Documents released on Wednesday revealed that the National Security Agency had improperly collected data on US phone records last fall, only months after they had done so before.
The documents were received by the American Civil Liberties Union in a Freedom of Information Act lawsuit and showed that in October of 2018 the NSA collected data from a phone company in the US that violates federal law.
The NSA’s call records program is already under considerable scrutiny by Congress in light of a similar breach in privacy last February. The program is set to expire at the end of this year unless Congress agrees that it should be continued.
However, this new incident sheds even more light into the faulty past of the program and all but seals its fate.
According to staff attorney with the ACLU’s National Security Project Patrick Toomey, “these documents further confirm that this surveillance program is beyond redemption and a privacy and civil liberties disaster.”
He added, “The NSA’s collection of Americans’ call records is too sweeping, the compliance problems too many, and the evidence of the program’s value all but nonexistent. There is no justification for leaving this surveillance power in the NSA’s hands.”
The program first became a subject on interest 2013 when NSA contractor Edward Snowden highlighted its abilities to collect massive amounts of call and text data from American users and many phone companies such as AT&T and Verizon without their knowledge.
This was deemed as illegal.
Therefore, in 2015, Congress passed the USA Freedom Act, which allowed the NSA to be still able to collect such data but put limitations on it.
The NSA now has to seek approval for specific records that are needed for an ongoing investigation. These records must also be retained by US telecommunication companies.
However, in June of 2018, the NSA acknowledged that they had received phone records in February of that year that was not authorized.
And since they could not differentiate between unauthorized and authorized records, they were forced to delete more than 600 million files that had been collected from 2015.
At the time the NSA said there had been technical issues that allowed the data breach to happen and those had been fixed, as had the “root cause.”
However, that appears to not be entirely accurate since this another, and very similar breach took place only four months afterward.
The NSA made a statement Wednesday that it had found additional “data integrity and compliance concerns caused by the unique complexities of using company-generated business records for intelligence purposes.”
They add that those issues now have been fixed as well. The NSA has also noted that NSA overseers such as the congressional oversight committees and the Foreign Intelligence Surveillance Court have been notified of the October breach.
Jen Burita of the Privacy and Civil Liberties Oversight Board says they are looking into the collection of phone records by the NSA and noting the “publicly disclosed challenges NSA has encountered under the 2015 federal law.”
And she added they are looking “forward to providing a detailed account and timeline of these issues later this year as Congress considers whether to reauthorize the program.”
The Board does plan to make this information as public as possible.