Did the NSA Director mislead hackers about NSA compliance problems?

August 16, 2013

NSA DIrector General Keith B. Alexander (Isaac Brekken/AP)

President Obama isn't the only one whose assurances of proper behavior by the National Security Agency (NSA) were called into question in the wake of the Washington Post's release of a leaked internal NSA audit Thursday night.

Speaking before a room of hackers and security professionals at a Black Hat in Las Vegas this summer, NSA Director Keith B. Alexander denied that there were any problems with the NSA snooping programs and cited oversight by the Senate Select Committee on Intelligence to verify that point:

Congress did a review of this program over a four-year period, the Senate Select Committee on Intelligence. And over that four-year period, they found no willful
or knowledgeable violations of the law or the intent of the law in this program.

More specifically, they found no one at NSA had ever gone outside the boundaries of what we’ve been given. That’s the fact. What you’re hearing, what you’re seeing, what peopleare saying is, well, they could. The fact is they don’t. And if they did, our auditing tools would detect them, and they would be held accountable.

Our colleague Barton Gellman's reporting revealed that in October 2011 the Foreign Intelligence Surveillance Act (FISA) Court ruled an NSA process collecting data from fiber optic cables was “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion. It ordered the NSA to comply with standard privacy protections or stop the program. This appears to directly contradict Alexander's claim that "no one at NSA had ever gone outside the boundaries" of their authority.

The Post's reporting on the NSA audit also noted that on at least one occasion a major compliance problem was not reported further up the audit chain. In a separate story, the leader of the FISA Court -- which President Obama has cited as a source of transparency in the surveillance programs -- said it does not have the capacity to verify the contents of the audit reports it receives from the NSA.

Alexander's claim that the Intelligence Committees didn't find any NSA wrongdoing may be technically true. But that's only because Congress appears to not have been fulling briefed on the NSA's compliance record. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) reportedly did not receive a copy of the 2012 NSA audit released by Gellman until The Post asked her staff about it. Upon seeing the audit, a statement from her staff said that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.
Comments
Show Comments
Most Read Business
Next Story
Brian Fung · August 16, 2013