recommended reading

At NSA, computers sometimes make the policy calls


John DeLong, the first-ever compliance director at the Pentagon’s spy agency, spends his days making sure analysts are not snooping on Americans.

U.S. law forbids the National Security Agency from intercepting communications between citizens. While privacy advocates argue that NSA databases nevertheless accumulate records on Americans, in fact, some of those systems are calling the shots to delete that information.

“There are times when we use technology to literally make legal and policy decisions,” said DeLong, 37, a lawyer whose additional math and physics degrees likely prepared him for the multifaceted task of policing code-breakers.

With an ever-increasing amount of messages to crack and data patterns to follow, agents have limited time to observe what he describes as “very specific procedures that govern their use and handling of that data.” So, machines sometimes patrol privacy.

“There are obviously some decisions that you can’t automate. You have to rely on a human for judgment. And we have lots of training” on foreign espionage authorizations, DeLong told Nextgov in an interview. “We have to make sure those authorizations pass from human to human from machine to machine very carefully.”

Those authorizations include minimization requirements, which tightly control any data obtained while targeting foreigners that identifies Americans. Other privacy measures include database audits and spot checking decisions about whom to pursue, according to intelligence officials.

A computer, for example, can be instructed to screen out certain types of information before it is passed on to the next stage of processing, DeLong explained. “In some cases, we literally have the legal and policy rules embedded in the technology such that the technology will only do those things,” he said.

Still, intelligence activities have broken the rules. As first reported by Wired in July, the Office of the Director of National Intelligence acknowledged in a letter to warrantless wiretap critic Sen. Ron Wyden, D-Ore., that “on at least one occasion” the judicial branch determined “that some collection carried out pursuant to the [law’s] minimization procedures used by the government was unreasonable under the Fourth Amendment.”

When asked whether the incident occurred on his watch, DeLong said, “Root cause is always difficult to figure out, so I’m very hesitant to answer on timing. I will say very clearly, though, when there are incidents we follow the reporting path.”

He then deferred to ODNI, which coordinates the work of the U.S. intelligence community. “The government has remedied these concerns, and the [Foreign Intelligence Surveillance Court] has continued to approve the collection as consistent with the statute and reasonable under the Fourth Amendment,” officials said in a statement.

DeLong added, “We’re nothing if we lose the confidence of the American people.”

(Image via VLADGRIN/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.