John DeLong, the first-ever compliance director at the Pentagon’s spy agency, spends his days making sure analysts are not snooping on Americans.
U.S. law forbids the National Security Agency from intercepting communications between citizens. While privacy advocates argue that NSA databases nevertheless accumulate records on Americans, in fact, some of those systems are calling the shots to delete that information.
“There are times when we use technology to literally make legal and policy decisions,” said DeLong, 37, a lawyer whose additional math and physics degrees likely prepared him for the multifaceted task of policing code-breakers.
With an ever-increasing amount of messages to crack and data patterns to follow, agents have limited time to observe what he describes as “very specific procedures that govern their use and handling of that data.” So, machines sometimes patrol privacy.
“There are obviously some decisions that you can’t automate. You have to rely on a human for judgment. And we have lots of training” on foreign espionage authorizations, DeLong told Nextgov in an interview. “We have to make sure those authorizations pass from human to human from machine to machine very carefully.”
Those authorizations include minimization requirements, which tightly control any data obtained while targeting foreigners that identifies Americans. Other privacy measures include database audits and spot checking decisions about whom to pursue, according to intelligence officials.
A computer, for example, can be instructed to screen out certain types of information before it is passed on to the next stage of processing, DeLong explained. “In some cases, we literally have the legal and policy rules embedded in the technology such that the technology will only do those things,” he said.
Still, intelligence activities have broken the rules. As first reported by Wired in July, the Office of the Director of National Intelligence acknowledged in a letter to warrantless wiretap critic Sen. Ron Wyden, D-Ore., that “on at least one occasion” the judicial branch determined “that some collection carried out pursuant to the [law’s] minimization procedures used by the government was unreasonable under the Fourth Amendment.”
When asked whether the incident occurred on his watch, DeLong said, “Root cause is always difficult to figure out, so I’m very hesitant to answer on timing. I will say very clearly, though, when there are incidents we follow the reporting path.”
He then deferred to ODNI, which coordinates the work of the U.S. intelligence community. “The government has remedied these concerns, and the [Foreign Intelligence Surveillance Court] has continued to approve the collection as consistent with the statute and reasonable under the Fourth Amendment,” officials said in a statement.
DeLong added, “We’re nothing if we lose the confidence of the American people.”