NSA watchdog details privacy concerns

The National Security Agency’s open source intelligence collection process, which gathers publicly available information from the internet, has “an increased risk of jeopardizing the civil liberties and privacy of [US persons] and compromising classified information,” concluded the agency’s top watchdog in its first public report for Congress.

The NSA watchdog criticized facets of the digital spy agency’s “Emerging Open Source Activities Branch,” which analyzes the information collected. Areas of concern highlighted included insufficient “guidance and training” for analysts to adequately protect Americans’ personal data. The IG did not go into further detail about specific violations.

But the agency is also prioritizing whistleblower protection in new ways, the report revealed, highlighting progress for the secretive spy unit after several high-profile whistleblowers criticized internal protections for those who report wrongdoing.

The top watchdog for the NSA, the body which vacuums up digital communications around the world for intelligence and analysis, summarized its completed and ongoing investigations, audits, and recommendations for the agency and its leadership in the report published Wednesday.

Some of those criticisms and recommendations referenced NSA’s protection of Americans’ privacy rights, an area that came under increased scrutiny following former NSA contractor Edward Snowden’s leak of more than a million internal NSA documents about surveillance around the globe. Since then, NSA and the intelligence community have published additional reports and statistics in attempts to be more transparent; the IG report continues that trend.

Additionally, the report specifically highlights the need to protect whistleblowers and reveals NSA has hired a whistleblower coordinator and created a new internal website for whistleblowers to consult for information.

“Whistleblowers perform a valuable service to the Agency and the public when they come forward with what they reasonably believe to be evidence of wrongdoing, and they should never suffer reprisal for doing so,” wrote Robert Stroch, the NSA’s new inspector general.

Snowden has insisted that he tried to use internal channels to make complaints before taking the documents to the press, but was not successful thanks to a broken system. The NSA has said officials did not interpret any of Snowden’s actions as attempts at filing whistleblowing complaints. However, Snowden was not the only one to encounter problems.

Thomas Drake, a former NSA official who had concerns about an NSA program and went through official channels was raided by the FBI and indicted. While all serious charges against him were dropped, the process effectively ruined his career. NSA Inspector General George Ellard was placed on administrative leave after a review prompted by one employee’s complaint that Ellard had retaliated against him. A council of inspectors general determined Ellard had retaliated against the employee. When Ellard appealed the personnel action, the acting assistant secretary of defense found no evidence of retaliation, allowing Ellard to remain employed at the NSA, according to a copy of the review obtained by CNN.

The new report aims to address past issues with whistleblower protection, both within the NSA and in the broader contractor community.

“Watchdogs who value whistleblowers are shockingly rare in the Intelligence Community,” Irvin McCullough, a national security analyst for the whistleblower aid organization Government Accountability Project. “The powerful language in Mr. Storch’s first report to Congress, coupled by his genuine commitment to whistleblowing, signal the office’s revived integrity.”

Additionally, the NSA IG conducted a special study of searches for information about Americans within the NSA’s massive repository of data. The report said analysts from another agency made several searches or queries for information relating to Americans that were not allowed, and didn’t fully document those queries. Those failures were a result of “human error” combined with a misunderstanding of the rules and gaps in guidance, according to the IG report. However, those deficiencies “have the potential to impact the protection of US person privacy rights,” it concluded. It’s unclear which agency the report was discussing.

According to the report, there is an ongoing review through which the Inspector General will continue to make recommendations to help NSA management train its personnel to meet new training requirements for protecting privacy intelligence oversight.

During the reporting period, the NSA IG opened 30 investigations, made 362 recommendations and issued 43 reports. According to the IG, the NSA had implemented 85 of the recommendations by the time of publication.

Most of those recommendations had to do with reviews of internal financial, digital and physical infrastructure within the NSA, as well as reports of employee misconduct ranging from sexual harassment to contractor fraud to the inaccurate filling out of time cards.

CORRECTION: This story has been corrected to reflect that a review of George Ellard was prompted by just one employee’s complaint that a subsequent review did not substantiate, allowing Ellard to remain employed at the NSA. Additional information has been included about Ellard’s subsequent appeal.