recommended reading

Compliance with wiretap law is transparent, NSA says


This story originally said more than 10 members of the Senate Select Committee on Intelligence signed a letter to ODNI. In fact,13 senators signed the letter, but only two are on the committee. The story has been corrected. 

With their license to conduct warrantless wiretaps up for renewal, National Security Agency officials maintain that Congress, the courts and executive branch officials have ample visibility into the dragnet’s effect on privacy.

Some lawmakers, however, dispute the contention that the agency is open about U.S. surveillance.

Amendments enacted in 2008 to the Foreign Intelligence Surveillance Act allow NSA to monitor communications involving U.S. residents without a court order only if the primary targets of intelligence collection are individuals abroad. Those mandates expire in December.

NSA Compliance Director John DeLong said, since creating his position in 2009, he has been training analysts, modifying technology and following external recommendations to obey the rules.

“We are not a free agent that’s just out there, waking up and deciding what to do every day,” DeLong told Nextgov during an interview. “We are really heavily regulated both by requirements that come in -- a majority of them externally -- and then also very specific authorizations.”

One of the biggest misperceptions, he said, is that the compliance office sets the monitoring policies. That is not so.

“There is a tremendous amount of external oversight,” Delong said. In the executive branch that includes the Department of Justice and the Office of the Director of National Intelligence; in Congress, it includes the House Permanent Select Committee on Intelligence and other Senate committees; and in the judicial branch, it includes the Foreign Intelligence Surveillance Court, he said.

Inside the Defense Department, too, there are multiple stewards, ranging from the Pentagon’s privacy officer to the inspector general.

House and Senate committees already have passed bills to continue NSA’s spying activities, though neither chamber has voted on the panels’ proposals.

DeLong said there are a number of ways to measure NSA’s fulfillment of the law. They include “internal oversight and external oversight -- those are also places to gather information about the strengths of our compliance program and our compliance posture,” he said.

But some senators say they don’t know enough about NSA’s observance of FISA to practice that external oversight.

In July, 13 senators, including two members of the Senate Select Committee on Intelligence, wrote a letter to ODNI, stating that “it is incumbent upon Congress to ensure that the government does not use [FISA] authorities to deliberately spy on American citizens,” but lawmakers do not have “a full understanding of the impact that this law has had on the privacy of law-abiding Americans.”

The senators added that they were “alarmed” members of the intelligence community told two committee members that “it is not reasonably possible to identify the number of people located inside the United States whose communications may have been reviewed” under the warrantless wiretap law.

DeLong deferred to ODNI for comment on the senators’ assertions.

ODNI spokesman Michael Birmingham responded, “there is nothing that is kept from the Congress about the operation of these programs.”

He said the committees charged by Congress with oversight of the agency’s surveillance operations, including the Senate intelligence panel, “are kept fully and currently informed of every aspect of NSA’s surveillance activity. Moreover, we have made classified papers available to all members, which describe what we do and how we protect privacy and civil liberties of Americans, and have offered briefings to answer any questions that members have.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.