NSA Violates Privacy Rules Thousands of Times Per Year, According to Its Own Audit

By
Obama at Friday's press conference.

While assuring Americans once again that they have little reason to worry about government surveillance, President Obama said in a press conference last Friday that the U.S. can't spy on Americans without a warrant, and there are a "whole range of safeguards" to make sure that law is upheld. "What you're hearing about is the prospect that these [programs] could be abused," said Obama. "Now part of the reason they're not abused is because they're – these checks are in place, and those abuses would be against the law and would be against the orders of the FISC." In yet another bombshell from the files of Edward Snowden, the Washington Post reports that both of those claims are dubious. An internal audit by the NSA found thousands of instances in which the agency broke privacy rules and overstepped its legal authority. What's more, agency employees are instructed on how to avoid providing too much information to government oversight bodies, and the chief judge of the FISA court admits they have to trust the NSA to report its own wrongdoing. 

Earlier this summer, Snowden provided the Post with several documents, including an NSA audit from May 2012 that found 2,776 incidents of "unauthorized collection, storage, access to or distribution of legally protected communications" in the preceding twelve months, most of which were unintentional.  In one notable infraction, the NSA intercepted a "large number" of calls placed from Washington when a programming error confused the area code 202 for 20, the international dialing code for Egypt. It's unclear how many Americans were affected by the unauthorized searches covered by the audit; some produced no records, but another "incident" involved thousands of phone records. The report only counted incidents at the NSA's Fort Meade headquarters, so presumably the number of infractions would be much higher if it included all NSA facilities.

The NSA decided it didn't need to report the Egypt incident, and the information provided to Congress and other agencies is far more vague than what's contained in the audit. In one document, the NSA instructs personnel on how to fill out oversight forms without giving "extraneous information" to their "overseers" at the Justice Department, the Office of the Director of National Intelligence, Congress, and the FISA court.

In a separate story, U.S. District Judge Reggie Walton, the head of the surveillance court, tells the Post that it can't independently verify information on violations reported by the NSA. "The FISC is forced to rely upon the accuracy of the information that is provided to the Court," he explains. "The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders." In one case the FISA court didn't learn for fourth months that the NSA was collecting large amounts of data passing through fiber-optic cables in the U.S., scooping up both foreign and domestic e-mails. The FISA court found the program unconstitutional and ordered the NSA to alter its procedures or shut it down.

While President Obama said in his address last week that "the American people need to have confidence" in the surveillance programs, the administration's response does the exact opposite. In its rundown of all of the statements it received from the Obama administration on the matter, the Post notes that all questions were originally referred to John DeLong, the NSA's director of compliance. Following a 90-minute interview, the NSA said he could only be quoted by name and title "after an unspecified internal review." When the Post said it wouldn't allow the editing of quotes, the White House and NSA said the paper couldn't use any of his quotes, and instead provided a one-paragraph statement that doesn't say much.

A quote from a senior NSA official "speaking with White House permission on the condition of anonymity" (so maybe DeLong?) wasn't any more reassuring. "You can look at [the infractions] as a percentage of our total activity that occurs each day,” said the official. "You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different." So yeah, 2,776 infractions seems like a lot, but it's really nothing compared to the massive amount of spying going on at the NSA.