Report: NSA spying broke privacy rules thousands of times
The National Security Agency broke privacy rules and exceeded its legal authority thousands of times since it was given new powers in 2008, according to top secret documents leaked by Edward Snowden, The Washington Post reported Thursday.
The Post said most of the breaches involved unauthorized surveillance of Americans or foreign intelligence targets in the United States.
The paper said they ranged from “significant violations of law” to typographical errors that led to the unintended interception of U.S. emails and telephone calls.
An NSA audit obtained by The Post from Snowden said there had been 2,776 cases in the year to May 2012 of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended, it said.
The paper said the most serious incidents included the unauthorized use of data about more than 3,000 Americans and people with green cards, and a violation of a court order.
In a statement, the NSA said its “foreign intelligence collection activities” were “continually audited and overseen internally and externally.”
“When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers - and aggressively gets to the bottom of it,” it said.
John DeLong, the NSA’s director of compliance, stressed there was a process for staff to report “if they have made a mistake or even if they believe that an NSA activity is not consistent with the rules.”
“NSA, like other regulated organizations, also has a 'hotline' for people to report -- and no adverse action or reprisal can be taken for the simple act of reporting,” he said in a statement.
“We take each report seriously, investigate the matter, address the issue, constantly look for trends, and address them as well -- all as a part of NSA's internal oversight and compliance efforts. What's more, we keep our overseers informed through both immediate reporting and periodic reporting.”
DeLong said more than 300 personnel worked in the NSA’s internal privacy compliance program -- “a fourfold increase since 2009.”
“They manage NSA's rules, train personnel, develop and implement technical safeguards, and set up systems to continually monitor and guide NSA's activities. We take this work very seriously,” he said.
Another NSA statement said the Director of National Intelligence James Clapper had declassified certain statements in July 2012 that revealed the Foreign Intelligence Surveillance Court had determined that "some collection” activities were “unreasonable under the Fourth Amendment.”
The NSA said “a variety of factors” could cause breaches.
“They include, but are not limited to: implementation of new procedures or guidance with respect to our authorities that prompt a spike that requires ‘fine tuning,’ changes to the technology or software in the targeted environment for which we had no prior knowledge, unforeseen shortcomings in our systems, new or expanded access, and ‘roaming’ by foreign targets into the U.S., some of which NSA cannot anticipate in advance but each instance of which is reported as an incident,” it said in a statement.
“The one constant across all of the quarters is a persistent, dedicated effort to identify incidents or risks of incidents at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.”
Snowden worked as a contractor for the NSA but fled to Hong Kong and leaked documents to The Guardian and The Post.
He has been charged by the United States with espionage, but is currently believed to be in Russia, where he has been granted asylum.