The US National Security Agency (NSA) violated privacy rules protecting the communications of Americans and others on domestic soil 2,776 times in one year, according to an internal audit leaked by former NSA contractor Edward Snowden and made public on Thursday night.
The violations, according to the audit in May last year, stemmed largely from operator and system errors like “inadequate or insufficient research” when selecting wiretap targets.
The largest number of episodes — 1,904 — appeared to be “roamers,” in which a foreigner whose cellphone was being wiretapped without a warrant came to the US, where individual warrants are required.
A spike in such problems in a single quarter, the report said, could be because of Chinese citizens visiting friends and family for the Lunar New Year holiday.
“Roamer incidents are largely unpreventable, even with good target awareness and traffic review, since target travel activities are often unannounced and not easily predicted,” the report says.
The report and several other documents leaked by Snowden were published by the Washington Post. They shed new light on the intrusions into Americans’ privacy that NSA surveillance can entail and how the agency handles violations of its rules.
Snowden, who was recently granted temporary asylum in Russia, is believed to have given the documents to the Post months ago.
The Post, which did not publish every document its accompanying article relied upon, cited other problems as well. In one case in 2008 that was not reported to the Foreign Intelligence Surveillance Court or the US Congress, it said, the system recorded a “large number” of calls dialed from Washington because of a programming error mixing up the district’s area code, 202, with the international dialing code of Egypt, 20.
Jameel Jaffer of the American Civil Liberties Union said that while some of the compliance violations were more troubling than others, the sheer number of them was “jaw-dropping.”
In a statement, the NSA said its surveillance activities “are continually audited and overseen internally and externally.”
“When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers — and aggressively gets to the bottom of it,” the statement said.
Another newly disclosed document included instructions for how NSA analysts should record their rationales for eavesdropping under the FISA Amendments Act (FAA), which allows wiretapping without warrants on domestic networks if the target is a noncitizen abroad. The document said analysts should keep descriptions of why the people they are targeting merit wiretapping to “one short sentence” and avoid details like their names and supporting information.
“While we do want to provide our FAA overseers with the information they need, we DO NOT want to give them any extraneous information,” it said.
A brief article in an internal NSA newsletter offered hints about a known, but little-understood episode in which the Foreign Intelligence Surveillance Court found in 2011 that the NSA had violated the Fourth Amendment.
The newsletter said the court issued an 80-page ruling on Oct. 3, 2011, finding that something the NSA was collecting involving “Multiple Communications Transactions” on data flowing through fiber-optic networks on domestic soil was “deficient on statutory and constitutional grounds.”
In a statement, the NSA said the problem related to “a very specific and highly technical aspect,” which it reported to the court and Congress “once the issue was identified and fully understood.”
Privacy protections for Americans were strengthened, it said, and the court allowed the surveillance to continue.