The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since 2008, the Washington Post reported on Thursday, citing an internal audit and other top-secret documents.
Most of the infractions involved unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order, the paper said.
They ranged from significant violations of law to typographical errors that resulted in unintended interception of U.S. emails and telephone calls, it said.
The Post said the documents it obtained were part of a trove of materials provided to the paper by former NSA contractor Edward Snowden, who has been charged by the United States with espionage. He was granted asylum in Russia earlier this month.
The documents included a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance, the paper said. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
In one instance, the NSA decided it need not report the unintended surveillance of Americans, the Post said. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt.
The Post said the NSA audit, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications.
The paper said most were unintended. Many involved failures of due diligence or violations of standard operating procedure. It said the most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
In 2008, the FISA Amendments Act granted NSA broad new powers in exchange for regular audits from the Justice Department and the office of the Director of National Intelligence and periodic reports to Congress and the surveillance court, the Post said.
“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official, speaking on the condition of anonymity, told the Post.
“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”
In what the Post said appeared to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection.
The operation collected and commingled U.S. and foreign emails, the Post said, citing a top-secret internal NSA newsletter. NSA lawyers told the Foreign Intelligence Surveillance Court that the agency could not practicably filter out the communications of Americans.
In October 2011, months after the program got underway, the court ruled that the collection effort was unconstitutional.
Some members of the Senate Intelligence Committee, including Democrat Ron Wyden of Oregon, have been trying for some time to get the NSA to give some kind of accounting of how much data it collects “incidentally” on Americans through various electronic dragnets. The Obama administration has strongly resisted such disclosures.
(Writing by Eric Beech; Editing by David Brunnstrom)