The National Security Agency never provided its historical legal analyses of its XKeyscore surveillance system, according to a member of the independent oversight board that has been investigating it for the last five years.
Though the Privacy and Civil Liberties Oversight Board asked the NSA for all its prior legal analyses showing XKeyscore system’s data analytics comply with federal law, all it’s received is a 13-page memo from general counsel in 2016.
At more than a decade old, XKeyscore — first flagged by former NSA contractor Edward Snowden in 2013 — is used to search massive internet traffic databases to find and analyze a target’s communications. But the unavoidable, incidental collection of citizens’ personal information raises legal concerns the NSA never proved to PCLOB it considered before launching the system, Travis LeBlanc, a Democratic member of the board appointed by former President Trump, said in an unclassified statement released Tuesday.
“At a general level and on the basis of the documents that have been provided to the board, it is concerning that any surveillance tool would have been conceptualized, coded, implemented, and then executed and routinely used without such a prior written legal analysis,” LeBlanc wrote.
Of PCLOB’s five members, only LeBlanc voted against the release of what he called a “rushed” report on XKeyscore to Congress, the White House and the Office of the Director of National Intelligence in March.
The NSA told PCLOB its 2016 memo was based on legal analyses of XKeyscore conducted prior to the system’s launch — analyses general counsel did not or could not provide. The agency didn’t respond to a request for comment on the number of legal analyses completed or their withholding them from the board, by publication time.
LeBlanc further criticized NSA general counsel for basing its memo on dated case law and failing to update its legal analysis since 2016, despite the agency’s surveillance capabilities continuing to outpace electronic surveillance law.
Commenting on the matter, an NSA spokesperson told FedScoop: “The representation that NSA had not conducted a full legal analysis prior to the Board asking for legal materials in 2014 is not accurate. NSA conducted appropriate legal reviews of NSA’s use of XKEYSCORE. NSA’s Office of General Counsel regularly reviews NSA intelligence programs and capabilities to ensure compliance with the Constitution, laws, and other applicable regulations and policies.”
The NSA did address LeBlanc’s complaint that its analysts weren’t trained to use XKeyscore, or required to, by adopting that recommendation.
NSA’s alleged failure to prove it conducted prior legal analysis wasn’t the only reason LeBlanc took issue with PCLOB releasing a report, which he said “reads more like a book report summary of the XKeyscore program.”
PCLOB didn’t conduct a cost-benefit analysis of the system that accounted for how many people have been impacted, how much data has been collected and analyzed, how that data is shared, how many lives have been saved, or how many terrorist attacks have been stopped, LeBlanc said.
The board also didn’t follow up on reported compliance incidents, a redacted number of which were deemed “questionable intelligence activities” — intelligence community-speak for illegal surveillance or review of a citizen’s communications.
PCLOB didn’t include in its report a recommendation of LeBlanc’s that incidentally intercepted communications be tagged “personal information” in the system.
The board “failed the public” by not seeking to declassify its findings, he said.
LeBlanc also wanted PCLOB to weigh in on the technological and modern electronic surveillance issues XKeyscore raises, given its use of machine learning, autonomous collection of massive datasets and algorithmic analysis of them.
“Whether the public wants it or not, these systems are almost certainly here to stay,” LeBlanc said.