A National Security Agency internal audit and other top secret documents disclosed by U.S. news media show the agency "has broken privacy rules or overstepped its legal authority thousands of times" each year since Congress granted NSA broad new powers in 2008.
The Washington Post
, which first reported the story, said most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the U.S. - activities restricted by law and presidential orders. The newspaper said the infractions range from "significant violations of law" to typographical errors resulting in the "unintended interception" of U.S. e-mails and telephone calls.
The New York Times
quotes the deputy legal director of the American Civil Liberties Union, Jameel Jaffer, as saying some of the actions by NSA are more troubling than others, but that the sheer number of them is "jaw-dropping."
reported it acquired the secret documents from NSA leaker Edward Snowden weeks ago, and said they include a level of detail and analysis that is "not routinely shared with Congress or the special [U.S.] court that oversees surveillance."
The first account about NSA's activities was posted on-line late Thursday, and it was published in Friday's newspapers in Washington and New York.
An unidentified senior NSA official told The Post,
"We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line." The Times
quoted from an NSA statement that said: "When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers - and aggressively gets to the bottom of it."
One of the documents made public instructs NSA personnel to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
In a statement sent later to The Associated Press, John DeLong, NSA's director of compliance, said: "We want people to report if they have made a mistake or even if they believe that an NSA activity is not consistent with the rules. ... We take each report seriously, investigate the matter, address the issue, constantly look for trends and address them as well - all as a part of NSA's internal oversight and compliance efforts. What's more, we keep our overseers informed through both immediate reporting and periodic reporting.''
NSA apparently decided it did not need to report the unintended surveillance of Americans. The newspaper said a "notable example" in 2008 was the interception of a large number of calls placed from Washington. The Post
said a programming error confused Washington's telephone area code 202 for 20, the international dialing code for Egypt. The newspaper said that, according to a "quality assurance" review, the NSA's oversight staff was not made aware of the interceptions.
cited another case in which the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for "many months." The report says the court ruled the method unconstitutional.
The NSA audit, dated May 2012, said there were 2,776 "incidents" in the preceding 12 months of "unauthorized collection, storage, access to or distribution of legally protected communications." The newspaper said most of the incidents were "unintended," involving "failures of due diligence or violations of standard operating procedure." The newspaper said the "most serious" incidents involved a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders (foreign nationals working in the U.S.).
From the number of recorded compliance issues, The Washington Post
said there is no reliable way to calculate how many American's have had their communications "improperly collected, stored or distributed by the NSA."