NSA paid email providers millions to cover ruling costs
By CHARLIE SAVAGE
The New York Times | August 25,2013
WASHINGTON — The National Security Agency apparently compensated email service providers “millions of dollars” for costs they incurred in the fallout from an October 2011 court ruling that an unrelated aspect of the agency’s surveillance operations violated the Constitution, according to a newly disclosed document.
The document — a brief article in a secret internal agency newsletter, dated October 2012, that was leaked by the former NSA contractor Edward J. Snowden and published by The Guardian on Friday — added a detail to the emerging public understanding of the once-secret episode, but it also raised new questions.
Meanwhile, Sen. Dianne Feinstein, D-Calif., chairwoman of the Senate Intelligence Committee, said the NSA inspector general’s office had briefed Congress this week that there had been “roughly one case per year” over the past decade in which an agency official had willfully broken surveillance rules to gather information inappropriately, and that “disciplinary action has been taken.”
Feinstein, who was responding to reporting by Bloomberg News, also said that none of the cases involved the Foreign Intelligence Surveillance Act — the law that regulates surveillance activities conducted on American soil — and “in most instances did not involve an American’s information.”
She portrayed the abuses as “isolated” — although unacceptable — episodes that did not change her view that the NSA had an oversight system that worked, despite the problems.
The NSA newsletter mentioning millions of dollars in costs stemming from the October 2011 ruling announced the smooth completion last fall of the Foreign Intelligence Surveillance Court’s annual recertification of certain NSA procedures. (The Obama administration declassified the court ruling Wednesday.)
The procedures involve how the agency carries out eavesdropping operations without warrants on domestic soil, but aimed at foreigners abroad, under a 2008 law called the FISA Amendments Act. The effort has two parts: one called Prism, which the NSA uses to collect messages from email providers like Google, and an “upstream” collection from networks operated by companies like Verizon. The entire effort collects about 250 million communications a year, the 2011 court ruling said.
The successful recertification contrasted with the one in October 2011, the newsletter said, when Judge John D. Bates of the surveillance court ruled that the NSA’s upstream operations, which were also collecting tens of thousands of purely domestic emails for a technical reason, violated the Constitution. As a result, the NSA had worked out new procedures for handling such messages, resulting in months of delays.
“Last year’s problems resulted in multiple extensions to the Certifications’ expiration dates which cost millions of dollars for Prism providers to implement each successive extension, costs covered” by the NSA, the newsletter said.
It is not remarkable that the government paid the companies for their costs. In the 2008 law, Congress required compensation “at the prevailing rate” to electronic communications service firms for “providing information, facilities or assistance” in complying with surveillance directives.
Google has rejected reports that it knowingly participates in Prism. It has asked the government for permission to say more about how they provide personal data about foreign users in response to surveillance court orders.
In a statement Friday, Google reiterated that it has “not joined Prism or any government surveillance programs” and said it wanted to say more to the public. But it declined to answer questions about the fall 2011 episode.
Yahoo also declined to answer specific questions about how recertification works, saying only: “Federal law requires the U.S. government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law.”