NSA broke privacy rules ‘thousands of times’ per year

Report lists 2,776 cases of unauthorised storage and access to communications in 12 months

General Keith B Alexander, Director of the National Security Agency (NSA) and Commander of US Cyber Command (L), shares a private word with John O Brennan, Director of the Central Intelligence Agency (CIA). Photograph:  Andrew Burton/Getty Images.
General Keith B Alexander, Director of the National Security Agency (NSA) and Commander of US Cyber Command (L), shares a private word with John O Brennan, Director of the Central Intelligence Agency (CIA). Photograph: Andrew Burton/Getty Images.

The US National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted it broad new powers in 2008, according to reports today.

Most of the infractions involve unauthorised surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order, the Washington Post said.

They range from significant violations of law to typographical errors that resulted in unintended interception of US emails and telephone calls, the newspaper said, citing an internal audit and other top-secret documents provided earlier this summer from NSA leaker Edward Snowden, a former systems analyst with the agency.

In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.

READ MORE

The Washington Post cited a 2008 example of the interception of a "large number" of calls placed from Washington when a programming error confused US area code 202 for 20, the international dialling code for Egypt, according to a "quality assurance" review that was not distributed to the NSA's oversight staff.

In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, reportedly did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.

The NSA audit obtained by the newspaper, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorised collection, storage, access to or distribution of legally protected communications.

Most were reportedly unintended and involved failures of due diligence or violations of standard operating procedure. The most serious incidents are said to have included a violation of a court order and unauthorised use of data about more than 3,000 Americans and green-card holders.

In a statement to the newspaper, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible and drive the numbers down”.

"We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line," a senior NSA official said, speaking to the newspaper with White House permission on the condition of anonymity.

AP