On Aug. 27, Sen. Chuck Grassley (R-Iowa), the ranking member of the Senate Judiciary Committee, sent a letter to the Inspector General of the National Security Agency seeking information about whether the Inspector General’s office “[had] documented instances in which NSA personnel intentionally and willfully abused their surveillance authorities.” Grassley sought the information amid the privacy and civil liberties questions surrounding the NSA domestic spying scandal. Grassley has released the response letter (original pdf; archive pdf), which is dated Sept. 11, 2013. The letter states: “Since 1 January 2003, there have been 12 substantiated instances of intentional misuse of the signals intelligence (SIGINT) authorities of the Director of the National Security Agency. The NSA Office of the Inspector General (OIG) currently has two open investigations into alleged misuse of SIGINT and is reviewing one allegation for possible investigation.” SIGINT’s dedicated purpose is to spy on foreign individuals for U.S. national security investigations.
We’ve talked before about the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ privacy rights. Such cases have occurred in: Minnesota, where 104 officers from 18 agencies in the state accessed one woman’s “driver’s license record 425 times in what could be one of the largest private data breaches by law enforcement in history”; Tucson, Ariz., where University Medical Center officials fired three employees for violating privacy of patients connected to the shooting rampage of which Jared Loughner is accused; New York City, where a police sergeant pleaded guilty “to illegally entering a federal database and giving information from a terrorist watch list to an acquaintance to use in a child-custody case in Canada”; and the U.S. government, where the State Department found that federal employees repeatedly snooped into the passport files of entertainers, athletes and other high-profile Americans. The cases aren’t confined to the United States; for example, they’ve occurred in Canada, New Zealand and the UK.
The instances of insider misuse and abuse at the NSA are disturbing. The letter doesn’t identify the employees, but notes that at least six cases were referred to the Justice Department for further action, which could include prosecution. Here’s just one case, which occurred on the insider’s “first day of access” to SIGINT. The person, a member of the military, “queried six e-mail addresses belonging to a former girlfriend, a U.S. person, without authorization.” The insider “received a reduction in grade, 45 days restriction, 45 days of extra duty, and half pay for two months. It was recommended that the subject not be given a security clearance.” In this case, the person who abused his access privileges to the surveillance system was punished, but in several cases, the people were not for various reasons, including that they resigned before they could be punished.
Learn more in the full response from the OIG.