More N.S.A. Call Data Problems Surface as Law’s Expiration Approaches

WASHINGTON — Even after the National Security Agency announced last year that it had purged records about Americans because some were inappropriately collected, the agency inadvertently continued to retain some of the data, according to a newly declassified report.

The National Security Agency deleted the remaining data in October 2018 after its inspector general discovered it, the report said. The problem surfaced just as the agency was separately discovering that it was again collecting phone records it had no authority to gather, which came to light last month.

The disclosure that certain data survived the attempted purge sheds light on the agency’s decision to turn off its high-profile but secretive phone records collection system at a time when the program’s future is uncertain.

Since shortly after the Sept. 11, 2001, attacks, the National Security Agency has been obtaining records of Americans’ domestic phone calls and texts to hunt for hidden terrorist cells. As the once-secret program has evolved, the agency has experienced recurring headaches trying to make it work within legal constraints. The program is based on a law, the USA Freedom Act of 2015, which will expire after Dec. 15 unless Congress extends it.

The latest disclosure about the agency’s repeated difficulties in dealing with Americans’ calling data is one more reason Congress should let the system end, said Patrick Toomey of the American Civil Liberties Union. The A.C.L.U. obtained the newly disclosed inspector general reports as part of the same Freedom of Information Act lawsuit that brought to light the other problems.

“This chain of events, as we see more and more of it playing out, reveals the dangers of a sweeping domestic surveillance program,” Mr. Toomey said. “There have been repeated instances of overcollection, and once Americans’ data is overcollected, it can be incredibly difficult to get it out of the N.S.A. system.”

The National Security Agency declined to comment, and the White House did not respond to a request for one. The Trump administration has yet to take a position on whether lawmakers should extend the legal basis for the troubled system.

The agency delivered a bleak assessment months ago of the program’s high costs and low benefits without taking an explicit position on whether to extend it, according to an official familiar with internal deliberations. It remains unclear whether John R. Bolton, President Trump’s hawkish national security adviser, will try to keep the program alive for future use if technical problems are fixed or avoid that fight in Congress by letting it lapse.

The part of the Freedom Act statute that enables the National Security Agency to swiftly access Americans’ calling records is only one of several surveillance-related authorities set to expire on Dec. 15. The government wants lawmakers to extend the others, including the F.B.I.’s ability to obtain court orders for business records deemed relevant to a national security investigation under Section 215 of the Patriot Act.

The House Judiciary Committee has started drafting potential legislation to deal with the deadline and is planning hearings this fall, a senior Democratic aide said. The draft legislation, which is not public, would extend the other laws set to expire but terminate the troubled call records system.

The bill would also make several other surveillance-related changes, like giving the court that oversees surveillance a deadline to make public any significant opinions interpreting surveillance laws, the aide said. The Freedom Act had required such disclosure, but imposed no time limits to carry out that task.

The National Security Agency’s program to gain access to and analyze phone data traces back to its bulk collection of American calling records as part of the post-9/11 Stellarwind program. Originally based on purported executive power, it eventually gained the blessing of the national security court using a disputed interpretation of Section 215.

That program was revealed by the intelligence contractor Edward J. Snowden in 2013, leading Congress to enact the Freedom Act to end bulk collection of call records under Section 215, although the F.B.I. has continued to use that law for individualized collection of business records. The Freedom Act also created a replacement system for the National Security Agency to gain access to and analyze Americans’ calling records that would instead be held by phone companies.

Another newly disclosed inspector general report, written in 2016 and also obtained by the A.C.L.U., showed that even though intelligence officials frequently asserted during the post-Snowden debate that the program was vital, the National Security Agency never developed metrics to measure the value of the information it had gathered under the Section 215-era program. It also developed no metrics to assess the replacement Freedom Act system, the report said.

During the post-Snowden debate, privacy advocates seized on the revelation that the call records program had never thwarted a terrorist attack. Intelligence officials argued that it was nevertheless valuable.

Problems with the Freedom Act system began to come to light in spring 2018, when the National Security Agency disclosed that its database of call records linked to terrorism investigations was contaminated with unrelated calling data that it did not intend to or have legal authority to collect. The agency said it had fixed technical glitches that caused the problem, deleted hundreds of millions of records and was starting over.

The finding that the agency had failed to delete remnants of that data was also mentioned in a little-noted line of a report that the agency’s inspector general sent to Congress last spring, and that the National Security Agency published this month. The report obtained by the A.C.L.U. contained additional details.

The inspector general scrutinized whether the agency had successfully purged its collection of Americans’ calling records at the request of two senators: Rand Paul, Republican of Kentucky, and Ron Wyden, Democrat of Oregon.

Mr. Wyden also sent a letter on Tuesday to the outgoing director of national intelligence asking whether the government was still using Section 215 orders to obtain information about suspects’ location history from their cellphones, as it used to do. Mr. Wyden noted that the Supreme Court ruled last year that full warrants, which require a higher legal standard, are required for that data and that he and other members of the Senate Intelligence Committee had asked months ago for an update on the phone data program.

“Congress should not consider the reauthorization of these expansive authorities without some minimal transparency about how they impact Americans,” Mr. Wyden said in a statement.

Source link