“The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, U.S. District Judge Reggie B. Walton, said in a written statement to The Washington Post. “The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.”
Walton’s comments came in response to internal government records obtained by The Post showing that National Security Agency staff members in Washington overstepped their authority on spy programs thousands of times per year. The records also show that the number of violations has been on the rise.
The court’s description of its practical limitations contrasts with repeated assurances from the Obama administration and intelligence agency leaders that the court provides central checks and balances on the government’s broad spying efforts. They have said that Americans should feel comfortable that the secret intelligence court provides robust oversight of government surveillance and protects their privacy from rogue intrusions.
President Obama and other government leaders have emphasized the court’s oversight role in the wake of revelations this year that the government is vacuuming up “metadata” on Americans’ telephone and Internet communications.
“We also have federal judges that we’ve put in place who are not subject to political pressure,” Obama said at a news conference in June. “They’ve got lifetime tenure as federal judges, and they’re empowered to look over our shoulder at the executive branch to make sure that these programs aren’t being abused.”
Privacy advocates and others in government have voiced concerns about the ability of overseers to police secret programs of immense legal and technological complexity. Several members of the House and Senate intelligence committees told The Post last week that they face numerous obstacles and constraints in questioning spy agency officials about their work.
In 2009, for example, a Justice Department review uncovered a major operational glitch that had led to a series of significant violations of the court’s order and notified the court, according to records that were declassified July 31 by the Office of the Director of National Intelligence.
The government described the problem as one of “over-
collection” of metadata records for U.S. phone calls.
In September 2009, NSA Director Keith B. Alexander made a presentation to the FISA court about the agency’s effort to remedy the problem.
“FISA Court placed several restrictions on aspects of the business records collection program until the compliance processes were improved to its satisfaction,” the memo stated.
The public summaries of the violations do not say how long the problem went undetected and unreported to the court, or what information was improperly gathered by the agency’s automated collection systems.
“The problems generally involved the implementation of highly sophisticated technology in a complex and ever-changing communications environment which, in some instances, results in the automated tools operating in a manner that was not completely consistent with the specific terms of the Court’s orders,” according to unredacted portions of a December 2009 memo provided to the Senate and House intelligence committees.
Two people familiar with the 2009 flaw said that the agency was collecting more “fields” of information from the customer records of telephone companies than the court had approved. The NSA declined to answer questions about the event.
One senior intelligence official, who was authorized by the White House to speak on the condition of anonymity, described the 2009 incident as a “major event” that prompted the agency to dramatically increase its compliance staff.
“We uncovered some disconnects between us and our overseers, disconnects between what we had put in documentation, the way we had described things in documentation,” the official said.
Although the violation was unintentional, the official said, “it wasn’t always the easiest of discussions” with the court.
The agency paused, “got ourselves with our overseers back into fair territory,” and has since made “substantial improvement” in compliance, the official said.
Privacy advocates say they fear that some violations are never reported to the court.
In January 2008, the NSA appeared to have mistakenly collected data on numerous phone calls from the Washington area code 202, thinking they were foreign phone calls from Egypt, whose country code is 20. According to a 2013 “quality assurance” review of the incident, a communications switch misread the coding of the calls and presumed they were international. The NSA has broad authority that is not subject to the FISA court to collect and monitor foreign communications under certain circumstances.
The description of the 2008 problem suggests that the inadvertent collection of U.S. phone calls was not reported to the FISA court.
“However, the issue pertained to Metadata ONLY so there were no defects to report,” the review stated.
Under FISA rules, the government is required to immediately notify the court if it believes it has violated any of its orders on surveillance.
The government does not typically provide the court with case-specific detail about individual compliance cases, such as the names of people it later learned it was improperly searching in its massive phone or e-mail databases, according to the two people familiar with the court’s work.
In contrast to the dozens of staff available to Congress’s intelligence and judiciary committees, the FISA court has five lawyers to review compliance violation reports.
A staff lawyer can elevate a concern about a significant compliance issue to a judge on the court, according to a letter Walton recently sent to the Senate describing the court’s role.
The court can always demand and obtain more details about cases, but it is unclear how often that occurs. In the past, while grappling with rules for implementing the surveillance programs, judges on the court have requested a visit to NSA headquarters to inspect the operations, the officials said.
Last week, the president said that he recognizes that some Americans may lack trust in the oversight process — in which the secret court approves the rules for collecting Americans’ communications — and that he will work with Congress on reforms, which could include a privacy advocate to the court.
“In other words, it’s not enough for me as president to have confidence in these programs,” Obama said in his news conference. “The American people need to have confidence in them, as well.”
Barton Gellman, Peter Wallsten and Alice Crites contributed to this report.