GAO Oversight of NSA: A Neglected Option

Years ago, the Government Accountability Office, the investigative arm of Congress, conducted routine audits and investigations of the National Security Agency, such that the two agencies were in “nearly continuous contact” with one another. In the post-Snowden era, GAO could perform that oversight function once again.

“NSA advises that the GAO maintains a team permanently in residence at NSA, resulting in nearly continuous contact between the two organizations,” according to a 1994 CIA memorandum for the Director of Central Intelligence.

“NSA’s practice has been to cooperate with GAO audits and investigations to the extent possible in accordance with DOD regulations,” the CIA memorandum said. “This includes providing the GAO with documents requested, including CCP CBJB’s [congressional budget justification books for the consolidated cryptologic program] as long as (1) the request was in support of a valid audit or investigation and (2) the recipients of the classified material had the requisite accesses and could meet security requirements for classified data control and storage. Documents provided in the past have included CCP CBJBs.”

At a 2008 Senate hearing, Sen. Daniel Akaka asked the GAO about its relationship with NSA. “I understand that GAO even had an office at the NSA,” Sen. Akaka noted.

“We still actually do have space at the NSA,” replied David M. Walker, then-Comptroller General, the head of the GAO. “We just don’t use it. And the reason we don’t use it is we are not getting any requests [from Congress]. So I do not want to have people sitting out there twiddling their thumbs.”

Today, the justification for restoring the type of on-site, investigative oversight of NSA that GAO could provide may be newly apparent– though no one seems to have noticed that GAO could actually provide it.

The recent report of the the Review Group on Intelligence and Communications Technologies includes an appendix citing the various components of oversight of U.S. intelligence, but it does not mention GAO at all.

Whether NSA bulk collection programs are ultimately extended, modified, or terminated, GAO could play a useful role as the eyes and ears of Congress at NSA. While there are several other oversight mechanisms in place, GAO would bring some unique features to the mix.

NSA has a fairly robust Office of the Director of Compliance to perform internal oversight, but it answers to the NSA Director, and reflects his priorities, not necessarily those of Congress.  Inspector general oversight focuses on compliance with the letter of the law, and it is probably less well-suited than GAO to consider systemic problems, performance issues and policy alternatives.  (Last November, the IC Inspector General deflected a request from Senator Leahy to conduct oversight of NSA surveillance programs, citing resource limitations and other issues.)

If it were directed to conduct audits and investigations on behalf of Congress, there is reason to believe the GAO could add a valuable dimension to NSA oversight. Just as a proposed third-party advocate might “thicken” the deliberations of the Foreign Intelligence Surveillance Court concerning surveillance law, so too might GAO investigators enrich the oversight of NSA programs as they are executed in practice.

In Intelligence Community Directive 114, issued in 2011 following years of stagnation in GAO oversight of intelligence, DNI James Clapper instructed U.S. intelligence agencies to be responsive to GAO, at least within certain boundaries.

“It is IC policy to cooperate with the Comptroller General, through the GAO, to the fullest extent possible, and to provide timely responses to requests for information,” the DNI wrote.