WASHINGTON – Lawmakers and privacy advocates called Friday for reforms and greater transparency in operations of the National Security Agency in response to reports that the highly secretive agency repeatedly violated privacy rules over the years.
The reaction came after The Washington Post reported the violations in Friday’s editions, citing an internal audit and other top-secret documents leaked by former NSA contractor Edward Snowden.
Most of the thousands of infractions each year since Congress granted the agency broad new powers in 2008 involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order.
Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. emails and telephone calls.
The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
The Obama administration has provided almost no public information about the NSA’s compliance record. In June, after promising to explain the NSA’s record in “as transparent a way as we possibly can,” Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. “Every now and then, there may be a mistake,” Cole said in congressional testimony.
The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
In a statement in response to questions for this article, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.”
“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.
“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”
There is no reliable way to calculate from the number of recorded compliance issues how many Americans have had their communications improperly collected, stored or distributed by the NSA.
The causes and severity of NSA infractions vary widely. One in 10 incidents is attributed to a typographical error in which an analyst enters an incorrect query and retrieves data about U.S phone calls or e-mails.
But the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance.
The May 2012 audit, intended for the agency’s top leaders, counts only incidents at NSA’s Fort Meade, Md. headquarters and other facilities in the Washington area.
Three government officials, speaking on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers.
House Minority Leader Nancy Pelosi, D-Calif., said, “Press reports that the National Security Agency broke privacy rules thousands of times per year and reportedly sought to shield required disclosure of privacy violations are extremely disturbing.”
She noted that the law requires that violations be reported to Congress and the Foreign Intelligence Surveillance Court. She said Congress should take steps to ensure violations are not repeated.
Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., who has complained that officials have not been truthful in discussing the scope and effectiveness of the NSA’s surveillance programs, said, “I remain concerned that we are still not getting straightforward answers from the NSA.” He said he will hold another hearing on the issue and will demand “honest” answers from the intelligence community.
“Using advanced surveillance technologies in secret demands close oversight and appropriate checks and balances, and the American people deserve no less than that,” Leahy said.
The New York-based Brennan Center for Justice said the leaked documents “reveal that the NSA’s violations range from serious breaches of the law to careless errors.” It noted that the internal audit exposed more than 2,700 violations from 2011 to 2012, “many of which resulted in illegal surveillance of Americans.”
This surveillance includes several cases of “unauthorized interception and access to U.S. phone calls and e-mails,” the center said, despite the previous insistence of the NSA and the Obama administration that rigorous oversight measures were in place.
“The most recent revelations paint a disturbing picture of misconduct at the NSA and show that current oversight is not enough,” said Faiza Patel, co-director of the Brennan Center’s Liberty and National Security Program. ” Even the secret court charged with reviewing NSA operations has conceded that it doesn’t have the capacity to supervise the agency’s vast intelligence operations. It’s time for a fundamental overhaul of how the NSA operates.”
Barton Gellman of The Washington Post contributed to this story.