The National Security Agency offered these comments on The Washington Post’s article about privacy violations.
In July 2012, Director of National Intelligence [James R.] Clapper declassified certain statements about the government’s implementation of Section 702 in order to inform the public and congressional debate relating to reauthorization of the FISA Amendments Act (FAA). Those statements acknowledged that the Foreign Intelligence Surveillance Court (FISC) had determined that “some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment.”
The FISC’s finding was with respect to a very specific and highly technical aspect of the National Security Agency’s 702 collection. Once the issue was identified and fully understood, it was reported immediately to the FISC and Congress. In consultation with the FISC, the Department of Justice, NSA, and the Office of the Director of National Intelligence worked to address the concerns identified by the FISC by strengthening the NSA minimization procedures, thereby enhancing privacy protections for U.S. persons. The FISC has continued to approve the collection as consistent with the statute and reasonable under the Fourth Amendment.
Read the documents
The only known details of a 2011 ruling that found the NSA was using illegal methods to collect and handle the communications of American citizens.
View a slide used in a training course for NSA intelligence collectors and analysts.
How NSA analysts explain their targeting decisions without giving "extraneous information" to overseers.
Obama administration statement on ‘compliance incident’ statistics.
The NSA communications office, in coordination with the White House and Director of National Intelligence, declined to answer questions about the number of violations of the rules, regulations and court-imposed standards for protecting the privacy of Americans, including whether the trends are up or down. Spokesmen provided the following prepared statement.
Looking over a 3-year period that includes the 1st first quarter 2010 through second quarter 2013, the data for that quarter are above the average number of incidents reported in any given quarter during that period. The number of incidents in a given quarter during that 3-year period ranged from 372 to 1,162. A variety of factors can cause the numbers of incidents to trend up or down from one quarter to the next. They include, but are not limited to: implementation of new procedures or guidance with respect to our authorities that prompt a spike that requires “fine tuning,” changes to the technology or software in the targeted environment for which we had no prior knowledge, unforeseen shortcomings in our systems, new or expanded access, and “roaming” by foreign targets into the U.S., some of which NSA cannot anticipate in advance but each instance of which is reported as an incident. The one constant across all of the quarters is a persistent, dedicated effort to identify incidents or risks of incidents at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.
An NSA interview, rewritten
The Obama administration referred all questions for this article to John DeLong, the NSA’s director of compliance, who answered questions freely in a 90-minute interview. DeLong and members of the NSA communications staff said he could be quoted “by name and title” on some of his answers after an unspecified internal review. The Post said it would not permit the editing of quotes. Two days later, White House and NSA spokesmen said that none of DeLong’s comments could be quoted on the record and sent instead a prepared statement in his name. The Post declines to accept the substitute language as quotations from DeLong. The statement is below.
We want people to report if they have made a mistake or even if they believe that an NSA activity is not consistent with the rules. NSA, like other regulated organizations, also has a “hotline” for people to report — and no adverse action or reprisal can be taken for the simple act of reporting. We take each report seriously, investigate the matter, address the issue, constantly look for trends, and address them as well — all as a part of NSA’s internal oversight and compliance efforts. What’s more, we keep our overseers informed through both immediate reporting and periodic reporting. Our internal privacy compliance program has more than 300 personnel assigned to it: a fourfold increase since 2009. They manage NSA’s rules, train personnel, develop and implement technical safeguards, and set up systems to continually monitor and guide NSA’s activities. We take this work very seriously.