The United States National Security Agency’s metadata gathering program was repeatedly misused and collected data were accessed by unauthorized persons, according to reports from the U.S. Foreign Intelligence Surveillance Court (FISC).
The NSA claims its database of people’s IP addresses, date and time of phone calls made, duration of calls and length of emails and the origin of the metadata information were collected and guarded under a series of stringent controls. Details of the phone and Internet snooping program code named Prism, were leaked to the media by earlier this year by former NSA security contractor Edward Snowden.
However, the list of phone numbers the NSA was checking have not met the “reasonable actionable suspicion standard,” according to a March 2, 2009 report by FISC Judge Reggie B. Walton.
The NSA collects data from U.S.-based service providers on all calls and taps into it under controlled circumstances, according to NSA chief Gen. Keith Alexander, when he spoke at the Black Hat hacker convention earlier this year.
However, Walton said that for years nobody in the NSA had a “complete understanding” of the system architecture they were working on.
The NSA said it thought that reasonable actionable suspicion rule applied only to data residing in certain NSA databases and not data coming from service providers about calls being made each day.
This interpretation of the Court’s orders “strains credulity,” said Walton. If such an interpretation were applied it would mean that the rule was optional.
The judge said the NSA decided on its own that court-approved rules didn’t apply to their program.
Walton said he was “deeply troubled” by the incidents describing the program especially since they occurred just weeks after a review in which the NSA was supposed to assure the court that it has addressed matters of widespread compliance problems.