Audit: National Security Agency routinely breaks rules
WASHINGTON — The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad powers in 2008, according to an internal audit and other top-secret documents.
Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of Americans' emails and telephone calls.
The documents, provided this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA's oversight staff.
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
The Obama administration has provided almost no public information about the NSA's compliance record. In June, after promising to explain the NSA's record in “as transparent a way as we possibly can,” Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check.
“Every now and then, there may be a mistake,” Cole said in congressional testimony.
The NSA audit obtained by the Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure.
The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green card holders.
In a statement in response to questions for this article, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.”
The government was made aware of the Post's intention to publish the documents that accompany this article online.
“We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said, speaking with White House permission on the condition of anonymity.
“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”
There is no reliable way to calculate from the number of recorded compliance issues how many Americans have had their communications improperly collected, stored or distributed by the NSA.
The causes and severity of NSA infractions vary widely. One in 10 incidents is attributed to a typographical error in which an analyst enters an incorrect query and retrieves data about Americans' phone calls or emails.
The more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance.
Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif., who did not receive a copy of the 2012 audit until the Post asked her staff about it, said late Thursday that the panel “can and should do more to independently verify that NSA's operations are appropriate, and its reports of compliance incidents are accurate.”
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Fight against Islamic State at impasse, military commanders say
- Open encrypted messages by updating technology access law, FBI Director Comey says
- Doctor 1st Ebola virus case in New York City
- Feds fault security of tax info gathered for health care law benefits
- Huge gold nugget goes on sale for $400K
- Man shot from behind, Wecht’s autopsy finds
- West Virginia University expels 3 students for postgame misconduct
- Driver accused of pretending to be Ohio cop
- Court: IRS not targeting conservative tax-exempt groups
- Missouri officials faulted by feds for ‘selective’ probe in police shooting death
- Defacements in national parks lead to outrage, probe