom (profile), 1 Dec 2017 @ 11:28am

    From the NSA report pdf, the phone was used by her boyfriend's son, boyfriend, her daughter, and her sister.

    I can believe that if that many folks that she knew and likely lived with used the same phone, it would be a number easily recalled.

    I don't remember my cell number, never call it.

    The NSA training class should either provide a list of approved training test numbers or an instruction to use a number ONLY used by the trainee.

    link to this | view in thread ]

  6. icon
    TheResidentSkeptic (profile), 1 Dec 2017 @ 11:38am

    And Why...

    ... was the US citizens phone information in the NSA database in the first place? Oh yeah... ALL phones EVERYWHERE are monitored, tracked, traced, and logged.

    link to this | view in thread ]

  7. icon
    Roger Strong (profile), 1 Dec 2017 @ 11:40am

    When she entered the phone number, the system displayed a "bright red warning sign."

    "Cell phone located. Tasking MQ-9 Reaper, armament two GBU-12 Paveway II bombs, two AGM-114 Hellfire II missiles. ETA twenty-seven minutes."

    [H]er trainer, an Army officer, told her “not to worry” and to just clear out the various search fields on the database.

    "Defaulting to nearest Verizon device."

    Neither the Navy officer nor her trainer reported the incident.

    The problem was later reported to Verizon customer support, and logged as a probable exploding 3rd-party battery.

    link to this | view in thread ]

  8. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 1 Dec 2017 @ 11:40am

    Sheesh, minion. Internets full of scandal, and you run this?

    You (ALL but "Tom" so far!) somehow skip over this one key point: TRAINING.

    Google violates my privacy more than this every day.

    And doesn't get to do a tenth of what wants.

    This week tried to get a manual for an old monitor with odd features.

    Soon ran into javascript / captcha by guess who? Yes, 3rd party: Google Analytics.

    So I got no manual. If don't agree to the surveillance, the web is more restricted every day.

    And what right has Google, the NSA's commercial front, to surveil me? ... NONE! Just can get away with it, for now.

    ---
    Oh, did I wander off this DULL topic? Well, I'm aware of that, so now YOU can show interest in it by long detailed comment ON-topic!

    link to this | view in thread ]

  9. icon
    Roger Strong (profile), 1 Dec 2017 @ 12:16pm

    Re: Sheesh, minion. Internets full of scandal, and you run this?

    The US government can use that information to arrest you, lie to the judge and your family about your location, search your house and seize your electronics.... thanks to confirmation bias based on vague data.

    If you're not a US citizen they can ship you to another country and torture you for months or years before releasing you with an "er, never mind."

    Google can't do that just yet.

    link to this | view in thread ]

  10. icon
    Anonymous Anonymous Coward (profile), 1 Dec 2017 @ 12:24pm

    Re: Sheesh, minion. Internets full of scandal, and you run this?

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 1 Dec 2017 @ 12:28pm

    The son now can surf for all the hardcore furry scat ass to mouth donkey on sheep on squirrel lubricant action he wants and she'd be too scared to even mention it even if she saw the squirrelgasms on screen, for fear people would think she's been spying again!

    link to this | view in thread ]

  12. identicon
    peter, 1 Dec 2017 @ 12:40pm

    Well I never

    Spy getting taught how spys can spy did not realise that spys get spy'd on.

    link to this | view in thread ]

  13. icon
    Roger Strong (profile), 1 Dec 2017 @ 12:46pm

    Re:

    I'm not overly offended by the imagery in your post, but...

    even if she saw the squirrelgasms on screen

    ...the imagined audio for this one is too much.

    link to this | view in thread ]

  14. icon
    That Anonymous Coward (profile), 1 Dec 2017 @ 2:15pm

    It's almost like there is an atmosphere where they know there are rules, but even the bright red warning results in a just delete stuff and keep going. Rules without meaningful punishment are worthless. Creating "good faith" exceptions so they have an out that must be accepted worked out so well with police.

    We have to stop pretending that because we declare they are wearing white hats, that we don't need to keep an eye on them. Being a good guy doesn't force you to follow all of the rules, but giving them the benefit of the doubt over and over shows them they can get away with most anything because they are one of the "good guys".

    link to this | view in thread ]

  15. identicon
    carlb, 1 Dec 2017 @ 5:23pm

    Squirrelgasms?

    /me instinctively tries to hide his nuts against the impending squirrelly invasion...

    link to this | view in thread ]

  16. icon
    Nurlip (profile), 1 Dec 2017 @ 5:51pm

    Not that I think this is ok but she is a person and was in training.. from the trainings I've been in (not NSA training, just normal people training) the pace is way, way slow and I prefer to learn on my own anyways so I usually zone out once I can actually get into the system and learn on my own. The example numbers that the training text (hopefully) probably provided were going to be given out later and she just used the first number that came to mind.
    On the positive side: the system did flash red warnings presumably bc the number was either that of a US citizen and/or not on a 'watch list' or both. It is good to know that privacy invasion is not ok for just anyone to do at the NSA. You have to at least pass the privacy invasion training first. Safeguards.
    But seriously, this is more safeguards than I expected given what I've been reading about for years. And Trump.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 1 Dec 2017 @ 10:53pm

    The heroes of MyNameHere and out_of_the_blue, ladies and gentlemen. Surveillance is great when the government, the NSA and the RIAA do it, but anyone else and it's suddenly the devil's work.

    link to this | view in thread ]

  18. identicon
    David, 2 Dec 2017 @ 3:43am

    Re: Re: The son was displaying the indicia of terrorists.

    Still, have my funny vote.

    It would be too depressing to admit to "Insightful". "Funny" it is.

    Ha ha. What a riot.

    link to this | view in thread ]

  19. identicon
    David, 2 Dec 2017 @ 11:39am

    So who should she have spied upon?

    For completing her course, she had to snoop on someone's cellphone with her advisor looking over her shoulder.

    She chose a minor in her own household, as someone whose phone number she knew. Who should she have chosen? Herself, making open her own communications to her advisor? She chose a number she knew, of a person in her household that could not be held accountable as a minor. And she would have been in a position to make amends, too.

    Whose Fourth Amendment rights would you rather have wanted to see violated?

    Frankly, I find her personal choice much more defensible than that she was made to choose in the first place.

    link to this | view in thread ]

  20. identicon
    Chuck, 2 Dec 2017 @ 12:23pm

    Re: So who should she have spied upon?

    Yes, herself. Anyone and everyone has the right to violate their own rights at will, any time, anywhere. If she could not remember her own phone number, she need only look in the phone. Settings > About or something along those lines. If she does not know how to find her own phone number in her own cell phone, she is NOT qualified to snoop on anyone else's phone.

    So yes, herself. If she is so worried about what her instructor would see on her own phone, perhaps she should take a moment to reflect upon what she is training to do for a living. If doing so would make her feel violated, perhaps she should consider exactly how violated ANYONE else would feel.

    And idk, maybe go shoot guns at terrorists or something, She IS already in the navy after all. They always need more guys (or gals) with guns. If she's not the murder-y type, she could be a cook. Or a medic. Or a thousand other things. The Navy's own TV and print marketing has been trying to sell people for 2+ DECADES on the idea that there are literally 300+ non-combat jobs available in the Navy. She could pick ANY of the other 299 if violating people's privacy - hers or anyone else - is uncomfortable to her.

    But spying on ANY third-party without consent, including her boyfriend's son (which, as he is her boyfriend, not her husband, isn't even a family member) is unacceptable.

    link to this | view in thread ]

  21. icon
    yankinwaoz (profile), 4 Dec 2017 @ 9:19am

    No seeded data to test with

    So they don't have test data seeded into their production database that they can use for training? Why can't they have a Mickey Mouse account?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.