An internal NSA audit and other documents leaked by Edward Snowden have revealed widespread privacy violations as a result of the agency’s surveillance efforts, including many supposedly unintended instances of the interception of emails and telephone calls on U.S. soil.
The violations, reported on Friday by the Washington Post, included the collection of metadata for many calls made from Washington, D.C., apparently due to a programming error. In another violation, the NSA tapped fiberoptic cables running through the U.S. for “large volumes of international data”, temporarily storing what it recorded.
The leaked documents show NSA lawyers arguing that it was not practical to filter out the communications of Americans. In total, the May 2012 audit found 2,776 incidents of “unauthorized collection, storage, access to or distribution of legally protected communications” during the preceding year – however, this only covered NSA facilities operating out of the Washington area.
Of the incidents that took place in the first quarter of 2012, the leaked audit said 63 percent were database query incidents that were down to “operator error” (mainly due to inaccurate resources and “due diligence” failures) and 37 percent were the result of “system error” (mainly “limitations”). A rise in incidents in early 2012 “was due to an increase in the number of reported… GSM roamer incidents, which may be attributed to an increase in Chinese travel to visit friends and family for the Chinese Lunar New Year holiday.”
As one document showed, the Foreign Intelligence Surveillance Court (FISC) ruled a new data collection technique unconstitutional, but only after it found out about it months into operation. Responding to the revelations, the NSA said the unconstitutional element of the collection technique in question had been “very specific and highly technical”, and that the strengthening of minimization procedures meant the collection technique could continue lawfully.
The Post quoted a senior NSA official as saying: “We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line.”
Correction (7am PT): This article originally said many calls from the D.C. area had been intercepted. The Post has now revised its story to make clear that it was the calls’ metadata that was collected.