Secret audit of NSA shows thousands of privacy violations every year

This is actually a question I asked after Snowden's first interview where he revealed that low level NSA analysts routiinely accessed the private information of Americans. I wondered if the strict privacy rules that NSA and Obama keep insisting are enforced are actually honored in the breach.

I was right.

Washington Post:

The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.

Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.

The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a "large number" of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a "quality assurance" review that was not distributed to the NSA's oversight staff.

Not distributed to the oversight staff? Altering reports to obscure findings? Here's a graph that shows the number of violations and some of the specific problems encountered.

In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.


The Obama administration has provided almost no public information about the NSA's compliance record. In June, after promising to explain the NSA's record in "as transparent a way as we possibly can," Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. "Every now and then, there may be a mistake," Cole said in congressional testimony.

"Every now and then" they trot out an official to lie through their teeth.

Thousands of violations - some of them for operators deliberately not following SOP - and no word of disciplining these people. What happens to these NSA employees who screw up - or who simply break the rules?

Obviously not much. If penalties were more severe - and if penalties there be - it wouldn't happen as often as it does.

No doubt if NSA bothers to comment at all about this audit, they'll say that thousands of screw ups a year is really a great record considering how much data they vacuum up. We shouldn't buy that. Nor should we accept the notion that most of these violations aren't preventable. Even computer errors can be fixed since it's humans who program the machines.

The potential is there for wrongdoing on a scale we've never seen. Congress should force the NSA to make the programs conform to the restrictions set up to police it, or shut them down. It's that simple.