Technology

Snowden leaks: The man who watches over the NSA

John DeLong Image copyright NSA
Image caption John DeLong is responsible for ensuring NSA officers obey the US's privacy rules

Whistleblower Edward Snowden's revelations have revealed that a huge capability resides within America's National Security Agency to collect and analyse communications.

The crucial question that many people are now asking is how the public can know if this capability is being misused.

Officials claim there are multiple levels of accountability and oversight including a new civil liberties and privacy officer within the NSA appointed this week. But one person who has been trying to ensure the system is not abused for a number of years is John DeLong.

After working in the NSA and department of Homeland Security - and a break to study at Harvard Law School - he became the director for compliance at the agency in 2009, running a team of 300 people.

His job is to make sure NSA staff play by the rules. So does this involve watching over people clipboard in hand?

"Rather than characterising it as people with clipboards looking over folks, a rules coach may be the best way of thinking of it," he tells the BBC in a telephone interview.

"What we focus on in compliance is the very specific consistency each and every second of each and every day with the very specific rules that regulate our activity."

Tailored safeguards

This includes training, developing systems to look over people's work and making sure new staff who join are briefed and understand their obligations - including when to ask questions when they see something they think might be wrong.

Compliance is built on a mix of human and automated safeguards, Mr DeLong says.

Each database of information has different rules for access and different safeguards. In some of those, for instance the one containing US telephone metadata, compliance is automated so that it is not possible to conduct searches that do not abide by the rules.

Image copyright NSA
Image caption The NSA's headquarters are located at Fort Meade Maryland, 16 miles south of Baltimore

"There is a human-based safeguard - we train people and their activities are reviewed - but there's also a technical safeguard such that…. a telephone number that is not on approved list simply cannot be queried onto the database," he says.

In other cases, the NSA used after-the-fact reviews, conducting a random sampling of database queries to see if they were correctly undertaken.

"There's no place where it's an analyst and a database and you can search for whatever you like and there's no record and no after the fact," Mr DeLong says.

In some cases, there can be self-reporting for mistakes - for instance if someone hits a wrong key and then realises it straight away and reports it. In other cases it gets spotted by someone else reviewing what another member of staff has done.

"Every person who is at NSA is obligated to report any activity they know or suspect is inconsistent with the policy or the law," he adds.

Some of the more high-profile compliance issues have surrounded what has become known as 'love-int' - people using intelligence capabilities to check up on people in their love life.

A letter from the NSA inspector general to a senator last September revealed there had been a dozen cases of the intentional use of intelligence resources since 2003.

Many of these involved employees making searches of databases looking for information on partners or potential partners ranging from trying to find out if a husband had been unfaithful to whether a foreign girlfriend was involved with any foreign government officials or a foreign boyfriend was involved with any' "shady characters".

Five eyes system

Mr DeLong and other NSA officials argue that a dozen cases over a decade is a tiny number and the individuals involved were disciplined. "We hold people accountable," he says.

Image copyright Getty Images
Image caption There have been several anti-surveillance rallies held in the wake of the Snowden leaks

However, critics have argued that a number of those involved resigned before any action was taken against them and they say the others should have been fired rather than just disciplined.

Another issue of compliance is abiding by certain restrictions on communications of either US persons or those belonging to other countries that are part of the "five eyes" club - the US, UK, Australia, New Zealand and Canada .

Mr DeLong maintains that the five-eyes system is not used to get round the restrictions any country may have on spying on their own citizens.

Image copyright Getty Images
Image caption A new NSA data centre in Utah will need more than one million gallons of water a day to keep its computers cool

"We cannot ask for or participate in any activity we would not lawfully be able to do ourselves," he says of the work with GCHQ and other agencies in the club. "There's really no work around."

The intangible element to all of this is the culture of an organisation - does it promote critical thinking or stifle concerns? One of the problems surrounding the NSA is that it is so closed off to the outside world that few can claim to have a real understanding of what it is like to work there and what kind of pressures it places on staff to conform or to speak up when they see something untoward.

Critics also say the issue is not so much whether the NSA complies with its own rules but that the rules and authorities themselves are simply too broad and allow too much data to be collected.

They do not worry so much about incorrect searches on the metadata database but the very fact that such a database containing American phone records exists - although President Obama has announced a consultation aimed at moving it away from the agency now.

Image copyright Getty Images
Image caption President Obama has suggested that a third-party, and not the NSA, hold onto metadata records

Mr DeLong acknowledges that his job is to make sure people abide by the rules but it is not to set those rules. That is a task which falls to others, including the president.

Mr DeLong says his job has certainly changed since he took on the role in 2009, not least in the fact he is now doing interviews.

"It was not in the original job description" he says.

And what about the leaks obtained by Edward Snowden that have yet to be released?

"It's going to be another interesting year."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites