PDF: NSA’s proposal and NARA’s appraisal
>>> The National Security Agency is asking for permission to destroy all “records related to complaints and allegations of abuses of civil liberties and privacy” received by its Civil Liberties, Privacy and Transparency Office.
Under the plan, which has already received preliminary approval, all records regarding actionable complaints, comments, and inquiries will be destroyed just one year after resolution.
Records regarding complaints and other input that gets judged non-actionable will be destroyed “after 90 days, or when no longer needed for agency business, whichever is later.”
Under the Federal Records Act, agencies ask the National Archives & Records Administration (NARA) for permission to schedule the destruction of documents. (In a small number of instances, agencies propose keeping certain documents permanently at NARA.) NARA evaluates the proposal and almost always approves it, sometimes with changes. The process then opens up to public comment for 30 days. Any comments received are theoretically factored into NARA’s final decision.
In this case, the NSA has submitted a proposed schedule for destroying essentially all documents regarding complaints, comments, inquiries, and other input received by its Civil Liberties, Privacy and Transparency (CLPT) Office.
For the most important category — actionable complaints — the NSA gives these details:
“Records related to complaints and allegations of abuses of civil liberties and privacy by NSA/CSS. These complaints are submitted by employees and/or members of the general public, and includes those complaints that warrant addition action, generally in the form of referral to other offices within NSA/CSS. Records include the complaint as well as related correspondence and documentation, such as the formal referral to other NSA/CSS offices for action.”
NARA explains that the category of other actionable items “includes comments and inquiries that require further action, but are not at the same level as a complaint.”
In its appraisal, NARA gives some background on the CLPT Office:
“The NSA/CSS Civil Liberties, Privacy and Transparency (CLPT) Office was created to help the Agency advance national security while protecting the freedoms, civil liberties, and privacy rights guaranteed by the Constitution and federal law. Its creation was in response to the 2013 statement from President Obama on initiatives to give the public greater confidence in the oversight of intelligence programs.
Several of the functions performed by this office already existed within NSA. The establishment of this office brought various responsibilities together under a single office to ensure that privacy and civil liberties considerations remain a vital driver for NSA strategic decisions.
As such, the office operates mechanisms that allow both NSA/CSS employees and members of the public to submit comments, questions, and/or complaints related to NSA/CSS programs, specific to privacy and civil liberties, for review and possible action. This may be done anonymously with the majority of submissions coming from the public using the NSA/CSS website’s online comment portal.”
Further on, NARA explains:
“In all cases, CLPT is a conduit – per established business process the complaint is sent to another NSA/CSS office for further action. CLPT does not undertake any investigative work, and is limited to making the decision on whether additional action (and referral) is warranted. These records document the initial submission, and what action was taken by CLPT, usually as a formal referral.”
NARA emphasizes that CLPT is the centralized entry point for all such complaints, comments, and questions. CLPT determines what is actionable, then sends it to another component of NSA for further action, but CLPT itself doesn’t investigate complaints and allegations. Because of this, the reasoning seems to be that CLPT’s records aren’t important and can be destroyed in a year or less.
Actionable complaints are acted on by other components of NSA, including the Inspector General and the Privacy Act Officer. The idea is that these complaints, and the actions they trigger, get permanently retained by these other components. NARA says that these documents are “Captured elsewhere in permanent records.” But the next sentence says: “Complaints that warrant further review or investigation are referred to other offices within NSA/CSS, and significant ones are captured as permanent.” [Emphasis mine.] So, not all actionable complaints are permanent — only the “significant” ones.
As far as actionable non-complaints (e.g., comments and questions), NARA notes: “This may include a general request for information, or other comments that can be answered without additional investigation or interaction by other NSA/CSS offices.” So, at least some of the actionable non-complaints don’t get referred beyond CLTP, so all trace of them will be deleted after a year.
Then we have the complaints, comments, questions, etc. that CLPT unilaterally decides aren’t actionable. All records regarding these items will be destroyed in 90 days.
NARA’s appraisal mentions that similar documents at the Director of National Intelligence’s Office of Civil Liberties, Privacy and Transparency have also been designated as temporary, although reading that schedule shows that the time frame for destruction is five years, not 90 days and one year.
I think that referring to ODNI’s records-destruction schedule is supposed to bolster the idea that NSA’s records should also get pulped, but it just makes me think that ODNI’s schedule should be changed.
My stance is that all digital records should be kept permanently. Pretty much everything in this schedule is born digital. (The NSA probably gets some complaints and allegations in the form of paper letters, but I bet these are scanned and turned into PDFs for easier handling.)
Even if you don’t agree with my position, though, it’s hard to argue that all records regarding actionable complaints, allegations, comments, and questions sent to the NSA should be destroyed by the office responsible for receiving and initially processing them, as well as fully processing some of them.
P.S.: The sub-site for NSA’s Office of Civil Liberties, Privacy and Transparency has some problems.
• It never mentions that it takes complaints, allegations, questions, and comments from the public and from NSA employees. There’s no hint of its function as the central, starting point for all such actions. Even the “Contact” page doesn’t mention this. Even on the page “About NSA’s Civil Liberties and Privacy Office,” even in the section titled “What Do We Do?”, they never mention that you can complain, blow the whistle, and report problems.
• The penny-ante “Contact” page provides a tiny HTML form for sending your message about wrongdoing. No SecureDrop. No Signal. No physical address for mail. If the NSA really wanted to get your complaints and allegations, they could set up a menu of truly anonymous, untraceable options, like the Washington Post has done. You’d think America’s signals-intelligence agency would know how to do this.
• On the NSA website, the office is still referred to by its old, incorrect name (Civil Liberties and Privacy Office). How serious can the NSA be about this office if it doesn’t bother to use the right name?
Coda: NARA’s appraisal mentions the existence of “hate-speech” sent to the NSA:
These files include submissions that are non-actionable, including unspecific comments, hate speech directed at NSA/CSS without any complaint context, and other communications that are either inappropriate for further action, or impossible to take action on due to vagueness or anonymity. For example, this may include general anti-NSA statements that are submitted via the online portal, which have no specific complaint attached for action.