Most of the thousands of infractions each year since Congress granted the agency broad new powers in 2008 involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order.
The violations were recorded in top-secret documents, including an NSA internal audit, provided to The Washington Post this summer by former agency contractor Edward Snowden. Snowden, who is wanted by the U.S. government on espionage charges for leaking classified material, was granted temporary asylum in Russia this month.
“Press reports that the National Security Agency broke privacy rules thousands of times per year and reportedly sought to shield required disclosure of privacy violations are extremely disturbing,” House Minority Leader Nancy Pelosi (D-Calif.) said. She said Congress should take steps to ensure that such incidents are not repeated.
Two leading critics of the surveillance programs said Friday that the administration has long underplayed the programs’ impact on privacy. “We believe Americans should know” that the report of violations “is just the tip of a larger iceberg,” Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) said in a statement.
They also said they “appreciate the candor” of the Foreign Intelligence Surveillance Court chief judge “regarding the court’s inability” to independently verify statements made by the executive branch. The senators are among a number of lawmakers who have sponsored legislation that would limit the scope of the NSA’s surveillance and require stronger oversight.
The White House said in a statement Friday that the “NSA documents being reported on today . . . demonstrate that the NSA is monitoring, detecting, addressing and reporting compliance incidents. “
In a conference call with reporters Friday, NSA Compliance Director John DeLong repeatedly said that the agency takes compliance seriously and that the audit’s existence proved that. “People need to understand there’s no willful violations here,” he said. The mistakes are in the “parts-per-million or parts-per-billion range,” he said. “We really do look for them, detect them and correct them.”
Added DeLong: “No one at NSA, not me or anyone else, thinks they are okay.”
When pressed, he said there have been willful violations, but the number is “minuscule . . . a couple over the past decade.”
He also said the agency makes 20 million queries a month of its databases.
Congressional supporters of the NSA surveillance programs pushed back Friday against the thrust of the Post report. Sen. Dianne Feinstein (D-Calif.), chairman of the Intelligence Committee, said that the committee has never identified an instance of intentional abuse by the NSA. She said the “large majority” of NSA’s “so-called ‘compliance incidents’ are called ‘roaming’ incidents, in which the NSA is collecting the phone or electronic communications of a non-American outside the United States, and that person then enters the United States.”
According to an internal audit from May 2012 that covered the preceding year, 1,904 incidents, or nearly 70 percent of the 2,776 incidents in that year, were “roamers.” The report said those incidents are “largely unpreventable, even with good target awareness and traffic review, since target travel activities are often unannounced and not easily predicted.”
A spokesman for Feinstein said that although the committee does not receive the internal audits, the compliance information is contained in “a more official format” in other reports.
Feinstein also said, however, that the committee “can and should do more to independently verify that NSA’s operations are appropriate.”
Just one week ago, President Obama held a news conference in which he called for a review of surveillance programs and said he would work with Congress to improve public confidence in the oversight conducted by the court.
“What I’m going to be pushing the [intelligence community] to do is rather than have a trunk come out here and leg come out there and a tail come out there, let’s just put the whole elephant out there so people know exactly what they’re looking at,” he said.
Mark Rumold, staff attorney for the Electronic Frontier Foundation, said he was skeptical that the administration will deliver. One test, he said, will be the release of a 2011 surveillance court opinion expected next Wednesday and how heavily it is redacted. The court ruled in that case that a particular NSA collection method violated Americans’ privacy rights. The Post reported Friday that the collection had to do with diversion of large volumes of international data passing through fiber-optic cables in the United States into a repository where the data could be stored temporarily.
Aaron Blake and William J. Branigin contributed to this report.