ARTICLE AD BOX
The Privacy and Civil Liberties Oversight Board spent more than six years scrutinizing the surveillance-related system, called XKeyscore. Its report is classified.
June 29, 2021, 4:27 p.m. ET
WASHINGTON — A member of a civil liberties watchdog board that investigates the nation’s security programs criticized on Tuesday a major — but still secret — report by his organization about a National Security Agency surveillance-related system, portraying the effort as shoddy and a missed opportunity.
The official, Travis LeBlanc, is a Democratic appointee to the five-member agency, the Privacy and Civil Liberties Oversight Board. His critique — in a newly declassified, 10-page statement — opened a window into infighting at the board and offered a few hints about the classified study, which it completed in December after more than six years of work.
But other current and former officials pushed back on Mr. LeBlanc’s complaints and defended the oversight effort. Because the underlying report remains classified, it is difficult to assess the rival points of view.
The existence of the system, called XKeyscore, came to public light in 2013 as part of the leaks by the former intelligence contractor Edward Snowden. The system enables National Security Agency analysts to query huge repositories of intercepted internet communications and metadata in search of information.
Most of the intercepts that XKeyscore makes available to analysts have been vacuumed up by the agency under Executive Order 12333, which governs surveillance that takes place abroad and the interception of foreign-to-foreign communications as they cross domestic soil.
Congress has left that type of national-security surveillance largely unregulated, and 12333 rules permit bulk, indiscriminate collection without a warrant. That has long raised privacy and civil liberties concerns about what the government may do with Americans’ private messages that are incidentally swept in. (Because of how the internet works, domestic messages are sometimes routed abroad.)
The oversight board decided in 2014 to undertake a classified study of Executive Order 12333 activities that would include examination of three topics governed by that edict. Two involved the C.I.A., and their topics remain classified. The third involves the National Security Agency’s XKeyscore system.
The study, about 56 pages, was provided to Congress and executive branch oversight officials in classified briefings in March, current and former officials said.
Several issues complicated responsibility for the report. The first is that the board evolved significantly during the effort.
The study’s scope was chosen when the board was under Democratic control. Then some members departed and the board lacked a quorum, but its staff pursued the effort. The report was completed when the board was under Republican control.
Another complicating factor is that the board approved the report in December by voice vote without recorded opposition, according to several officials. Mr. LeBlanc told its general counsel the next day to record him as a no, they said. Mr. LeBlanc said he had abstained during the voice vote, adding that he was “shocked” that the board was suddenly voting on it.
“I am unable to support” the XKeyscore system, he wrote. “I harbor serious reservations about the deficiencies in our oversight of the XKeyscore program as well as significant concerns about the program’s operations.”
Mr. LeBlanc offered myriad criticisms of the report, portraying the board’s approval of it as rushed and pointing to gaps like a failure to scrutinize the use of artificial intelligence in connection with the system, to conduct an adequate assessment of oversight mechanisms, and to scrutinize the National Security Agency’s collection activities under Executive Order 12333, including those that can incidentally pull in Americans’ private messages.
The report, he wrote, “unfortunately reads more like a book report of the XKeyscore program than an independent oversight analysis grappling with key concerns in this evolving technological and legal landscape.”
But Adam Klein, a Republican who was the board’s chairman until he stepped down on June 20, defended the effort as valuable.
“This is a detailed, comprehensive report and recommendations on a very complex program,” he said. “It reflects six years of work by board staff and multiple iterations of board members. It’s highly factual, substantive and apolitical — the type of oversight the board was created to perform.”
Mr. Klein and other current and former officials also pushed back on some of Mr. LeBlanc’s complaints.
“The board did obtain information and ask hard questions about the location and manner of collection,” Mr. Klein said. “The board also asked hard questions about many other issues related to XKeyscore, including compliance and oversight mechanisms applicable to the program.”
In an interview, however, Mr. LeBlanc said that “minimal” information about collection activities made it into the report and that there was no effort to analyze it. His unclassified statement portrays some of the collection activities as problematic but provides no details.
Mr. LeBlanc also criticized the board for not doing more to look at episodes in which National Security Agency analysts in 2019 had violated searching rules, including in a type of compliance incident deemed “questionable intelligence activities,” meaning that it had violated the law, executive order or other policy rules.
“Obviously, violations of U.S. law and the known collection or processing of U.S. person information are serious compliance issues. Yet, the former board did not request specific information,” he wrote, in a line that was preceded and followed by redacted material.
But a U.S. official, speaking on the condition of anonymity, characterized the 2019 compliance episodes as relatively minor — like a typo in a name being searched, resulting in pulling up information about the wrong person — and said none indicated a systemic problem.
Mr. LeBlanc also complained that the National Security Agency lacked XKeyscore-specific training for privacy and civil liberties rules protecting Americans. The U.S. official said the agency already trained analysis in such rules before giving them access to any system, but it was carrying out a lesson on XKeyscore in response to a recommendation in the report.
Finally, in his statement, Mr. LeBlanc said that the board had asked the agency for its legal analysis of privacy and civil liberties raised by the use of XKeyscore in 2015. The next year it was given a 13-page memo dated 2016, which “made it appear as if N.S.A. had not prepared a written analysis of the legality of XKeyscore until prompted” by the oversight board.
A N.S.A. spokesperson said its general counsel “regularly reviews N.S.A. intelligence programs and capabilities to ensure compliance” with the law and had “conducted appropriate legal reviews of the use of XKeyscore.”
A footnote in Mr. LeBlanc’s statement says that the N.S.A. told the oversight board this year that it had also produced “prior legal analyses of XKeyscore” before the 2016 memo. But while the board has pressed for access to those “purported” memos, he wrote, the agency has not provided any.