At a news conference Friday, President Obama insisted that the threat of NSA abuses was mostly theoretical:
If you look at the reports, even the disclosures that Mr. Snowden's put forward, all the stories that have been written, what you're not reading about is the government actually abusing these programs and, you know, listening in on people's phone calls or inappropriately reading people's e-mails.
What you're hearing about is the prospect that these could be abused. Now part of the reason they're not abused is because they're — these checks are in place, and those abuses would be against the law and would be against the orders of the FISC [Foreign Intelligence Surveillance Court].
Today our colleague Barton Gellman released new documents that contradicted Obama's claims.
Gellman obtained an audit of the NSA's compliance record from NSA leaker Snowden earlier this summer. The audit, dated May 2012, counted 2,776 incidents in the preceding 12 months where the agency engaged in "unauthorized collection, storage, access to or distribution of legally protected communications." The audit only covered issues at NSA facilities in the D.C. and Fort Meade areas.
Most of those incidents were unintended, involving either violations of standard operations or failures of due diligence. But others were more serious.
And on at least one occasion, the NSA did not need to report unintended surveillance of Americans:
A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.
Obama said that wasn't supposed to happen because it would be "against the orders of the FISC." So why didn't the judges on the court catch these abuses?
In another story broken by The Post today, the chief of the Foreign Intelligence Surveillance Act (FISA) Court admits he doesn't actually have the capability to investigate the compliance record of NSA surveillance programs:
The FISC is forced to rely upon the accuracy of the information that is provided to the Court [...] The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.
Under the FISA regime, the government doesn't have to seek permission for individual surveillance targets. Instead, it seeks FISC approval for broad schemes of surveillance like PRISM and the phone records program. But that makes it extremely difficult for the FISC to check the court's work, since the NSA can — and, apparently, did — hide misconduct from the court that's supposedly supervising its activities.
Correction: This story originally suggested that the '202' incident involved intercepting the contents of telephone calls. But NSA audit stated that it only involved metadata. We regret the error.