List of NSA controversies

The following is a list of controversies involving the National Security Agency. Throughout its history, the NSA has been the subject of a number of controversial cases, both at home and abroad. Notable examples include warrantless surveillance programs, the Edward Snowden revelations and the Gulf of Tonkin incident. These incidents have drawn intense criticism from privacy advocates, anti-war activists, and members of the United States Congress, who accuse the agency of unconstitutional surveillance, lacking transparency and oversight, and failing to properly balance national security with civil liberties. There have been multiple attempts to significantly reform the NSA and its programs.

In 2013, Edward Snowden disclosed classified NSA surveillance programs to journalists. His revelations sparked global debate over government surveillance, privacy, and civil liberties.

Gulf of Tonkin Incident (1964)

Main article: Gulf of Tonkin incident

The Gulf of Tonkin Incident in August 1964 involved two alleged attacks on U.S. Navy ships by North Vietnamese forces in the Gulf of Tonkin. The incident was one of the main justifications for the escalation of U.S. involvement in the Vietnam War.^[1] Declassified documents later revealed that the NSA misinterpreted or overstated signals intelligence (SIGINT), leading to reports of a second North Vietnamese attack that likely never occurred.^[2] Critics argue that intelligence was selectively used or manipulated to justify military action without Congressional oversight.^[3] Following the false flag event, the agency also received scrutiny for spying on anti–Vietnam War leaders.^[4]

Warrantless Wiretapping Program (2001–present)

Main article: NSA warrantless surveillance (2001–2007)

After the September 11, 2001 attacks, the NSA launched a highly secretive warrantless surveillance program with the intention of intercepting U.S. communications without the use of the Foreign Intelligence Surveillance Act (FISA) courts.^[5][6][7] This was authorized by a secret executive order by President George W. Bush.^[8] Under this program, the NSA monitored telephone and internet communications of U.S. citizens and foreigners without court approval. The program became public in 2005 following an exposé by the New York Times which resulted in debate over the program's legality and constitutionality.^[9][10] Critics argued that it violated the Fourth Amendment's protections against unreasonable search and seizure and statutory protections under FISA, which are intended to regulate government surveillance activities.^[11][12]

In conjunction with this program, the FISA Court has also faced criticism.^[13] Declassified documents and court opinions revealed that the NSA violated FISA rules and procedures thousands of times annually.^[14] In 2011, the FISA Court acknowledged that the NSA's bulk collection of foreign internet communications was "fundamentally different" from what the court had been led to believe by the Agency.^[15]

Following public backlash, in 2007, Attorney General Alberto Gonzales alleged that the program was terminated and the NSA resumed seeking warrants from the Foreign Intelligence Surveillance Court (FISC).^[16] In 2008, Congress passed the FISA Amendments Act of 2008, which relaxed some of the original FISC requirements. However, later reports by Edward Snowden and others found that warrantless surveillance continues to be used by the Agency.

Edward Snowden Revelations (2013)

Main article: Edward Snowden

In 2013, Edward Snowden, a former NSA contractor and whistleblower, disclosed many classified NSA documents revealing extensive global surveillance operations conducted by the agency and international partners.^[17] Snowden's leaks exposed programs like PRISM, which allowed the NSA to have direct access to the servers of major internet companies.^[18] The surveillance program XKeyscore, was exposed as well, which provided agents with the ability to search internet databases and metadata. It has been described as an NSA tool that collects "nearly everything a user does on the internet."^[19]

The disclosures revealed the scope and scale of the NSA surveillance capability on both foreign nationals and U.S. citizens, often conducted without warrants or legal justification.^[20][21] Snowden flew to Hong Kong before releasing the documents, worried that he would face prosecution and censorship if he attempted to reveal the documents in the United States.^[22][23] On June 21, 2013, the United States Department of Justice unsealed charges against Snowden of two counts of violating the Espionage Act of 1917 and theft of government property, following which the Department of State revoked his passport.^[24] Snowden's revelations spurred international debate over government surveillance, privacy rights, and the balance between security and freedom.^[25][26]

Section 215 Bulk Metadata Collection Program (2006–2015)

Main article: Section 215

Under Section 215 of the PATRIOT Act, the NSA conducted bulk collection of telephone metadata which included call times, durations, and dialed numbers on millions of Americans without warrants.^[27] The program was kept secret until its exposure by Snowden in 2013.

The bulk metadata program faced criticism for the perception that it infringed privacy and Fourth Amendment constitutional protections.^[28] In 2015, the U.S. Court of Appeals for the Second Circuit ruled that the program was illegal and exceeded the scope of Section 215.^[29] Following that ruling, Congress passed the USA Freedom Act, which alleged to end the bulk data collection by the NSA.^[30][31] Instead, it requires that telecom companies retain the metadata and only provide it to the NSA with specific court orders.^[31]

EternalBlue Exploit and WannaCry Ransomware Attack (2017)

Main articles: EternalBlue and WannaCry ransomware attack

EternalBlue was a cyber exploit developed by the NSA with the intention of targeting vulnerabilities in the Microsoft Windows operating system. Rather than disclose the vulnerability to Microsoft to patch the error, the NSA retained it to use as a tool for cyber operations.^[32] In 2017, a hacking group called the Shadow Brokers leaked the EternalBlue exploit publicly.^[33]

Following the leak, the WannaCry ransomware attack used EternalBlue to infect hundreds of thousands of computers.^[34] This caused widespread disruption in hospitals, businesses, and government agencies. The NSA was criticized for retaining the software vulnerability to exploit it instead of reporting it to Microsoft. In this regard, critics note that this decision by the NSA indirectly contributed to the attack.^[35]

Reactions

Domestic response

The NSA's surveillance activities has received criticism from both Republicans and Democrats. Following the 2013 Snowden disclosures, members of Congress such as Senator Ron Wyden and Senator Rand Paul denounced the NSA's bulk collection program as unconstitutional and an overreach of its authority.^[36][37] In 2013, Representative Justin Amash led a bipartisan effort in the House to defund certain NSA programs, which narrowly failed to pass.^[38][39]

Some members of Congress defend the agency's work. House Intelligence Committee Chairman Mike Rogers has argued that the NSA prevented terrorist attacks and is subject to government oversight.^[40][41] President Barack Obama initially defended the agency's activities but later endorsed reforms, which led to the passage of the USA Freedom Act.^[42]

Legal response

In Klayman v. Obama (2013), U.S. District Judge Richard J. Leon ruled that the NSA's metadata program likely violated the Fourth Amendment, calling it "almost-Orwellian."^[43] In 2015, the Second Circuit appeals court ruled in ACLU v. Clapper that Section 215 of the Patriot Act did not authorize the bulk collection of phone metadata, which judge Gerard E. Lynch called a "staggering" amount of information.^[29]

International response

Main article: Reactions to global surveillance disclosures

International reactions to various NSA programs was intense, especially after the revelations that the agency had tapped the phones of foreign leaders, including German Chancellor Angela Merkel.^[44][45] In Europe, the Snowden disclosures prompted parliamentary inquiries and calls to renegotiate data-sharing agreements with the United States.^[46]

The Brazilian government condemned the surveillance of its president and national oil company, Petrobras,^[47][48] and proposed creating an independent internet infrastructure in Latin America to avoid being monitored by the NSA.^[49] Several countries, including Germany and Brazil, introduced a resolution at the United Nations affirming the right to privacy in the digital age, which passed with widespread support.^[50][51] Following its passage, Germany's UN ambassador advocated for the U.N. to create a special investigator post to enforce the resolution, warning that "without necessary checks, we risk turning into Orwellian states where every step by every citizen is monitored."^[51]