Congress did a review of this program over a four-year period, the Senate Select Committee on Intelligence. And over that four-year period, they found no willful
or knowledgeable violations of the law or the intent of the law in this program.More specifically, they found no one at NSA had ever gone outside the boundaries of what we’ve been given. That’s the fact. What you’re hearing, what you’re seeing, what peopleare saying is, well, they could. The fact is they don’t. And if they did, our auditing tools would detect them, and they would be held accountable.
Our colleague Barton Gellman's reporting revealed that in October 2011 the Foreign Intelligence Surveillance Act (FISA) Court ruled an NSA process collecting data from fiber optic cables was “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion. It ordered the NSA to comply with standard privacy protections or stop the program. This appears to directly contradict Alexander's claim that "no one at NSA had ever gone outside the boundaries" of their authority.
The Post's reporting on the NSA audit also noted that on at least one occasion a major compliance problem was not reported further up the audit chain. In a separate story, the leader of the FISA Court -- which President Obama has cited as a source of transparency in the surveillance programs -- said it does not have the capacity to verify the contents of the audit reports it receives from the NSA.
Alexander's claim that the Intelligence Committees didn't find any NSA wrongdoing may be technically true. But that's only because Congress appears to not have been fulling briefed on the NSA's compliance record. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) reportedly did not receive a copy of the 2012 NSA audit released by Gellman until The Post asked her staff about it. Upon seeing the audit, a statement from her staff said that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”